We all know what Windows File Sharing is, sometimes known as SMB (Server Message Block) or CIFS (Common Internet File System). Samba is the equivalent and compatible server for file sharing on Linux. Samba allows you to deploy network shares that are accessible on Windows, Linux and all platforms that support CIFS (Common Internet File System) or SMB. CIFS is a dialect of SMB, but basically the same. Managing users and share permissions on Windows is almost always done via the GUI, whereas on Linux we’ll have to edit a configuration file. In this article I’ll explain how to setup a Samba share, and add users to your Linux system to safely share content and manage permissions.

Install Samba

First we need to install Samba. This is the server we’ll be running. Samba also comes with the tools needed to further setup users which we’ll need in the next step. To install Samba and make it run on startup run sudo apt install samba and then sudo systemctl enable smbd

We will configure Samba later on. For now continue adding users.

Add new (non-login) users to Linux

Before we can tell the Samba server to give specific users permissions on shared folders we need accounts for those users. It can be confusing but it is good to know there are 2 users databases in this case: the Linux user, and the SMB user. Both need to exist to set share permissions. The first step is to add a new Linux system user. In this specific case we’ll add a non-login user (or system user). This means the user will not be able to login via SSH and has no further access to the system.

sudo adduser <username> --system --no-create-home --disabled-login

We now have a new Linux user. Notice that the system did not prompt for a password. The next step is to create a Samba user. Now we will set a password. Run the following command:

sudo smbpasswd -a <username>

Provide a password for the user when asked.

Configure Samba and create shares

Now we can setup a Samba share. Edit /etc/samba/smb.conf , and scroll to the end of the file.

Add a section like this to create a share:

[Pictures]
comment = Pictures
path = /media/Pictures
browseable = yes
read only = yes
guest ok = yes
write list = stijn

The options are self explanatory. Use the path directive to specify the location of your share. Furthermore you can use several security options to set the permissions. See the table below for the available options.

OptionParametersFunctionDefaultScope
admin usersstring (list of usernames)Specifies a list of users who can perform operations as root.NoneShare
valid usersstring (list of usernames)Specifies a list of users that can connect to a share.NoneShare
invalid usersstring (list of usernames)Specifies a list of users that will be denied access to a share.NoneShare
read liststring (list of usernames)Specifies a list of users that have read-only access to a writable share.NoneShare
write liststring (list of usernames)Specifies a list of users that have read-write access to a read-only share.NoneShare
max connectionsnumericalIndicates the maximum number of connections for a share at a given time.0Share
guest only (only guest)booleanSpecifies that this share allows only guest access.noShare
guest accountstring (name of account)Names the Unix account that will be used for guest access.nobodyShare
guest okbooleanSpecifies that this share allows guest usersnoShare
List of Samba security settings to protect a share

To create a share that is not accessible for guests, but only specific users use the following settings:

browseable = yes
read only = no
guest ok = no
write list = stijn
valid users = stijn

That’s it! You’re done setting up shares. If you have permission errors please make sure to check file and folder permission on the actual folder. I do not recommend this, but a quick and dirty work-around is to apply world read and write permissions on your data (chmod 777 -R /path/to/data). This can be useful to check if your Samba server is working correctly.

Categorieën: LinuxTech