Simple Samba Configuration for Public Shares

The Aim

Some­times it is nec­es­sary to share files from a POSIX oper­at­ing sys­tem (Lin­ux, FreeB­SD, etc.) with Win­dows com­put­ers via the net­work. For this task Sam­ba is the pow­er­ful inter­op­er­abil­i­ty suite which can han­dle this task. To dis­tin­guish between these two sys­tems I will dif­fer­en­ti­ate between POSIX (that is the sam­ba serv­er) and Win­dows computers.

In my spe­cif­ic case I have the fol­low­ing requirements:

  1. A pub­lic share that can be accessed with­out a pass­word from Win­dows computers
  2. This share should use an exist­ing POSIX user and group to access and write files. This means the stan­dard POSIX per­mis­sion sys­tem can be used to con­trol file access.

This seems very straight­for­ward and easy but the Google results are not very con­sis­tent and refer to old­er ver­sions of samba.

The Solution

After study­ing some con­fig­u­ra­tions out there and espe­cial­ly the Sam­ba doc­u­men­ta­tion itself, a quite sim­ple con­fig­u­ra­tion file was the result. Please note that this is test­ed on a Debian squeeze sys­tem with Sam­ba 3.5.6, SELin­ux dis­abled. Clients which were able to con­nect were run­ning Mac OS X 10.7.4 and Win­dows XP SP3, respectively.

Please note that in the smb.conf file there are options which are syn­onyms (e.g. guest ok = yes is equiv­a­lent to public = yes). This makes it some­times hard to find out which para­me­ters are real­ly nec­es­sary. With this con­fig­u­ra­tion the user and group spec­i­fied with the force user and force group direc­tive has to a user already present on the POSIX serv­er. Make sure this user/group com­bi­na­tion has access to the path that should be shared. Con­trast­ing oth­er setups no fid­dling with smbpasswd is nec­es­sary with this configuration.

To check the con­fig­u­ra­tion before run­ning the serv­er, run the testparm com­mand to see the processed con­fig­u­ra­tion file.

smb.conf

[global]
workgroup = workgroup
map to guest = Bad User
force user = publicuser   # user and group used to access the file path
force group = publicgroup
server string = My Samba fileserver
 
[public-stuff]
path = /public/stuff/   # the POSIX path to share
public = yes            # equivalent to guest ok = yes
read only = no          # enable anonymous writes, equivalent to writable = yes
comment = Public stuff  # the additional comment displayed in the windows explorer
create mask = 0660      # corresponds to -rw-rw----
directory mask = 0770   # corresponds to drwxrwx---

Disclaimer

Please note that shar­ing a path with­out any pass­word is a poten­tial secu­ri­ty risk. This should only be done in tight­ly con­trolled net­work sce­nar­ios, e.g. a small home LAN.

References

Thomas

Chemist, Programmer, Mac and iPhone enthusiast. Likes coding in Python, Objective-C and other languages.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.