Samba Server User and Share Management

Introduction

This document outlines the steps for configuring a Samba standalone server, including global settings, share definitions, user and group management, and testing the connection. The examples provided use EXAMPLE as a placeholder for a generic share or user name, and EXAMPLECARP for a specific test share name.

Samba Configuration

The following configuration should be added to your smb.conf file, typically located at /etc/samba/smb.conf.

Global Settings

[GLOBAL]
workgroup = RUMBA
netbios name = RUMBERO
security = user
server role = standalone server
hosts deny = 10.0
invalid users = pere, joan, @salseros

These settings define the server's role, security model, and network access restrictions. The hosts deny = 10.0 entry denies access from the 10.0.0.0/8 network range. The invalid users parameter specifies users who are explicitly denied access to any service.

Share Definition: [EXAMPLE]

[EXAMPLE]
path = /home/EXAMPLE
read only = no
guest ok = yes
browsable = yes
available = yes

This section defines a share named [EXAMPLE]. It specifies the local directory to be shared (/home/EXAMPLE), allows write access (read only = no), permits guest access (guest ok = yes), makes the share visible in network browsing (browsable = yes), and ensures it is active (available = yes).

System User and Group Management

Before configuring Samba users, it's often necessary to set up corresponding system users and groups. The following commands demonstrate how to create a dedicated user and group, set up the shared directory, and add a service user.

Creating a Dedicated User and Group

First, create a system user and a group named EXAMPLE. The user will not have login shell access.

useradd -M -s /usr/sbin/nologin EXAMPLE
addgroup EXAMPLE

Note: The original document had addgroup EXAMPLE repeated twice. It's sufficient to run it once.

Directory Setup and Permissions

Create the directory for the Samba share and set appropriate permissions. The 1777 permission allows all users to read, write, and execute, but only the owner (or root) can delete files in the directory (sticky bit).

mkdir -p /home/EXAMPLE
chmod 1777 /home/EXAMPLE

Adding a Service User

Create another system user, s_EXAMPLE, and assign them to the EXAMPLE group. This user also won't have login shell access.

useradd -M -s /usr/sbin/nologin s_EXAMPLE -g EXAMPLE

Samba User Password Setup

For users to access Samba shares, they need Samba passwords. The following command iterates through a list of usernames and sets a default password for each. It is highly recommended to change these default passwords immediately after setup.

for username in joan pere s_joan s_pere r_joan r_pere e_joan e_pere; do (echo "12345678"; echo "12345678") | /usr/bin/smbpasswd -s -a $username; done

This command adds or updates Samba passwords for joan, pere, s_joan, s_pere, r_joan, and e_joan, and e_pere, setting their password to "12345678".

Testing the Samba Share Connection

You can test the connection to a Samba share using the smbclient utility from the command line. This example attempts to connect to a share named EXAMPLECARP on the local machine as user EXAMPLE.

smbclient //127.0.0.1/EXAMPLECARP -U EXAMPLE

If successful, you should be prompted for the user's Samba password and then gain access to the share's command prompt.