Sharing Files with Windows using Samba

 samba

Unfortunately, Windows can’t connect to NFS, so we have to set up a Samba server. Samba is an open-source implementation of the SMB (Server Message Block) protocol that’s the standard method of file sharing for Windows computers. It allows us to share our unix files and printers to a networked windows computer. It’s actually really simple to set up, as there are not too terribly many options for a windows network.

Installing Samba

We install Samba with apt-get as we have almost everything else so far:

sudo apt-get update && sudo apt-get install dbus samba

once it installs, we can access samba from Webmin. You may have to “Refresh Modules” to get it to show up, but it will be in [Servers → Samba Windows File Sharing]. It should look like this:

Samba

Creating Users

Before we can create a File Share, we need to create a couple users to access it, since I doubt you want to give your personal password to anyone wishing to access the file share. We’ll go ahead and do this from the command line as it’s quicker. If you’re only creating the user for use with Samba, then you can just:

sudo useradd -g users -G lp [nameofnewuser] -M

the -M tells useradd not to create a home directory for the user. So if you’re planning on sharing /home so that each user has a separate share, obviously you should leave this off. Note that you don’t need to give this user a system password, since they won’t be logging on the server. We will just give them a samba password later.

If you want your user to have no administrative rights, but otherwise be able to log in to the server normally, run this command:

sudo useradd -g users -G audio,floppy,lp,games -s /bin/bash [nameofnewuser]

and then give them a password by running:

passwd [nameofnewuser]

to give the new user full administrative privileges run:

useradd -m -g users -G audio,lp,video,wheel,games,power -s /bin/bash [nameofnewuser]

and then give them a password as above.

Converting our UNIX Users to Samba Users

From the Samba Page in Webmin (Servers → Samba Windows File Sharing), click on the convert UNIX Users to Samba Users Button. The default settings are fine, so go ahead and click “convert.” It may take a minute to process your users, then you can click “return to shares.”

Now we need to give our new Samba Users passwords. Click on Edit Samba users and passwords. Here you must click on the name of each user you wish to give samba access, select “New Password” and type their password in the field.

At this point our Users are all set up, so we can start creating our samba shares.

Creating a Samba Share

To create a new file share we can go ahead and hit Create a new file share underneath the list of your serves on the Samba Page in Webmin. It will take you to a page that looks like this:

Create a New File Share

From here you can enter your settings:

  • Share Name: This is the name that will appear on the share in your workgroup, so choose something that makes sense: “Media Share” or “Document Share” or something similar.
  • Directory to Share: if you click the “…” button you can browse to the folder you would like to make available.
  • Create with owner: Change this to your username.
  • Create with group: change this to “users”.
  • Share Comment: this is the description that will appear on the file share.

Once you’re done you can hit “Create.” when you get back to the samba screen, click on the name of the Share you just created so we can change a couple settings. In Security and Access Control change Writeable to “yes.” In File Permissions, Change New Unix File Mode to 775 and New Unix Folder Mode to 775. This will make it so that any files or folders created through samba are editable by anyone in the group of the file’s creator, which should be users. When you’re finished, go ahead and return to the main Samba Page and click on Restart Samba Servers to apply the changes.

That’s it. from “Network” in your “My Computer” You should be able to see your Samba Shares and Log-in to them with the credentials we created earlier.

Changing Permissions With Numbers

Remember the reference to the shorthand method of chmod? Here is another way to change permissions; it may seem a little complex at first.

Go back to the original permissions for sneakers.txt (type ls -l sneakers.txt).

-rw-rw-r--    1 newuser newuser     150 Mar 19 08:08 sneakers.txt

Each permission setting can be represented by a numerical value:

  • r = 4
  • w = 2
  • x = 1
  • – = 0

When these values are added together, the total is used to set specific permissions.

For sneakers.txt, here are the numerical permissions settings:

 -  (rw-)   (rw-)  (r--)
      |       |      |
    4+2+0   4+2+0  4+0+0

The total for the user is six, the total for the group is six and the total for others is four. The permissions setting, then, is read as 664.

If you want to change sneakers.txt so those in your group will not have write access, but can still read the file (as shown in Figure 10-16), remove the access by subtracting 2 from that set of numbers.

The numerical values, then, would become six, four, and four — or 644.

So type:

chmod 644 sneakers.txt

Check the changes by listing the file (ls -l sneakers.txt):

-rw-r--r--    1 newuser newuser     150 Mar 19 08:08 sneakers.txt

Figure 10-16. Removing Group Write Permissions

Now, neither the group nor others have write permission to sneakers.txt. To return the group’s write access for the file, add the value of w (2) to the second set of permissions.

chmod 664 sneakers.txt
Warning Beware 666 and 777
Setting permissions to 666 or 777 will allow everyone to read and write to a file or directory. These permissions could allow tampering with sensitive files, so in general, it is not a good idea to use these settings.

Here is a list of some common settings, numerical values and their meanings:

  • -rw------- (600) — Only the owner has read and write permissions.
  • -rw-r--r-- (644) — Only the owner has read and write permissions; the group and others can read only.
  • -rwx------ (700) — Only the owner has read, write and execute permissions.
  • -rwxr-xr-x (755) — The owner has read, write and execute permissions; the group and others can only read and execute.
  • -rwx--x--x (711) — The owner has read, write and execute permissions; the group and others can only execute.
  • -rw-rw-rw- (666) — Everyone can read and write to the file. (Be careful with these permissions.)
  • -rwxrwxrwx (777) — Everyone can read, write and execute. (Again, this permissions setting can be hazardous.)

Here are some common settings for directories:

  • drwx------ (700) — Only the user can read, write in this directory.
  • drwxr-xr-x (755) — Everyone can read the directory, but its contents can only be changed by the user.