In a similar manner, permissions can be at the group-level by specifying the group with a preceeding symbol. This allows shares to be made user-specific by adding the users into the " valid users" and " write list" entries of the "/etc/samba/smb.conf" file. As shown previously, existing Linux users can be made into Samba users by issuing the " smbpasswd -a" command. The basic user security model for Samba is quite simple. # mount -t cifs -o rw,username=dev1,password=dev1 //192.168.0.190/devshare /u01/dev1įrom another machine, mount the share as the "dev2" user and edit the file created previously. Notice the 0770 permissions again, so users don't accidentally create files that can't be amended by other members of the group.įrom another machine, mount the share as the "dev1" user and create a file. The permissions are set to "g+rwx" (0770), since the group is the defining factor in accessing data in this directory.Īdd the following share into the "/etc/samba/smb.conf" file. Uid=502(dev2) gid=505(dev2) groups=505(dev2),506(developers)Ĭreate a directory to own the shared files, making sure its group is set correctly. This section describes the steps necessary to create Samba shares suitable for group collaboration.Ĭreate a group that will act as the owner of the shared files.Ĭreate some users that are assigned to the "developers" group. Create Network Shares for Group Collaboration The next section shows a worked example, so this should make things a little clearer. Remember to reload the configuration, or restart the smb service for the changes to take effect. Valid users = john_doe list = john_doe = /u01 The following example defines a share accessible to a user called "john_doe" and members of the "developers" group. More detailed information is available using the " man smb.conf" or " info smb.conf" commands. # A publicly accessible directory, but read only, except for people in The "/etc/samba/smb.conf" file contains an example share definition towards the bottom of the file. In RHEL5 and Fedora distributions you can use a GUI tool called system-config-samba, but this has been removed from RHEL6. Shares are created by editing the "/etc/samba/smb.conf" file. More information on SELinux can be found here. You can check the current context setting on files and directories using the "ls -alZ" command. # semanage fcontext -a -t samba_share_t "/u01(/.*)?" The samba_share_t context should be assigned to all content. The setsebool command is used to set a specific boolean value. The SELinux booleans associated with the Samba service are displayed using the getsebool command. If you are using SELinux, you will need to consider the following points. Iptables -A INPUT -p tcp -dport 445 -j ACCEPT SELinux Iptables -A INPUT -p tcp -dport 139 -j ACCEPT Iptables -A INPUT -p tcp -dport 138 -j ACCEPT Iptables -A INPUT -p tcp -dport 137 -j ACCEPT Iptables -A INPUT -p tcp -dport 135 -j ACCEPT Assuming you are using a firewall setup file, as described here, you can include the following additions to the INPUT chain. The Samba documentation suggest opening 3 additional ports also. If you are using the Linux firewall, you need to open ports 139 and 445 specifically. Configuration changes have to be followed by a reload or a restart of the smb service. Samba is configured by altering the contents of the "/etc/samba/smb.conf" and "/etc/samba/smbusers" files. Turn on the Samba server and make sure it starts automatically on reboot. The Samba service is installed from a Yum repository using the following command.