Difference between revisions of "Password Protected Samba Share"
(→Fewer steps, not secure) |
|||
(4 intermediate revisions by the same user not shown) | |||
Line 65: | Line 65: | ||
Instructions on using Vi: [[vi]] | Instructions on using Vi: [[vi]] | ||
− | Below is the Samba configuration file. Things above [ | + | Below is the Samba configuration file. Things above [fogshare] are global and apply to all shares. Then below each bracket name, is settings specific to the share with the text inside the bracket being the share name itself. Feel free to copy/paste. |
<pre>security = user | <pre>security = user | ||
Line 120: | Line 120: | ||
== Mount SMB share permanently == | == Mount SMB share permanently == | ||
− | === Fewer steps, | + | === Fewer steps, less secure === |
This method isn't as secure, because the password is contained in the fstab entry. | This method isn't as secure, because the password is contained in the fstab entry. | ||
Line 136: | Line 136: | ||
<pre>sudo mount -a</pre> | <pre>sudo mount -a</pre> | ||
− | === More steps, secure === | + | === More steps, more secure === |
This method is more secure, because we separate out the credentials from the fstab entry. | This method is more secure, because we separate out the credentials from the fstab entry. | ||
Line 150: | Line 150: | ||
Place these fields into the file. | Place these fields into the file. | ||
+ | <pre> | ||
username=foguser | username=foguser | ||
password=YourPasswordGoesHere | password=YourPasswordGoesHere | ||
+ | </pre> | ||
Save and quit. | Save and quit. | ||
Line 157: | Line 159: | ||
Set strict permissions on the file. | Set strict permissions on the file. | ||
− | chmod 600 ~/.smbcredentials | + | <pre>chmod 600 ~/.smbcredentials</pre> |
Modify /etc/fstab file: | Modify /etc/fstab file: | ||
− | <pre>vi /etc/fstab> | + | |
+ | <pre>vi /etc/fstab</pre> | ||
Instructions on using Vi: [[vi]] | Instructions on using Vi: [[vi]] |
Latest revision as of 18:12, 11 October 2016
This article describes how to create a basic password protected Samba share on Linux, accessible by only one user. This share can be accessed via Windows, OSX, or Linux.
We'll be making a share called fogshare. It will be accessible via UNC paths in windows as \\x.x.x.x\fogshare where x.x.x.x is the server's IP address. The share will reside on disk at /images/fogshare The user defined with permissions and access is called smalluser
I've chosen to place the share in the /images directory because in an optimal fog partition layout, this directory typically has it's own partition and thus ample space. You may place the share wherever you like, simply by choosing another place to create the directory. Be sure to set permissions on the alternate directory and change the path setting in the Samba configuration file.
On CentOS 7, Fedora, RHEL, Ubuntu, and probably Debian, the process is almost identical.
Contents
Install Samba
For CentOS 7 and older, RHEL 7 and older, and Fedora 21 and older, install Samba:
yum install samba samba-client -y
For Fedora 22 and newer, and probably CentOS 8 and RHEL 8 and newer, install Samba:
dnf install samba samba-client -y
For Ubuntu and Debian, install Samba:
apt-get install samba samba-client -y
Start Samba
Start Samba on Fedora/CentOS/RHEL:
systemctl start smb
Start Samba on Ubuntu/Debian:
service smb start
Make the directory
Make the directory you want to share:
mkdir /images/fogshare
Create user and set password
Make a user specifically for it:
useradd smalluser
Set the user's password:
passwd smalluser
Add the user to Samba and set a password for the user, this should match the previous password:
smbpasswd -a smalluser
Set permissions
Set permissions on the local directory:
chown smalluser:smalluser /images/fogshare chmod 770 /images/fogshare
Configure Samba
Setup the samba configuration script:
vi /etc/samba/smb.conf
Instructions on using Vi: vi
Below is the Samba configuration file. Things above [fogshare] are global and apply to all shares. Then below each bracket name, is settings specific to the share with the text inside the bracket being the share name itself. Feel free to copy/paste.
security = user passdb backend = tdbsam unix charset = utf-8 dos charset = cp932 [fogshare] path = /images/fogshare read only = no create mode = 0777 directory mode = 0777 writable = yes valid users = smalluser
Restart Samba
Then restart Samba in Fedora/CentOS/RHEL:
systemctl restart smb
Restart Samba on Ubuntu/Debian:
service smb restart
Access from Windows
Open File Explorer. In the address bar, type \\x.x.x.x\fogshare You will be prompted for a user and pass, give the smalluser as username, and the password you setup. You should now have read/write to this share.
Access from Linux
This is a fast and easy way to get work done that you don't do very often, and is perfectly acceptable as long as it's done manually and not scripted.
To mount:
mkdir /tempMount mount -t cifs //x.x.x.x/fogshare /tempMount -o username=smalluser -o password=YourPasswordGoesHere,noexec
To work with the share, just go into /tempMount and do your thing.
cd /tempMount
To unmount:
umount /tempMount
Fewer steps, less secure
This method isn't as secure, because the password is contained in the fstab entry.
mkdir /tempMount vi /etc/fstab
Instructions on using Vi: vi
Add this line to the bottom of /etc/fstab:
//x.x.x.x/fogshare /tempMount cifs username=smalluser,password=YourPasswordGoesHere,iocharset=utf8,sec=ntlm 0 0
Then, mount:
sudo mount -a
More steps, more secure
This method is more secure, because we separate out the credentials from the fstab entry.
Create the mount directory:
mkdir /tempMount
Create a credentials file, readable by only the person who should be managing it (root).
vi ~/.smbcredentials
Instructions on using Vi: vi
Place these fields into the file.
username=foguser password=YourPasswordGoesHere
Save and quit.
Set strict permissions on the file.
chmod 600 ~/.smbcredentials
Modify /etc/fstab file:
vi /etc/fstab
Instructions on using Vi: vi
Note: If you did the above steps, you can delete the above line from those steps now.
//x.x.x.x/fogshare /tempMount cifs credentials=/home/username/.smbcredentials,iocharset=utf8,sec=ntlm 0 0
Save and close.
Mount the share:
sudo mount -a