Samba

From miki
Revision as of 22:00, 25 November 2012 by Mip (talk | contribs) (→‎Mount as User: allow_utime, umask not supported)
Jump to navigation Jump to search

This page is part of the Linux Disk Management pages.

References

Packages

In Ubuntu, install the packages samba and smbfs.

Samba Client

  • To mount a samba share in Linux (see [1]):
$ mkdir -p /windows/winshare
$ mount -t cifs //winmachine/testshare /windows/winshare
$ mount -t cifs -o username=user,password=secret //winmachine/testshare /windows/winshare
$ sudo mount -t cifs -o username=baddreams,uid=1000,gid=124 //phoenix/D$ /net/phoenix/d
  • Or make it an entry in /etc/fstab. Note that gid=124 refers to group sambashare.
//mnemosyne/backup /net/mnemosyne/backuprw	cifs	username=backup,uid=999,gid=124

Samba Server

Installation

(From [2])

  • Install Samba
sudo apt-get install samba smbfs
  • Edit the configuration file /etc/samba/smb.conf
    • Uncomment the line security = user, and add link to smbusers file
security = user
username map = /etc/samba/smbusers             # ... does not seems mandatory though
  • Add the user
sudo smbpasswd -a beq06659
  • Create the user mapping file that maps samba user to linux user in file /etc/samba/smbusers:
<linuxuser>="<sambauser>"
  • Uncomment the section corresponding to the shares you want to enable:
[homes]
   comment = Home Directories
   browseable = no
 
[c]
   comment = Windows Drive C
   browseable = yes
   path = /win/c
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

[d]
   comment = Windows Drive D
   browseable = yes
   path = /win/d
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700
  • Don't forget to open the ports on your firewall !!!
  • Restart the samba daemon
sudo /etc/init.d/smbd restart

Server Firewall Settings

The following ports must be opened ([3], [4]):

Service Port Prot Description
netbios-ns 137 UDP NetBIOS Name Service
netbios-dgm 138 UDP NetBIOS Datagram Service
netbios-ssn 139 TCP NetBIOS Session Service
microsoft-ds 445 TCP Microsoft Directory Service

As advised here, port 135/tcp[1] is better left closed (was already exploited by worms), without causing defect.

Share without user/password

Reference: [5].

The idea is to open up the samba shares to all computers on a private network (by restricting network interfaces).

  • Edit /etc/samba/smb.conf. Set interfaces to lo and
interfaces = lo eth1
bind interfaces only = true
  • Make sure that security is set to share (not user), and that guest account is enabled:
security = share
...
guest account = nobody
  • Create a share accessible to guest users:
[Guest Share]
    comment = Guest access share
    path = /path/to/dir/to/share
    browseable = yes
    read only = yes
    guest ok = yes
  • Test that configuration is good with testparm:
testparm
  • Restart samba:
sudo /etc/init.d/samba reload

Mount as User

To mount a samba share as a regular user (i.e. without sudo), the following conditions must be met:

  • /bin/mount, /bin/umount, /sbin/mount.cifs, /sbin/umount.cifs must be setuid (sudo chmod +s ...)
  • share point must be owned by the user (chown username mountpoint).
    • May be optional, but does not hurt, set group of mount point to sambashare, and verify that the user is in that group
  • mount spec in fstab must contain the option user (or users to let any user unmount).
    • It seems that option suid should be present as well, but does not seem to do anything good to me.
//mnemosyne/public /net/mnemosyne/publicrw	cifs	noauto,users,guest	0 0
//mnemosyne/public /net/mnemosyne/public	cifs	noauto,users,ro,guest,suid 	0 0

References

  1. DCE RPC, i.e. Distributed Computing Environment and Remote Procedure Call