Setting up Simple Samba File Shares

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

have you ever wanted to share a file on your local area network with another user and make that file available with no network restrictions no authentication and found no easy way to do that in this video i'm going to show you guys a method of creating a public file share that you can use to give others on your lan easy access to your files for this specifically we're going to be using samba and i'm going to walk you through all of the configuration in this video so don't worry about complexity i'm going to make it very easy and again this is for a file share that you want to be publicly available so you definitely don't want to store anything protected or anything with personally identifiable information in this share but in the situation where you want to make a file easily available for others to download well that's what we're going to tackle in today's video [Music] so here i am on my laptop and i've used ssh to connect to a virtual machine running ubuntu server and this is actually the same vm that i used in the installation overview video for ubuntu server that i have previously uploaded to my channel so if you want to go ahead and see the installation process for ubuntu server then you can go ahead and check out that video so the first thing we need to do is actually go ahead and install samba so we'll run sudo apt update make sure that our repository index is completely up to date type in our super secret password so now that that's out of the way we can run sudo apt install samba and don't worry about memorizing these commands because i will have a link in the description below this video that will take you to a wiki page where you can go ahead and copy and paste all of the commands and also grab the config files that i've used in this video as well but anyway i'll press enter and then i'll just press enter again to accept the defaults now the installation was a success we can ignore this failed message right here that has to do with the active directory domain controller service and we're not going to be using that in this video but if we wanted to go ahead and use that we would need to customize that to get that running that's beyond the scope but i'll clear the screen here and let's make sure that the samba service is actually running so if we run system ctl status smbd just like that we could see that the service is active and running and we can also see that the service is enabled which means that anytime we start our server or desktop laptop whatever you are installing samba on it's going to automatically start that service for us every time it boots up so there really isn't anything there that we should need to do to get that running it's already running but we do have to actually edit the configuration because the defaults here are not actually going to be adequate for what we want to accomplish in this video so i'll clear the screen and let's go ahead and change directory into the slash etsy samba directory and if we take a look at the contents here you'll see that we have this smb.conf file right here and this file here is actually the main configuration file for samba and it's also what we'll be spending the most time editing during this video but we can go ahead and take a look at it and this file here is quite long so i'm not going to go over the entire thing basically there are some configuration options here that we can change for example on this line right here we can change the work group name which might be of interest if you use a specific workgroup name on a windows network for example now i'm more of a fan of creating a config file from scratch and i know that sounds a lot harder but i'm going to go ahead and walk you through it since we will be creating our own configuration file we don't actually need this smb.conf file right here but we don't want to delete it because it has a lot of sample context in there that we might want to use later on down the road so we'll use sudo and then we can use mv for move and we're going to go ahead and move that config file to some other name just like that now samba no longer has a configuration file so let's go ahead and stop the service and then we can go ahead and check the status make sure that it stopped and you can see right here it says inactive dead so we're good to go now what we can do is go ahead and create the configuration file so with sudo we'll do nano smb.conf the original file name which no longer exists so we have an empty window here so what i'm going to do right now is basically give you guys some syntax and walk you through creating the file for the context of this video first of all we need to create a global section and in brackets we have stanzas basically different sections of the configuration file so here we're basically going to set up some options that will apply to the entire implementation of samba and the first thing we can go ahead and add here is a server string in lowercase and then we're going to set that equal to well basically anything you want so what i like to do is set the server string to be equal to you know some kind of context or description you can basically type whatever you want you can say you know something like downstairs server for example and that's perfectly valid now i'm going to set mine to simply file server just like that then on the next line we can go ahead and set a work group name so simply work group and lower case we can set that equal to whatever your work group name is going to be or currently is the default is work group just like this and that might be okay maybe you want to leave it as work group that's totally fine but think of all the servers in your house or your office or wherever you are and this is completely arbitrary you can name your work group basically anything you want to there is a character limit so you want to kind of keep it short but work group as i have here is the default that's fine but if you think about your you know business your home your home office wherever your network is you can actually build some context here and have different work groups and if you do customize this then you want to remember to go ahead and change the work group name on all of the computers or other servers that you may have that you want to be a part of this work group so i'm going to change the name to lltv just like that and again you can name yours whatever you'd like here we're setting the security to user there are other options for this that are beyond the scope of this video but basically if you have a windows domain or an active directory server you can use that user level security you know it's not the best when it comes to security and there's some challenges with this but on a smaller network it's really not going to matter it basically is going to use whatever the user security is on whatever you're connecting to simply username password things like that but it's not going to have any federated users or synchronized passwords or anything like that because every server every computer is going to have its own user database but that's fine for the purposes of this video next option we are going to add here is to