File sharing is a critical business function for IT infrastructure. Using Samba we can create file shares that are highly available, secure, and accessible by all major operating system platforms (Windows, OS X, and Linux).
In this guide we will create a file share using Ubuntu 14.04. You can use either the Desktop or Server version of Ubuntu and the steps will be identical. We will create a file share for a group called Accounting.
Step 1 – Install Samba
To install Samba I am going to use the “Tasksel” package. Which is a tool that allows us to install multiple packages with a single command.
Tasksel should be installed by default on Ubuntu 14.04 server in the event that you do not have this package we can install it using apt-get.
sudo apt-get update sudo apt-get install tasksel -y
The -y option just tells apt-get to respond yes to any required user interaction during the installation.
We can perform a query with tasksel to determine which packages are available like this:
sudo tasksel --list-tasks
The –list-tasks option will produce a list of all available tasks. The one we are interested in today is “samba-server”.
To install the samba server
sudo tasksel install samba-server
This will install several packages and depending upon your internet connection it could take awhile.
Step 2 – Create Users and Group
If you don’t have an accounting group now would be a good time to create it.
sudo groupadd accounting
Lets create some users and add them to the group.
sudo adduser batman sudo adduser superman
Each time you run this command you will be asked a series of questions that include a Password, Full Name, Room number, and others. They are all optional with the exception of the password which is required.
Now lets add them to our accounting group.
sudo adduser batman accounting sudo adduser superman accounting
Alternatively you can add them to the group by editing the /etc/group file.
Find the line that begins with accounting and append batman,superman to the end of that line.
Lastly we need to make sure that our users have a samba password.
sudo smbpasswd batman sudo smbpasswd superman
I would set the password to match the password that we created when setting up the user accounts for continuities sake.
Step 3 – Create the directory
Lets create a directory to be shared with the Accounting group.
sudo mkdir -p /share/accounting
Next lets ensure that the accounting group owns the file
sudo chown :accounting /share/accounting
Now we will set the permissions to ensure that only the directory owner and group have read, write, and execute permissions on the files that it contains. While also ensuring that all new files inherit the directory group (accounting).
sudo chmod 770 /share/accounting sudo chmod g+s /share/accounting
Step 4 – Configure Samba
First make a copy of the configuration file in case you need to restore the defaults if something goes wrong.
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.ORIGINAL
To configure samba we will need to edit the /etc/samba/smb.conf file.
sudo vim /etc/samba/smb.conf
Move to the end of the file by pressing “shift + g” press “o” to enter insert mode on a new line.
Add the following information to the file.
[Accounting] comment = Share for the Accounting group browsable = yes path = /share/accounting guest ok = no read only = no hosts allow = valid users = +accounting
Save and quit by typing :wq!
What these settings mean
- The top element [Accounting] is the name of the share.
- Comment is the description of the file share you will see this when using ‘net use’ in windows or smbclient on linux/unix
- Browsable makes the share visible to people looking for shares on the server. Changing the yes to a no would make the share invisible meaning that only those who know about it would be able to find it.
- Path is the actual path of the shared directory on the server. In our case /share/accounting
- guest ok is optional in this case because we are using the valid users options. But in essence it means that other users cannot browse the directory.
- The read only option can be used to prevent users from modifying the contents of a directory.
- Using hosts allow we could limit access to the share via computer name.
- The valid users option specifies which users are authorized to map to this share.
Make sure that your file only contains valid information with the following command.
Any settings that samba doesn’t understand will be sent to standard output. Make sure that you pay close attention to spelling. If everything checks out restart the samba service and move on to step 5.
sudo service smbd restart
Step 5 – Open the firewall ports
Samba uses ports 139 and 445
sudo ufw allow 139/tcp sudo ufw allow 445/tcp
Step 6 – Check for the share
On your Ubuntu server you can type:
smbclient -L <ipaddress of server> -U <username>
This command will show you the shares that are available at your server ip address for the user.
On windows you can open the file explorer and enter the path of your server and share for instance:
Enter the password when prompted.
Step 7 – Start Samba at system start up
To start the samba service automatically at reboot enter the following command.
sudo update-rc.d smbd defaults