Firslty install the required packages:
sudo dnf install samba samba-client samba-common
We'll use /mnt/backup for the directory we wish to share:
mkdir -p /mnt/backup
Make a backup copy of the existing samba configuration:
sudo cp /etc/samba/smb.conf cp /etc/samba/smb.conf.orig
and adding the following into /etc/samba/smb.conf:
[global]
workgroup = WORKGROUP
netbios name = centos
security = user
[ARCHIVE]
comment = archive share
path = /mnt/backup
public = no
valid users = samba1, @sambausers
writable = yes
browseable = yes
create mask = 0765
*NOTE*: [ARCHIVE] is the share name!
Let's proceed by creating our samba user:
groupadd sambausers
useradd samba1
usermod -G sambausers samba1
smbpasswd -a samba1
Ensure the user / group has the relevant permissions:
chgrp -R sambausers /mnt/backup
chmod -R 0770 /mnt/backup
In my case this didn't work since this directory was a USB hard drive formatted with NTFS - so instead I had to set the group, owner and permissions as part of the mounting process in fstab - my fstab line looked something like:
UUID=XXXXXXXXXXXXXXX /mnt/backup ntfs umask=0077,gid=1001,uid=0,noatime,fmask=0027,dmask=0007 0 0
This ensures the group we created has access to the directory and that normal users do not have access to the files / directories. (You'll need to replace the 'gid' by obtaining the group id with getent or doing a cat /etc/group | grep "<group-name>")
If you have SELinux enabled you will want to change the security context on the directory you wish to export:
sudo dnf -y install policycoreutils-python
sudo chcon -R -t samba_share_t /mnt/backup
sudo semanage fcontext -a -t samba_share_t /mnt/backup
sudo setsebool -P samba_enable_home_dirs on
Enable and start the relevent services:
sudo systemctl enable nmbd
sudo systemctl enable smbd
sudo systemctl start nmbd
sudo systemctl start smbd
While smbd handles the file and printer sharing services, user authentiaction and data sharing; nmbd handles NetBIOS name service requests generated by Windows machines.
Add the relevent firewall rules in:
sudo iptables -t filter -A INPUT -i ethX -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
sudo iptables -t filter -A INPUT -i ethX -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
sudo iptables -t filter -A INPUT -i ethX -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
sudo iptables -t filter -A INPUT -i ethX -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
From a Windows client we can test the share with something like:
cmd.exe
net use \\SERVER\archive
or from *nix using the smbclient utility.
No comments:
Post a Comment