According to Samba.org , "Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients." Bottom line, samba allows you to share files and directories via Linux and access them on a Windows machine.
Lets walk through a senario where are ultimate goal is to get samba configured quickly and easily. We are not shooting for best practices here. That being said., lets say you are asked to create a CIFS share with the following information. The share that we create must be writable by members of the sambausers group. Other users can only have read access.
- Workgroup: Workgroup1
- Linux Group: sambausers
- CIFS Share Name: /share/samba
Ok Lets get started by installing samba and configuring it to start at boot, then lets start it up.
# yum install samba samba-doc samba-client
# chkconfig smb on && service smb start
There are two ways to do this. You can either do this via the command line, or do this via the system-config-firewall gui. In this instance I am going to do this the quick and dirty way, as our goal here is to get samba up and running quickly. So i launch system-config-firewall gui and select the box next t0 samba to enable access, then save and reload.
Note that these are the lines that are added to /etc/sysconfig/iptables.
-A INPUT -m state –state NEW -m udp -p udp –dport 137 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 138 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 139 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 445 -j ACCEPT
Create Users and Shares
Now its time to add the Linux group sambausers. Note that the -r option below adds sambausers as a system group.
# groupadd -r sambausers
Now lets create a user named "myuser" and stick him in the sambausers group.
# useradd -s /bin/nologin -G sambausers myuser
Once thats done lets create a samba password for "myuser". Lets use "mypassword" as the samba password
# smbpasswd -a myuser
Now lets create our share and change group ownership to sambausers.
# mkdir -p /share/samba
# chgrp sambausers /share/samba
Now set the setgid bit to ensure that all files created in /share/samba inherit the GID of sambausers.
# chmod 2775 /share/samba
Set SELinux context, public_content_t on /share. This will allow you to share files anonymously.
# semanage fcontext -a -t public_content_t '/share(/.*)?'
Set SELInux context, samba_share_t on /share/samba. This allows samba to share this directory. By default SELinux is only configured to allow home directories to be shared via samba right out of the box.
# semanage fcontext -a -t samba_share_t '/share/samba(/.*)?'
Now apply the two semanage commands with restorecon.
# restorecon -vvFR /shared
Editing the SMB.conf
Ok, now we need to actually configure samba. So modify or confirm the following in /etc/samba/smb.conf. Note that each and every one of the configuration items below is documented in the smb.conf
First set the workgroup as seen below
workgroup = workgroup1
Then create the directive to share our directory of /share/samba.
path = /share/samba
write list = @sambausers
read only = yes
guest ok = no
Testing our Configs
Holy Crap, we finally made it. Now lets test with the smbclient command
# smbclient -L localhost -U myuser
This shows us that our share, called samba, does in fact exist.
Sharename Type Comment
——— —- ——-
Now lets connect.
#smbclient //localhost/samba -U myuser
Once connected lets put and touch a few files
smb: \> mkdir testing
smb: \> put /etc/hosts hosts
Awesome, I can see the share, I can access it and I can create files. Mission accomplished.