Difference between revisions of "Password Protected Samba Share"

From FOG Project
Jump to: navigation, search
(Fewer steps, not secure)
 
(7 intermediate revisions by the same user not shown)
Line 9: Line 9:
 
= Install Samba =
 
= Install Samba =
  
For CentOS 7 and older, and Fedora 21 and older, install Samba:
+
For CentOS 7 and older, RHEL 7 and older, and Fedora 21 and older, install Samba:
  
 
<pre>yum install samba samba-client -y</pre>
 
<pre>yum install samba samba-client -y</pre>
  
For Fedora 22 and newer, and probably CentOS 8 and newer, install Samba:
+
For Fedora 22 and newer, and probably CentOS 8 and RHEL 8 and newer, install Samba:
  
 
<pre>dnf install samba samba-client -y</pre>
 
<pre>dnf install samba samba-client -y</pre>
Line 65: Line 65:
 
Instructions on using Vi: [[vi]]
 
Instructions on using Vi: [[vi]]
  
Below is the Samba configuration file. Things above [smallshare] are global and apply to all shares. Then below each bracket name, is settings specific to the share. Feel free to copy/paste.
+
Below is the Samba configuration file. Things above [fogshare] are global and apply to all shares. Then below each bracket name, is settings specific to the share with the text inside the bracket being the share name itself. Feel free to copy/paste.
  
 
<pre>security = user
 
<pre>security = user
Line 89: Line 89:
  
 
<pre>service smb restart</pre>
 
<pre>service smb restart</pre>
 +
 +
= Access from Windows =
 +
 +
Open File Explorer. In the address bar, type <font color="red">\\x.x.x.x\fogshare</font>
 +
You will be prompted for a user and pass, give the smalluser as username, and the password you setup. You should now have read/write to this share.
 +
 +
 +
= Access from Linux =
 +
 +
== Mount SMB share on the fly - '''not''' permanently ==
 +
 +
This is a fast and easy way to get work done that you don't do very often, and is perfectly acceptable as long as it's done manually and not scripted.
 +
 +
To mount:
 +
 +
<pre>
 +
mkdir /tempMount
 +
mount -t cifs //x.x.x.x/fogshare /tempMount -o username=smalluser -o password=YourPasswordGoesHere,noexec
 +
</pre>
 +
 +
To work with the share, just go into /tempMount and do your thing.
 +
<pre>cd /tempMount</pre>
 +
 +
 +
To unmount:
 +
 +
<pre>umount /tempMount</pre>
 +
 +
 +
== Mount SMB share permanently ==
 +
 +
=== Fewer steps, less secure ===
 +
 +
This method isn't as secure, because the password is contained in the fstab entry.
 +
 +
<pre>mkdir /tempMount
 +
vi /etc/fstab</pre>
 +
 +
Instructions on using Vi: [[vi]]
 +
 +
Add this line to the bottom of /etc/fstab:
 +
 +
<pre>//x.x.x.x/fogshare /tempMount cifs username=smalluser,password=YourPasswordGoesHere,iocharset=utf8,sec=ntlm 0 0</pre>
 +
 +
Then, mount:
 +
<pre>sudo mount -a</pre>
 +
 +
=== More steps, more secure ===
 +
 +
This method is more secure, because we separate out the credentials from the fstab entry.
 +
 +
Create the mount directory:
 +
<pre>mkdir /tempMount</pre>
 +
 +
Create a credentials file, readable by only the person who should be managing it (root).
 +
<pre>vi ~/.smbcredentials</pre>
 +
 +
Instructions on using Vi: [[vi]]
 +
 +
Place these fields into the file.
 +
 +
<pre>
 +
username=foguser
 +
password=YourPasswordGoesHere
 +
</pre>
 +
 +
Save and quit.
 +
 +
Set strict permissions on the file.
 +
 +
<pre>chmod 600 ~/.smbcredentials</pre>
 +
 +
Modify /etc/fstab file:
 +
 +
<pre>vi /etc/fstab</pre>
 +
 +
Instructions on using Vi: [[vi]]
 +
 +
Note: If you did the above steps, you can delete the above line from those steps now.
 +
 +
<pre>//x.x.x.x/fogshare /tempMount cifs credentials=/home/username/.smbcredentials,iocharset=utf8,sec=ntlm 0 0</pre>
 +
 +
Save and close.
 +
 +
Mount the share:
 +
 +
<pre>sudo mount -a</pre>

Latest revision as of 18:12, 11 October 2016

This article describes how to create a basic password protected Samba share on Linux, accessible by only one user. This share can be accessed via Windows, OSX, or Linux.