guest we're going to set that equal to bad user effectively what this means is that a user account will not be required for this connection and that basically is in line with the context of the video where we are setting up a samba server that actually has wide open shares now again you definitely don't want to save any secure private or important files in a shared wide open directory but here we're setting it to bad user because we really don't care if the person that is connecting actually has a valid user account next we're going to do name resolve order we're going to set this to broadcast which is abbreviated then host so be cast and then host so for the name resolve order it's basically just setting the order in which it's going to check for host names and it's going to check broadcast first and then host in this context is referring to the etsy hosts file so basically if the host name is being broadcasted by wins it's going to find it that way but if it doesn't find it that way it's going to fall back to the etsy host file but when it comes to name resolution in windows that's beyond the scope of this video but this right here should work for you guys so that's what i recommend setting this to and finally we're going to type include we're going to set that equal to etsy samba shares.conf so basically i'm including another file in this config file and you don't have to do this you can actually include all of the options that you want in one file you don't need a second file but you know what i like to do it this way because it basically keeps things neat so to save the file we'll do control and then o and then enter then control x to exit out we'll get back to the video in just a moment but real quick i want to mention my sponsor lenode lynnote has been my infrastructure provider for quite a while now and has just recently announced their own managed kubernetes service and this enables you to combine lino's ease of use and simple pricing with the infrastructure efficiency of kubernetes with the lino kubernetes engine you can get your infrastructure and workloads up and running in minutes instead of days and scale resources in real time to meet your infrastructure needs and with linux managed kubernetes engine the pricing is simple only pay for what you use and with lino's 99.9 uptime sla and bundled transfer you can significantly cut costs when compared to aws gcp and azure designed with the open source ecosystem of kubernetes the linode kubernetes engine supports integration with tools like helm operators and more to help you get started with kubernetes lino gives you access to in-depth documentation video tutorials and webinars so go ahead and sign up at promo.leno.com learn linux tv to get a 60 60 day credit to test out lke or any of lino's other offerings i appreciate lino's continued support of learn linux tv now let's get back to the video now we haven't actually created the shares file yet so we'll do that right now and now we have another blank file we can go ahead and create the second file that's actually going to include the shares the folders that we are going to open up to the other users on our network so what we can do now is just create another group and we want to name this whatever we want the share name to be so what i can do is maybe type something like public files just like that i think that's a decent name for it and we need to give it a path where is that path going to be found what folder are we actually sharing to the other users and in my case what i'm going to do is type slash share slash public underscore files but it doesn't really matter where the path is as long as the directory actually exists we haven't created this directory yet we will do so shortly but just go ahead and think of whatever structure you want for your shares in this case i'm basically going to have a directory named share that's going to be at the beginning of the file system and inside that directory i'm going to create a directory called public files so on the next line we're going to do force user we're going to go ahead and set that equal to smbuser which is basically the user that we're going to force this to be shared as and it's going to require the permissions to be set a specific way but we'll get into that in just a moment and we're also going to do force group we'll set that to smb group just like that we'll set a create mask which will basically set the permissions for newly created files so for that zero six six four should be fine force create mode also zero six six four and the reason we're doing this is because the permissions on windows shares they don't work the same as permissions on linux it's actually completely different and if we don't set these options we'll have all kinds of strange things such as you know somebody saving a text file and it's going to default to being you know executable which is just going to look weird and for this what this will mean is that the person who created the file will have full control read and write the group will have read and write and then other will have just read and that should be fine for the context of this video and we're also going to set a directory mask as well i'll set that to zero seven seven five so basically what this will mandate is that newly created directories will have permission 775 so read write and execute for the owner read write and execute for the group and then read and execute for others and with directories you have to have the execute bit in order to actually go inside of the directory which is why we have permissions that are different for this we're gonna do force directory mode then zero seven seven five same thing public we'll set that to yes because that's what we're doing we're creating a public share and writable we do want changes to be allowed so we'll go ahead and put that here now we can go ahead and create multiple shares in this file and that's what i'm going to do i'm going to give you guys another example i'm going to base the example off the original one right here let's go ahead and copy all this here and down here i'll go ahead and paste it so i just duplicated that entire section and i'm going to call this one protected files this is going to be an example of a share where we want people to be able to go in here and download the files but we don't want people to go ahead and change the files and a somewhat lame but accurate example of this is maybe you want to share mp3 files with other people on your lan but you don't want people to go in and change the files or you know delete files from that share so what we could do here is actually create a share that is going to be a little bit more restricted and we'll leave public as yes we'll just change writable to no and then we need to go ahead and change the directory name here to be the new one and then we should be good to go all the changes should be fine writable is no we set the path we changed the name so we have two shares here so ctrl o and then enter to save the file and ctrl x to exit out so next what we want to do is go ahead and create the directories that we're sharing so i'll run sudo mkdir i'll use the dash p option because you know the parent directory doesn't exist either