Linux File Server

linux-serverFile sharing is a critical business function for IT infrastructure. Using Samba we can create file shares that are highly available, secure, and accessible by all major operating system platforms (Windows, OS X, and Linux).

In this guide we will create a file share using Ubuntu 14.04. You can use either the Desktop or Server version of Ubuntu and the steps will be identical. We will create a file share for a group called Accounting.

Step 1 – Install Samba

To install Samba I am going to use the “Tasksel”  package. Which is a tool that allows us to install multiple packages with a single command.

Tasksel should be installed by default on Ubuntu 14.04 server in the event that you do not have this package we can install it using apt-get.

sudo apt-get update
sudo apt-get install tasksel -y

The  -y option just tells apt-get to respond yes to any required user interaction during the installation.

We can perform a query with tasksel to determine which packages are available like this:

sudo tasksel --list-tasks

The –list-tasks option will produce a list of all available tasks. The one we are interested in today is “samba-server”.

To install the samba server

sudo tasksel install samba-server

This will install several packages and depending upon your internet connection it could take awhile.

Step 2 – Create Users and Group

If you don’t have an accounting group now would be a good time to create it.

sudo groupadd accounting

Lets create some users and add them to the group.

sudo adduser batman
sudo adduser superman

Each time you run this command you will be asked a series of questions that include a Password, Full Name, Room number, and others. They are all optional with the exception of the password which is required.

Now lets add them to our accounting group.

sudo adduser batman accounting
sudo adduser superman accounting

Alternatively you can add them to the group by editing the /etc/group file.

sudo vigr

Find the line that begins with accounting and append batman,superman to the end of that line.

Lastly we need to make sure that our users have a samba password.

sudo smbpasswd batman
sudo smbpasswd superman

I would set the password to match the password that we created when setting up the user accounts for continuities sake.

Step 3 – Create the directory

File Folder

Lets create a directory to be shared with the Accounting group.

sudo mkdir -p /share/accounting

Next lets ensure that the accounting group owns the file

sudo chown :accounting /share/accounting

Now we will set the permissions to ensure that only the directory owner and group have read, write, and execute permissions on the files that it contains. While also ensuring that all new files inherit the directory group (accounting).

sudo chmod 770 /share/accounting
sudo chmod g+s /share/accounting

Step 4 – Configure Samba

First make a copy of the configuration file in case you need to restore the defaults if something goes wrong.

sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.ORIGINAL

To configure samba we will need to edit the /etc/samba/smb.conf file.

sudo vim /etc/samba/smb.conf

Move to the end of the file by pressing “shift + g” press “o” to enter insert mode on a new line.

Add the following information to the file.

[Accounting]
   comment = Share for the Accounting group
   browsable = yes
   path = /share/accounting
   guest ok = no
   read only = no
   hosts allow =
   valid users = +accounting

Save and quit by typing :wq!

What these settings mean

  1. The top element [Accounting] is the name of the share.
  2. Comment is the description of the file share you will see this when using ‘net use’ in windows or smbclient on linux/unix
  3. Browsable makes the share visible to people looking for shares on the server. Changing the yes to a no would make the share invisible meaning that only those who know about it would be able to find it.
  4. Path is the actual path of the shared directory on the server. In our case /share/accounting
  5. guest ok is optional in this case because we are using the valid users options. But in essence it means that other users cannot browse the directory.
  6. The read only option can be used to prevent users from modifying the contents of a directory.
  7. Using hosts allow we could limit access to the share via computer name.
  8. The valid users option specifies which users are authorized to map to this share.

Make sure that your file only contains valid information with the following command.

testparm

Any settings that samba doesn’t understand will be sent to standard output. Make sure that you pay close attention to spelling. If everything checks out restart the samba service and move on to step 5.

sudo service smbd restart

Step 5 – Open the firewall ports

Samba uses ports 139 and 445

sudo ufw allow 139/tcp
sudo ufw allow 445/tcp

 Step 6 – Check for the share

On your Ubuntu server you can type:

smbclient -L <ipaddress of server> -U <username>

This command will show you the shares that are available at your server ip address for the user.

On windows you can open the file explorer and enter the path of your server and share for instance:

\\serveripaddress\accounting

Enter the password when prompted.

Step 7 – Start Samba at system start up

To start the samba service automatically at reboot enter the following command.

sudo update-rc.d smbd defaults

 

One thought on “Linux File Server

Leave a Reply