Difference between revisions of "Password Protected Samba Share"
(→Create user and set password) |
(→Fewer steps, not secure) |
||
(12 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | This article describes how to create a basic password protected | + | This article describes how to create a basic password protected Samba share on Linux, accessible by only one user. This share can be accessed via Windows, OSX, or Linux. |
We'll be making a share called <font color="red">fogshare</font>. It will be accessible via UNC paths in windows as <font color="red">\\x.x.x.x\fogshare</font> where x.x.x.x is the server's IP address. The share will reside on disk at <font color="red">/images/fogshare</font> The user defined with permissions and access is called <font color="red">smalluser</font> | We'll be making a share called <font color="red">fogshare</font>. It will be accessible via UNC paths in windows as <font color="red">\\x.x.x.x\fogshare</font> where x.x.x.x is the server's IP address. The share will reside on disk at <font color="red">/images/fogshare</font> The user defined with permissions and access is called <font color="red">smalluser</font> | ||
− | I've chosen to place the share in the /images directory because in | + | I've chosen to place the share in the /images directory because in an optimal fog partition layout, this directory typically has it's own partition and thus ample space. You may place the share wherever you like, simply by choosing another place to create the directory. Be sure to set permissions on the alternate directory and change the <font color="red">path</font> setting in the Samba configuration file. |
On CentOS 7, Fedora, RHEL, Ubuntu, and probably Debian, the process is almost identical. | On CentOS 7, Fedora, RHEL, Ubuntu, and probably Debian, the process is almost identical. | ||
Line 9: | Line 9: | ||
= Install Samba = | = Install Samba = | ||
− | For CentOS 7 and older, and Fedora 21 and older, install | + | For CentOS 7 and older, RHEL 7 and older, and Fedora 21 and older, install Samba: |
<pre>yum install samba samba-client -y</pre> | <pre>yum install samba samba-client -y</pre> | ||
− | For Fedora 22 and newer, and probably CentOS 8 and newer, install | + | For Fedora 22 and newer, and probably CentOS 8 and RHEL 8 and newer, install Samba: |
<pre>dnf install samba samba-client -y</pre> | <pre>dnf install samba samba-client -y</pre> | ||
− | For Ubuntu and Debian, install | + | For Ubuntu and Debian, install Samba: |
<pre>apt-get install samba samba-client -y</pre> | <pre>apt-get install samba samba-client -y</pre> | ||
Line 65: | Line 65: | ||
Instructions on using Vi: [[vi]] | Instructions on using Vi: [[vi]] | ||
− | Below is the Samba configuration file. Things above [ | + | Below is the Samba configuration file. Things above [fogshare] are global and apply to all shares. Then below each bracket name, is settings specific to the share with the text inside the bracket being the share name itself. Feel free to copy/paste. |
<pre>security = user | <pre>security = user | ||
Line 89: | Line 89: | ||
<pre>service smb restart</pre> | <pre>service smb restart</pre> | ||
+ | |||
+ | = Access from Windows = | ||
+ | |||
+ | Open File Explorer. In the address bar, type <font color="red">\\x.x.x.x\fogshare</font> | ||
+ | You will be prompted for a user and pass, give the smalluser as username, and the password you setup. You should now have read/write to this share. | ||
+ | |||
+ | |||
+ | = Access from Linux = | ||
+ | |||
+ | == Mount SMB share on the fly - '''not''' permanently == | ||
+ | |||
+ | This is a fast and easy way to get work done that you don't do very often, and is perfectly acceptable as long as it's done manually and not scripted. | ||
+ | |||
+ | To mount: | ||
+ | |||
+ | <pre> | ||
+ | mkdir /tempMount | ||
+ | mount -t cifs //x.x.x.x/fogshare /tempMount -o username=smalluser -o password=YourPasswordGoesHere,noexec | ||
+ | </pre> | ||
+ | |||
+ | To work with the share, just go into /tempMount and do your thing. | ||
+ | <pre>cd /tempMount</pre> | ||
+ | |||
+ | |||
+ | To unmount: | ||
+ | |||
+ | <pre>umount /tempMount</pre> | ||
+ | |||
+ | |||
+ | == Mount SMB share permanently == | ||
+ | |||
+ | === Fewer steps, less secure === | ||
+ | |||
+ | This method isn't as secure, because the password is contained in the fstab entry. | ||
+ | |||
+ | <pre>mkdir /tempMount | ||
+ | vi /etc/fstab</pre> | ||
+ | |||
+ | Instructions on using Vi: [[vi]] | ||
+ | |||
+ | Add this line to the bottom of /etc/fstab: | ||
+ | |||
+ | <pre>//x.x.x.x/fogshare /tempMount cifs username=smalluser,password=YourPasswordGoesHere,iocharset=utf8,sec=ntlm 0 0</pre> | ||
+ | |||
+ | Then, mount: | ||
+ | <pre>sudo mount -a</pre> | ||
+ | |||
+ | === More steps, more secure === | ||
+ | |||
+ | This method is more secure, because we separate out the credentials from the fstab entry. | ||
+ | |||
+ | Create the mount directory: | ||
+ | <pre>mkdir /tempMount</pre> | ||
+ | |||
+ | Create a credentials file, readable by only the person who should be managing it (root). | ||
+ | <pre>vi ~/.smbcredentials</pre> | ||
+ | |||
+ | Instructions on using Vi: [[vi]] | ||
+ | |||
+ | Place these fields into the file. | ||
+ | |||
+ | <pre> | ||
+ | username=foguser | ||
+ | password=YourPasswordGoesHere | ||
+ | </pre> | ||
+ | |||
+ | Save and quit. | ||
+ | |||
+ | Set strict permissions on the file. | ||
+ | |||
+ | <pre>chmod 600 ~/.smbcredentials</pre> | ||
+ | |||
+ | Modify /etc/fstab file: | ||
+ | |||
+ | <pre>vi /etc/fstab</pre> | ||
+ | |||
+ | Instructions on using Vi: [[vi]] | ||
+ | |||
+ | Note: If you did the above steps, you can delete the above line from those steps now. | ||
+ | |||
+ | <pre>//x.x.x.x/fogshare /tempMount cifs credentials=/home/username/.smbcredentials,iocharset=utf8,sec=ntlm 0 0</pre> | ||
+ | |||
+ | Save and close. | ||
+ | |||
+ | Mount the share: | ||
+ | |||
+ | <pre>sudo mount -a</pre> |
Latest revision as of 18:12, 11 October 2016
This article describes how to create a basic password protected Samba share on Linux, accessible by only one user. This share can be accessed via Windows, OSX, or Linux.