but this will go ahead and take care of that you basically just type the path to the first shared directory that you want to share so we'll do share in my case and then public underscore files just like that and then sudo mkdir we don't need the dash p option because now the parent directory does exist private files and we should be good to go so now those directories do exist you see the share directory right here then we can see the two folders right here so now that we have the directories created we need to go ahead and create the group and the user as well so to create the group it's simply sudo group add then dash dash system then the name of the group that we want to add which is going to be smb group we want to make sure that matches what we've typed in the file press enter and now if we do cat slash etsy group you can see that we actually have the smb group right here it has a gid of under 1000 which is consistent with system groups so now that exists and now we can go ahead and create the user so for that we're going to use sudo user add system we want to create a system user we don't actually need a home directory for this user so we'll just add dash dash no create home and then dash dash group because we want to go ahead and set the primary group that this user is going to be a member of and that is you guessed it smb group the one that we just created and for security purposes we don't want this user to be able to log in at all so we'll set the default shell to slash bin slash false which is basically going to prevent anyone from logging in as this user since it's a system user we really don't need any login activity to happen here it just needs to run in the background and then the username we'll be creating is smb user just like that and then if we take a look at the etsy pass wd we can see the new user here at the bottom with the uid of 997 it has a home directory listed but we chose not to create the home directory so actually that directory does not exist then the login shell is slash bin slash false so we should be good to go on that next what we want to do is go ahead and change the permissions of the shared directory so we'll do sudo ch own dash capital r because we want that to be recursive smb user colon smb group then slash share or whatever the upper level directory is that is hosting all the shares that you are creating so i'll press enter and then if we go ahead and take a look at the files we have this line right here this is the share folder and then inside there we have these two directories and they are owned by the appropriate users and then we'll run sudo chmod dash capital r then g for group plus w for right then that directory and we can see the difference right away here it is again but we gave the group which is this part of the permissions right here we gave the group write access and inside that directory we can see the same thing so now we should be good to go to go ahead and activate samba and test out this configuration so to go ahead and start it we will run sudo systemctl start smbd just like that and if you forgot to stop the samba service you can simply change this to restart that's valid as well so let's press enter and now that we've gone ahead and started it or restarted it you could check the status make sure that there are no errors at all if there are any syntax errors it will not be running let's press enter and see if it's running we can see that it is active and running now the font size of my terminal here is huge so you'll see that several things are cut off like this line right here the red coloration would lead you to believe that this is an error but it actually isn't and it's running anyway so everything is fine we're all set and ready to go so now what we can do is go ahead and try to browse to a share that we've created in this video to make sure everything is working now if you're running windows you should have in your file manager inside windows explorer a section for network and you should actually see your server straight away and then with mac os you can go ahead and use the finder utility and you should be able to choose the connect to server option and find your share that way now here on my linux laptop i'm going to open a file manager window and then other locations here and normally you'll actually see the server show up right here should automatically be found but due to a network restriction actually have that server running in a completely segregated vlan the broadcast isn't going to come through we won't see it here but i can still access it here by typing smb colon slash and then the ip address of the server which is this one right here and then we can actually see the two directories right here so if i go into public files and for this i'll just choose the anonymous option and click connect we are now inside the shared directory so i can go ahead and create some stuff and i just created a directory and a file so here on the server we can see that we have the test folder and the text file as well we have nothing inside the private files directory so i could just do sudo touch i need to use sudo because i'm not the owning user of this directory i'll do test file one two three and then if i back out of here and go into the protected files directory i'll do the same thing here and click connect we can see the test file that i created is right here so i'm going to go ahead and try to delete that and i get an error it tells me that permission is denied as we see right here and what that means is when i disabled the right access to this directory in the file so if you recall down here we have writable equals no which is why i get this error but then on the public files right here i can actually go ahead and delete something if i'd like and it's going to work just fine because writable for that one is equal to yes and then you can go ahead and create as many shared directories here in this file as you'd like and then regardless of whatever your operating system is you should actually be able to go to network or my case other locations or wherever on your operating system you get to your network shares and you should actually see the server listed here and then be able to access the directories on that server and that's pretty cool so there you go that was my method for creating a public file share server with samba i hope that was helpful for you guys so definitely subscribe to my channel if you haven't already done so i have some awesome videos coming up very soon stay tuned and i'll see you in the next video you

Info

Channel: LearnLinuxTV

Views: 70,421

Rating: undefined out of 5

Keywords: Linux, Tutorial, Howto, Guide, open-source, gnu/linux, samba, cifs, file share, share, sharing files, network, nas, storage, windows share, linux share, linux file sharing, samba tutorial, cifs tutorial, file sharing, samba (software), how to, samba server, ubuntu (operating system), samba file sharing, linux how to, windows 10, samba share, how to setup samba, how to set up samba for windows-linux file sharing, samba file server, how to set up samba, how to setup linux file server

Id: 7Q0mnAT1MRg

Channel Id: undefined

Length: 24min 24sec (1464 seconds)

Published: Sat Aug 29 2020