How to install and configure Samba server on CentOS Linux and manupulate with users
For file sharing on Linux systems where is access needed from Windows machines, Samba is default solution and it have a pretty good system for managing users, but is not recommended to use on public servers, but only on the intranet sites of the companies. In this article we will install Samba on CentOS Linux 7, and configure Samba share folder with a few users to access and share a folder with the possibility of use by users who do not have any account (Guest users)
# Global variables for Samba - you need to configure this only once (and modified later if needed) touch /etc/samba/smb.conf if [ `grep "[global]" /etc/samba/smb.conf | wc -l ` -eq 0 ] ; then echo "[global]" >> /etc/samba/smb.conf echo "workgroup = WORKGROUP" >> /etc/samba/smb.conf echo "server string = Samba Server %v" >> /etc/samba/smb.conf echo "netbios name = centos" >> /etc/samba/smb.conf echo "security = user" >> /etc/samba/smb.conf echo "map to guest = bad user" >> /etc/samba/smb.conf echo "dns proxy = no" >> /etc/samba/smb.conf fi cat /etc/samba/smb.conf # Start Samba and put Samba to be started on boot systemctl restart smb.service systemctl restart nmb.service systemctl enable smb.service systemctl enable nmb.service # If you use firewalld - please allow access to Samba (in this case for everyone) firewall-cmd --permanent --zone=public --add-service=samba firewall-cmd --reload # If you use iptables do this # Changing firewall with old and good iptables services you doiung on this way # https://kompjuteras.com/en/how-to-replace-firewalld-with-iptables-in-centos-7/ iptables -I INPUT -p tcp –dport 137 -j ACCEPT iptables -I INPUT -p tcp –dport 138 -j ACCEPT iptables -I INPUT -p tcp –dport 139 -j ACCEPT iptables -I INPUT -p tcp –dport 445 -j ACCEPT service iptables save service iptables restart # Samba install is done, now you need to configure shares and users with steps bellow
Bellow is config where we will make samba share for two users – but that users can delete or modify only own folders (other user can see and copy files to own computer). Here we will use variables so put your values inside
##### SHARE WHERE USERS CAN MANIPULATE ONLY WITH OWN FILES ######### FOLDER_4_SAMBA_FILES="/home/Samba/UserData" #Example SAMBA_USER=draza #Example SAMBA_GROUP=pristup_public #Example SAMBA_SHARE_NAME="User Data Share" #Example #################################################################### # This group will have access to that share groupadd ${SAMBA_GROUP} echo "#============== ${SAMBA_SHARE_NAME} ==============#" >> /etc/samba/smb.conf echo "#Users can manipulate only with own files" >> /etc/samba/smb.conf echo "[${SAMBA_SHARE_NAME}]" >> /etc/samba/smb.conf echo "path = ${FOLDER_4_SAMBA_FILES}" >> /etc/samba/smb.conf echo "valid users = @${SAMBA_GROUP}" >> /etc/samba/smb.conf echo "guest ok = no" >> /etc/samba/smb.conf echo "writable = yes" >> /etc/samba/smb.conf echo "browsable = yes" >> /etc/samba/smb.conf cat /etc/samba/smb.conf # Creating of new Samba user (no shell, no home folder) useradd -M -s /bin/false ${SAMBA_USER} usermod -a -G ${SAMBA_GROUP} ${SAMBA_USER} smbpasswd -a ${SAMBA_USER} # Creating of needed folders for share mkdir -p ${FOLDER_4_SAMBA_FILES} chown -R ${SAMBA_USER}:${SAMBA_GROUP} ${FOLDER_4_SAMBA_FILES} chown nobody:${SAMBA_GROUP} ${FOLDER_4_SAMBA_FILES} chmod 1075 ${FOLDER_4_SAMBA_FILES} chcon -t samba_share_t ${FOLDER_4_SAMBA_FILES} #Selinux - is you using it # If you want full privilege for all Samba users give # thwm this permissions # chmod 0075 ${FOLDER_4_SAMBA_FILES} # ADDING NEW SAMBA USER SAMBA_NEW_USER=peja SAMBA_GROUP=${SAMBA_GROUP} useradd -M -s /bin/false ${SAMBA_NEW_USER} usermod -a -G ${SAMBA_GROUP} ${SAMBA_NEW_USER} smbpasswd -a ${SAMBA_NEW_USER} # Samba restart systemctl restart smb.service systemctl restart nmb.service # Now try access from Windows Explorer with url # \\ip_address_of_samba_server\User Data Share # For adding of new users do step (ADDING NEW SAMBA USER) # with other variables, of course
If you want share where everyone cann access to SAmba share without any kind of login data, you can do it with next config
##### EVERYONE CANN ACCESS TO FOLDER - GUEST FRIENDLY ACCESS ########## PUBLIC_FOLDER_LOCATION="/home/Samba/JavniFolder" #Primer PUBLIC_SAMBA_SHARE_NAME="Public Folder" #Primer ####################################################################### echo "#============== ${PUBLIC_SAMBA_SHARE_NAME} ==============#" >> /etc/samba/smb.conf echo "#Everyone have rw privileges" >> /etc/samba/smb.conf echo "[${PUBLIC_SAMBA_SHARE_NAME}]" >> /etc/samba/smb.conf echo "path = ${PUBLIC_FOLDER_LOCATION}" >> /etc/samba/smb.conf echo "browsable = yes" >> /etc/samba/smb.conf echo "writable = yes" >> /etc/samba/smb.conf echo "guest ok = yes" >> /etc/samba/smb.conf echo "read only = no" >> /etc/samba/smb.conf # Creating of needed folders, permissions and selinux config mkdir -p ${PUBLIC_FOLDER_LOCATION} chmod -R 0777 ${PUBLIC_FOLDER_LOCATION} # Full rw privilege to everyone chown -R nobody:nobody ${PUBLIC_FOLDER_LOCATION} chcon -t samba_share_t ${PUBLIC_FOLDER_LOCATION} # If you already have Samba users and you want to protect them files # from delete/modify from Public Share folder, put this permissions # chmod -R 1777 ${PUBLIC_FOLDER_LOCATION} # Samba restart systemctl restart smb.service systemctl restart nmb.service # Now try from Windows Explorer: \\IP_ADRESA_SAMBA_SERVERA\Public Folder
Edit of curent Samba users you can do with standard Linux permissions or ACL but for Samba users only you can see info or to delete them with next commands
# Listing of all Samba users pdbedit -L -v # If you want to delete some user (in this case user draza) pdbedit -x draza userdel draza