In this post I describe how you can get Samba to securely serve files from your Linux box in four easy steps, with a 'smb.conf' file just 14 lines long.
I've always found Samba to be unnecessarily complex, and until now, my minimal effort hack was to set up a world-writeable '/share' folder. But necessity calls (my hard drive clucked the click of death last week), and I decided to find a basic Samba setup that does the following: (i) makes my Linux box the unique home for all my files, (ii) allows access to that box from any other OS client, and (iii) manages security and file stamp permissions properly. For the approach I take below, you don't need some GUI control panel, just your text editor of choice.
This procedure was modified from the Samba HOWTO and Reference Guide, specifically the "Secure Read-Write File and Print Server" section. This is the clearest documentation I have found anywhere on the subject.
So here's my setup and goals. My setup is a Linux server named 'kube' running Ubuntu 8 (8.04) with the Samba 3.0 package already installed. My goal is to read and write to my home directory on kube, /home/mdriscol, from my Windows machine (XP or Vista) -- or any other client (Mac OS X) that lives inside my LAN.
Command-line code should be executed by a root-privileged user (via sudo or directly).
1. Create your smb.conf file (typically found at /etc/samba/smb.conf)
Unlike the needlessly complex smb.conf examples you'll find on the web, mine is just a handful of lines. Its split into three sections: the most relevant is the 'homes' section, which contains directives about how the server's home directories are shared (I've commented the file below):
[global] ## global settings
workgroup = WORKGROUP ## sometimes MSHOME
netbios name = KUBE ## name that server is broadcast as
[homes] ## how /home directories are shared
comment = Home Directories
valid users = %S ## %S means 'all Samba users'
read only = No
browseable = No
[public] ## public dir w/ global read/write
comment = Data
path = /export ## make sure this exists
force user = mdriscol ## writes will be assigned this user
force group = mdriscol ## and this group
read only = No
The last section is optional. It's for a public folder that any user can write to, but files will be stamped with a default user and group (in this case, me).
2. Create Samba users. Because Samba keeps its own list of users and passwords, separate from the server's, you must assign Samba passwords to the users in /home (I keep them the same for sanity's sake) by executing the following as root:
smbpasswd -a mdriscol
Repeat this for any other users whose home directories you wish to make accessible.
3. Restart the Samba service
/etc/init.d/samba restart
4. Login from your client of choice
For Windows, open up the run prompt with [Windows-Key]-run and enter "\\KUBE" - the netbios name you gave your server. Login with your Samba password. Huzzah - it works!
Now you have seamless, secure access to a centralized file server.
Future steps for me: (i) Since this entire process was motivated by a hard disk crash, I plan to set up nightly incremental backups of my Ubuntu file server, and (ii) some simple jiggering should allow me to mount this volume remotely anywhere I go.
1 comment:
Excellent write-up -- a refreshingly simple approach compared to what I've found out there.
If you're interested in doing nightly backups to a remote server, considering setting up a cron job that runs 'rsync' tool.
Post a Comment