Thursday, September 7, 2006
10:55 AM

Samba explained

I'm done setting up samba server as instructed by my boss 2 weeks ago. The mystery of SAMBA have been revealed :). I never done this before. I mean I've never done setting up one for 'production' server. I learnt a lot from internet by googling and asking on a Linux forum to get hints. I wanna share a few tips here for us.

My setup
The first thing to configure is smb.conf. I use Slackware 10.2. This file is located in /etc/samba. For your distro, you should check in /etc or /etc/samba. This file is divided into 2 categories:

  1. global setting [global]
  2. share definitions (this is where you define your sharing directories)
Let's discuss them in turn

global setting[global]

workgroup - specify workgroup of your machine
server string - specify server string ie Samba server
security - specify your security here ie share or user. share is suitable for home use. user is more secure. You have to specify username and password when you want to connect to this samba server.
hosts allow - ie 192.168.0.0/24 or 10.0.0.0/16 , specify LAN clients allowed to connect. You may want to add localhost too ie 127.0.0.1
wins server - specify WINS server to be used by this samba server for faster NetBIOS name resolution ie 192.168.0.11

There are more directives to be set but I concentrate for simple setup only.

Share Definitions
Here you can specify what directory you want to make sharing. Look at this example:

[homes]
comment = Home Directories
browseable = No
writable = Yes

[public]
comment = For Public Consumption
path = /home/samba/public
public = Yes
writable = Yes
printable = No
writelist = @staff
browseable = Yes

[Finance]
comment = Finance's Stuff
path = /home/samba/finance
valid users = @finance
public = no
writable = no
printable = no
browseable = yes
write list = @finance
create mask = 0660
directory mask = 0770
force group = @finance

------
for [Homes], it is the home directory of the user if they logged in. browseable = No states that the directory is not browseable by other users or hidden. writable = yes states that the user is given read and write permissions.

for [public], the path for this folder is /home/samba/public. You have to make sure that this directory exist and make sure the permission is set as below:

drwxrwxr-x  root staff  /home/samba/public

this ensure that the staff group has write permission as stated by writelist = @staff. The other directives are self-explanatory.

For [finance], the path is /home/samba/finance and valid users = @finance states that only users in finance group can enter/access this directory and write list = @finance ensures that only users in finance group have read and write permissions. The "create mask" and "directory mask" ensure new and modified files and directories retain their correct permissions, and the "force group" causes all file read/writes to be the group finance regardless of what the user's primary group is, ensuring that all members can read/write/modify files. permissions. You should set the directory as :

drwxrwx---  root finance  /home/samba/finance

These are the tips that I got when I was setting up the samba server. I hope it can be useful to anyone who wanna setup a simple samba server in a LAN more secure by setting up the sharing directories correctly.

You can extend the above setup as you grasp the key concept above. The permissions of Linux directories should satisfy what you state in smb.conf or the other way around :). Otherwise it will make no sense.

Lastly, to restart the samba server , issue this command :

/etc/rc.d/rc.samba restart

or (if you use Fedora, Redhat or Mandriva)

service smbd restart

Have nice day!

0 comments:

Post a Comment