We'll be making a share called fogshare. It will be accessible via UNC paths in windows as \\x.x.x.x\fogshare where x.x.x.x is the server's IP address. The share will reside on disk at /images/fogshare The user defined with permissions and access is called smalluser

I've chosen to place the share in the /images directory because in an optimal fog partition layout, this directory typically has it's own partition and thus ample space. You may place the share wherever you like, simply by choosing another place to create the directory. Be sure to set permissions on the alternate directory and change the path setting in the Samba configuration file.

On CentOS 7, Fedora, RHEL, Ubuntu, and probably Debian, the process is almost identical.

Install Samba

For CentOS 7 and older, RHEL 7 and older, and Fedora 21 and older, install Samba:

yum install samba samba-client -y

For Fedora 22 and newer, and probably CentOS 8 and RHEL 8 and newer, install Samba:

dnf install samba samba-client -y

For Ubuntu and Debian, install Samba:

apt-get install samba samba-client -y

Start Samba

Start Samba on Fedora/CentOS/RHEL:

systemctl start smb

Start Samba on Ubuntu/Debian:

service smb start

Make the directory

Make the directory you want to share:

mkdir /images/fogshare

Create user and set password

Make a user specifically for it:

useradd smalluser

Set the user's password:

passwd smalluser

Add the user to Samba and set a password for the user, this should match the previous password:

smbpasswd -a smalluser

Set permissions

Set permissions on the local directory:

chown smalluser:smalluser /images/fogshare
chmod 770 /images/fogshare

Configure Samba

Setup the samba configuration script:

vi /etc/samba/smb.conf

Instructions on using Vi: vi

Below is the Samba configuration file. Things above [fogshare] are global and apply to all shares. Then below each bracket name, is settings specific to the share with the text inside the bracket being the share name itself. Feel free to copy/paste.

security = user
passdb backend = tdbsam
unix charset = utf-8
dos charset = cp932

[fogshare]
path = /images/fogshare
read only = no
create mode = 0777
directory mode = 0777
writable = yes
valid users = smalluser

Restart Samba

Then restart Samba in Fedora/CentOS/RHEL:

systemctl restart smb

Restart Samba on Ubuntu/Debian:

service smb restart

Access from Windows

Open File Explorer. In the address bar, type \\x.x.x.x\fogshare You will be prompted for a user and pass, give the smalluser as username, and the password you setup. You should now have read/write to this share.


Access from Linux

Mount SMB share on the fly - not permanently

This is a fast and easy way to get work done that you don't do very often, and is perfectly acceptable as long as it's done manually and not scripted.

To mount:

mkdir /tempMount
mount -t cifs //x.x.x.x/fogshare /tempMount -o username=smalluser -o password=YourPasswordGoesHere,noexec

To work with the share, just go into /tempMount and do your thing.

cd /tempMount


To unmount:

umount /tempMount


Mount SMB share permanently

Fewer steps, less secure

This method isn't as secure, because the password is contained in the fstab entry.

mkdir /tempMount
vi /etc/fstab

Instructions on using Vi: vi

Add this line to the bottom of /etc/fstab:

//x.x.x.x/fogshare /tempMount cifs username=smalluser,password=YourPasswordGoesHere,iocharset=utf8,sec=ntlm 0 0

Then, mount:

sudo mount -a

More steps, more secure

This method is more secure, because we separate out the credentials from the fstab entry.

Create the mount directory:

mkdir /tempMount

Create a credentials file, readable by only the person who should be managing it (root).

vi ~/.smbcredentials

Instructions on using Vi: vi

Place these fields into the file.

username=foguser
password=YourPasswordGoesHere

Save and quit.

Set strict permissions on the file.

chmod 600 ~/.smbcredentials

Modify /etc/fstab file:

vi /etc/fstab

Instructions on using Vi: vi

Note: If you did the above steps, you can delete the above line from those steps now.

//x.x.x.x/fogshare /tempMount cifs credentials=/home/username/.smbcredentials,iocharset=utf8,sec=ntlm 0 0

Save and close.

Mount the share:

sudo mount -a