We'll be making a share called fogshare. It will be accessible via UNC paths in windows as \\x.x.x.x\fogshare where x.x.x.x is the server's IP address. The share will reside on disk at /images/fogshare The user defined with permissions and access is called smalluser
I've chosen to place the share in the /images directory because in an optimal fog partition layout, this directory typically has it's own partition and thus ample space. You may place the share wherever you like, simply by choosing another place to create the directory. Be sure to set permissions on the alternate directory and change the path setting in the Samba configuration file.
On CentOS 7, Fedora, RHEL, Ubuntu, and probably Debian, the process is almost identical.
Contents
Install Samba
For CentOS 7 and older, RHEL 7 and older, and Fedora 21 and older, install Samba:
yum install samba samba-client -y
For Fedora 22 and newer, and probably CentOS 8 and RHEL 8 and newer, install Samba:
dnf install samba samba-client -y
For Ubuntu and Debian, install Samba:
apt-get install samba samba-client -y
Start Samba
Start Samba on Fedora/CentOS/RHEL:
systemctl start smb
Start Samba on Ubuntu/Debian:
service smb start
Make the directory
Make the directory you want to share:
mkdir /images/fogshare
Create user and set password
Make a user specifically for it:
useradd smalluser
Set the user's password:
passwd smalluser
Add the user to Samba and set a password for the user, this should match the previous password:
smbpasswd -a smalluser
Set permissions
Set permissions on the local directory:
chown smalluser:smalluser /images/fogshare chmod 770 /images/fogshare
Configure Samba
Setup the samba configuration script:
vi /etc/samba/smb.conf
Instructions on using Vi: vi
Below is the Samba configuration file. Things above [fogshare] are global and apply to all shares. Then below each bracket name, is settings specific to the share with the text inside the bracket being the share name itself. Feel free to copy/paste.
security = user passdb backend = tdbsam unix charset = utf-8 dos charset = cp932 [fogshare] path = /images/fogshare read only = no create mode = 0777 directory mode = 0777 writable = yes valid users = smalluser
Restart Samba
Then restart Samba in Fedora/CentOS/RHEL:
systemctl restart smb
Restart Samba on Ubuntu/Debian:
service smb restart
Access from Windows
Open File Explorer. In the address bar, type \\x.x.x.x\fogshare You will be prompted for a user and pass, give the smalluser as username, and the password you setup. You should now have read/write to this share.
Access from Linux
This is a fast and easy way to get work done that you don't do very often, and is perfectly acceptable as long as it's done manually and not scripted.
To mount:
mkdir /tempMount mount -t cifs //x.x.x.x/fogshare /tempMount -o username=smalluser -o password=YourPasswordGoesHere,noexec
To work with the share, just go into /tempMount and do your thing.
cd /tempMount
To unmount:
umount /tempMount
Fewer steps, less secure
This method isn't as secure, because the password is contained in the fstab entry.
mkdir /tempMount vi /etc/fstab
Instructions on using Vi: vi
Add this line to the bottom of /etc/fstab:
//x.x.x.x/fogshare /tempMount cifs username=smalluser,password=YourPasswordGoesHere,iocharset=utf8,sec=ntlm 0 0
Then, mount:
sudo mount -a
More steps, more secure
This method is more secure, because we separate out the credentials from the fstab entry.
Create the mount directory:
mkdir /tempMount
Create a credentials file, readable by only the person who should be managing it (root).
vi ~/.smbcredentials
Instructions on using Vi: vi
Place these fields into the file.
username=foguser password=YourPasswordGoesHere
Save and quit.
Set strict permissions on the file.
chmod 600 ~/.smbcredentials
Modify /etc/fstab file:
vi /etc/fstab
Instructions on using Vi: vi
Note: If you did the above steps, you can delete the above line from those steps now.
//x.x.x.x/fogshare /tempMount cifs credentials=/home/username/.smbcredentials,iocharset=utf8,sec=ntlm 0 0
Save and close.
Mount the share:
sudo mount -a