How to install and configure Samba server on CentOS Linux and manupulate with users

For file sharing on Linux systems where is access needed from Windows machines, Samba is default solution and it have a pretty good system for managing users, but is not recommended to use on public servers, but only on the intranet sites of the companies. In this article we will install Samba on CentOS Linux 7, and configure Samba share folder with a few users to access and share a folder with the possibility of use by users who do not have any account (Guest users)

# Global variables for Samba - you need to configure this only once (and modified later if needed)
touch /etc/samba/smb.conf
if [ `grep "[global]" /etc/samba/smb.conf | wc -l ` -eq 0 ] ; then 
echo "[global]" >> /etc/samba/smb.conf 
echo "workgroup = WORKGROUP" >> /etc/samba/smb.conf 
echo "server string = Samba Server %v" >> /etc/samba/smb.conf 
echo "netbios name = centos" >> /etc/samba/smb.conf 
echo "security = user" >> /etc/samba/smb.conf
echo "map to guest = bad user" >> /etc/samba/smb.conf 
echo "dns proxy = no" >> /etc/samba/smb.conf
fi
cat /etc/samba/smb.conf

# Start Samba and put Samba to be started on boot
systemctl restart smb.service
systemctl restart nmb.service
systemctl enable smb.service
systemctl enable nmb.service

# If you use firewalld - please allow access to Samba (in this case for everyone)
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload

# If you use iptables do this
# Changing firewall with old and good iptables services you doiung on this way
# https://kompjuteras.com/en/how-to-replace-firewalld-with-iptables-in-centos-7/
iptables -I INPUT -p tcp –dport 137 -j ACCEPT
iptables -I INPUT -p tcp –dport 138 -j ACCEPT
iptables -I INPUT -p tcp –dport 139 -j ACCEPT
iptables -I INPUT -p tcp –dport 445 -j ACCEPT
service iptables save
service iptables restart

# Samba install is done, now you need to configure shares and users with steps bellow

Bellow is config where we will make samba share for two users – but that users can delete or modify only own folders (other user can see and copy files to own computer). Here we will use variables so put your values inside

##### SHARE WHERE USERS CAN MANIPULATE ONLY WITH OWN FILES #########
FOLDER_4_SAMBA_FILES="/home/Samba/UserData" #Example
SAMBA_USER=draza #Example
SAMBA_GROUP=pristup_public #Example
SAMBA_SHARE_NAME="User Data Share" #Example
####################################################################

# This group will have access to that share
groupadd ${SAMBA_GROUP}

echo "#============== ${SAMBA_SHARE_NAME} ==============#" >> /etc/samba/smb.conf
echo "#Users can manipulate only with own files" >> /etc/samba/smb.conf
echo "[${SAMBA_SHARE_NAME}]" >> /etc/samba/smb.conf
echo "path = ${FOLDER_4_SAMBA_FILES}" >> /etc/samba/smb.conf
echo "valid users = @${SAMBA_GROUP}" >> /etc/samba/smb.conf
echo "guest ok = no" >> /etc/samba/smb.conf
echo "writable = yes" >> /etc/samba/smb.conf
echo "browsable = yes" >> /etc/samba/smb.conf
cat /etc/samba/smb.conf

# Creating of new Samba user (no shell, no home folder)
useradd -M -s /bin/false ${SAMBA_USER}
usermod -a -G ${SAMBA_GROUP} ${SAMBA_USER}
smbpasswd -a ${SAMBA_USER}

# Creating of needed folders for share
mkdir -p ${FOLDER_4_SAMBA_FILES}
chown -R ${SAMBA_USER}:${SAMBA_GROUP} ${FOLDER_4_SAMBA_FILES}
chown nobody:${SAMBA_GROUP} ${FOLDER_4_SAMBA_FILES}
chmod 1075 ${FOLDER_4_SAMBA_FILES}
chcon -t samba_share_t ${FOLDER_4_SAMBA_FILES} #Selinux - is you using it

# If you want full privilege for all Samba users give
# thwm this permissions
# chmod 0075 ${FOLDER_4_SAMBA_FILES}

# ADDING NEW SAMBA USER
SAMBA_NEW_USER=peja
SAMBA_GROUP=${SAMBA_GROUP}
useradd -M -s /bin/false ${SAMBA_NEW_USER}
usermod -a -G ${SAMBA_GROUP} ${SAMBA_NEW_USER}
smbpasswd -a ${SAMBA_NEW_USER}

# Samba restart
systemctl restart smb.service
systemctl restart nmb.service

# Now try access from Windows Explorer with url
# \\ip_address_of_samba_server\User Data Share

# For adding of new users do step (ADDING NEW SAMBA USER)
# with other variables, of course

If you want share where everyone cann access to SAmba share without any kind of login data, you can do it with next config

##### EVERYONE CANN ACCESS TO FOLDER - GUEST FRIENDLY ACCESS ##########
PUBLIC_FOLDER_LOCATION="/home/Samba/JavniFolder" #Primer
PUBLIC_SAMBA_SHARE_NAME="Public Folder" #Primer
#######################################################################

echo "#============== ${PUBLIC_SAMBA_SHARE_NAME} ==============#" >> /etc/samba/smb.conf
echo "#Everyone have rw privileges" >> /etc/samba/smb.conf
echo "[${PUBLIC_SAMBA_SHARE_NAME}]" >> /etc/samba/smb.conf
echo "path = ${PUBLIC_FOLDER_LOCATION}" >> /etc/samba/smb.conf
echo "browsable = yes" >> /etc/samba/smb.conf
echo "writable = yes" >> /etc/samba/smb.conf
echo "guest ok = yes" >> /etc/samba/smb.conf
echo "read only = no" >> /etc/samba/smb.conf

# Creating of needed folders, permissions and selinux config
mkdir -p ${PUBLIC_FOLDER_LOCATION}
chmod -R 0777 ${PUBLIC_FOLDER_LOCATION} # Full rw privilege to everyone
chown -R nobody:nobody ${PUBLIC_FOLDER_LOCATION}
chcon -t samba_share_t ${PUBLIC_FOLDER_LOCATION}
# If you already have Samba users and you want to protect them files
# from delete/modify from Public Share folder, put this permissions
# chmod -R 1777 ${PUBLIC_FOLDER_LOCATION} 

# Samba restart
systemctl restart smb.service
systemctl restart nmb.service

# Now try from Windows Explorer: \\IP_ADRESA_SAMBA_SERVERA\Public Folder

Edit of curent Samba users you can do with standard Linux permissions or ACL but for Samba users only you can see info or to delete them with next commands

# Listing of all Samba users
pdbedit -L -v
# If you want to delete some user (in this case user draza)
pdbedit -x draza
userdel draza