The Aim
Sometimes it is necessary to share files from a POSIX operating system (Linux, FreeBSD, etc.) with Windows computers via the network. For this task Samba is the powerful interoperability suite which can handle this task. To distinguish between these two systems I will differentiate between POSIX (that is the samba server) and Windows computers.
In my specific case I have the following requirements:
- A public share that can be accessed without a password from Windows computers
- This share should use an existing POSIX user and group to access and write files. This means the standard POSIX permission system can be used to control file access.
This seems very straightforward and easy but the Google results are not very consistent and refer to older versions of samba.
The Solution
After studying some configurations out there and especially the Samba documentation itself, a quite simple configuration file was the result. Please note that this is tested on a Debian squeeze system with Samba 3.5.6, SELinux disabled. Clients which were able to connect were running Mac OS X 10.7.4 and Windows XP SP3, respectively.
Please note that in the smb.conf
file there are options which are synonyms (e.g. guest ok = yes
is equivalent to public = yes
). This makes it sometimes hard to find out which parameters are really necessary. With this configuration the user and group specified with the force user
and force group
directive has to a user already present on the POSIX server. Make sure this user/group combination has access to the path that should be shared. Contrasting other setups no fiddling with smbpasswd
is necessary with this configuration.
To check the configuration before running the server, run the testparm
command to see the processed configuration file.
smb.conf
[global] workgroup = workgroup map to guest = Bad User force user = publicuser # user and group used to access the file path force group = publicgroup server string = My Samba fileserver [public-stuff] path = /public/stuff/ # the POSIX path to share public = yes # equivalent to guest ok = yes read only = no # enable anonymous writes, equivalent to writable = yes comment = Public stuff # the additional comment displayed in the windows explorer create mask = 0660 # corresponds to -rw-rw---- directory mask = 0770 # corresponds to drwxrwx---
Disclaimer
Please note that sharing a path without any password is a potential security risk. This should only be done in tightly controlled network scenarios, e.g. a small home LAN.