Samba Installation 24.04LTS: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 17: | Line 17: | ||
Now we will create a group to assign to the various shares we are going to create for admin access (read write) | Now we will create a group to assign to the various shares we are going to create for admin access (read write) | ||
groupadd -g 10000 | groupadd -g 10000 smbadmins | ||
We now need to add the users into this group. | We now need to add the users into this group. | ||
Line 42: | Line 42: | ||
<pre> | <pre> | ||
[global] | [global] | ||
workgroup = SCOTTWORLD | |||
server string = %h server (Samba, Ubuntu) | |||
workgroup = SCOTTWORLD | |||
server string = %h server (Samba, Ubuntu) | |||
log file = /var/log/samba/log.%m | log file = /var/log/samba/log.%m | ||
max log size = 1000 | max log size = 1000 | ||
logging = file | |||
panic action = /usr/share/samba/panic-action %d | panic action = /usr/share/samba/panic-action %d | ||
server role = standalone server | |||
obey pam restrictions = yes | |||
server role = standalone server | |||
map to guest = bad user | map to guest = bad user | ||
#========== HIT samba over the head, to disable printing ========= | #========== HIT samba over the head, to disable printing ========= | ||
load printers = no | load printers = no | ||
show add printer wizard = no | show add printer wizard = no | ||
printcap name = /dev/null | printcap name = /dev/null | ||
disable spoolss = yes | disable spoolss = yes | ||
#======================= Share Definitions ======================= | #======================= Share Definitions ======================= | ||
[software] | [software] | ||
path = /srv/data/software | path = /srv/data/software | ||
guest ok = no | guest ok = no | ||
guest only = no | guest only = no | ||
read only = yes | read only = yes | ||
write list = @smbadmins | write list = @smbadmins | ||
force group = smbadmins | force group = smbadmins | ||
create mask = 0775 | create mask = 0775 | ||
directory mask = 2775 | directory mask = 2775 | ||
[media] | [media] | ||
path = /srv/media | path = /srv/media | ||
guest ok = no | guest ok = no | ||
guest only = no | guest only = no | ||
read only = yes | read only = yes | ||
write list = @smbadmins | write list = @smbadmins | ||
force group = plex | force group = plex | ||
force user = plex | force user = plex | ||
create mask = 0775 | create mask = 0775 | ||
directory mask = 2775 | directory mask = 2775 | ||
[torrents] | [torrents] | ||
path = /srv/ | path = /srv/backup/torrents | ||
guest ok = no | guest ok = no | ||
guest only = no | guest only = no | ||
read only = yes | read only = yes | ||
write list = @smbadmins | write list = @smbadmins | ||
force group = debian-transmission | force group = debian-transmission | ||
force user = smbadmin | force user = smbadmin | ||
create mask = 0775 | create mask = 0775 | ||
directory mask = 2775 | directory mask = 2775 | ||
[www] | [www] | ||
path = /srv/data/www | path = /srv/data/www | ||
guest ok = no | guest ok = no | ||
guest only = no | guest only = no | ||
read only = | read only = no | ||
write list = @smbadmins | write list = @smbadmins, smbuser | ||
force group = www-data | force group = www-data | ||
force user = www-data | force user = www-data | ||
create mask = 0775 | create mask = 0775 | ||
directory mask = 2775 | directory mask = 2775 | ||
[backup] | [backup] | ||
path = /srv/backup | path = /srv/backup | ||
guest ok = no | guest ok = no | ||
guest only = no | guest only = no | ||
read only = yes | read only = yes | ||
write list = @smbadmins | write list = @smbadmins | ||
force group = smbadmins | force group = smbadmins | ||
create mask = 0770 | create mask = 0770 | ||
directory mask = 2770 | directory mask = 2770 | ||
[documents] | [documents] | ||
path = /srv/data/documents | path = /srv/data/documents | ||
guest ok = no | guest ok = no | ||
guest only = no | guest only = no | ||
read only = yes | read only = yes | ||
write list = @smbadmins | write list = @smbadmins | ||
force group = smbadmins | force group = smbadmins | ||
create mask = 0775 | create mask = 0775 | ||
directory mask = 2775 | directory mask = 2775 | ||
[drop] | [drop] | ||
path = /srv/data/drop | path = /srv/data/drop | ||
guest ok = no | guest ok = no | ||
guest only = no | guest only = no | ||
read only = no | read only = no | ||
write list = @smbadmins,smbuser | write list = @smbadmins,smbuser | ||
force group = smbadmins | force group = smbadmins | ||
create mask = 0775 | create mask = 0775 | ||
directory mask = 2775 | directory mask = 2775 | ||
</pre> | </pre> | ||
Line 255: | Line 141: | ||
Then restart the samba service. | Then restart the samba service. | ||
service | systemctl start smbd.service |
Latest revision as of 03:09, 19 March 2024
Install Samba and the required services.
apt install samba
Stop the samba service
systemctl stop smbd.service
First we will create a samba user and set a password for Windows users to authenticate. If we want multiple users we can repeat this process.
adduser --disabled-login smbuser adduser --disabled-login smbadmin smbpasswd -a smbuser smbpasswd -a smbadmin
Now we will create a group to assign to the various shares we are going to create for admin access (read write)
groupadd -g 10000 smbadmins
We now need to add the users into this group.
usermod -a -G smbadmins smbadmin
We can also add sysadmin to this group to give it samba RW permissions
usermod -a -G smbadmins sysadmin
Now we need to create the share directory and set its permissions.
chown -R smbadmin:smbadmins /path/to/your/share
Change the file permissions
chmod -R 2775 /path/to/your/share
This will set the group sticky bit so that new files / folder will inherit group permissions.
Modify smb.conf
sudo nano /etc/samba/smb.conf
[global] workgroup = SCOTTWORLD server string = %h server (Samba, Ubuntu) log file = /var/log/samba/log.%m max log size = 1000 logging = file panic action = /usr/share/samba/panic-action %d server role = standalone server obey pam restrictions = yes map to guest = bad user #========== HIT samba over the head, to disable printing ========= load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes #======================= Share Definitions ======================= [software] path = /srv/data/software guest ok = no guest only = no read only = yes write list = @smbadmins force group = smbadmins create mask = 0775 directory mask = 2775 [media] path = /srv/media guest ok = no guest only = no read only = yes write list = @smbadmins force group = plex force user = plex create mask = 0775 directory mask = 2775 [torrents] path = /srv/backup/torrents guest ok = no guest only = no read only = yes write list = @smbadmins force group = debian-transmission force user = smbadmin create mask = 0775 directory mask = 2775 [www] path = /srv/data/www guest ok = no guest only = no read only = no write list = @smbadmins, smbuser force group = www-data force user = www-data create mask = 0775 directory mask = 2775 [backup] path = /srv/backup guest ok = no guest only = no read only = yes write list = @smbadmins force group = smbadmins create mask = 0770 directory mask = 2770 [documents] path = /srv/data/documents guest ok = no guest only = no read only = yes write list = @smbadmins force group = smbadmins create mask = 0775 directory mask = 2775 [drop] path = /srv/data/drop guest ok = no guest only = no read only = no write list = @smbadmins,smbuser force group = smbadmins create mask = 0775 directory mask = 2775
You can run a testparm command to check the samba configuration.
testparm
Then restart the samba service.
systemctl start smbd.service