Sometimes it is necessary to share files from a POSIX operating system (Linux, FreeBSD, etc.) with Windows computers via the network. For this task Samba is the powerful interoperability suite which can handle this task. To distinguish between these two systems I will differentiate between POSIX (that is the samba server) and Windows computers.
In my specific case I have the following requirements:
- A public share that can be accessed without a password from Windows computers
- This share should use an existing POSIX user and group to access and write files. This means the standard POSIX permission system can be used to control file access.
This seems very straightforward and easy but the Google results are not very consistent and refer to older versions of samba.
After studying some configurations out there and especially the Samba documentation itself, a quite simple configuration file was the result. Please note that this is tested on a Debian squeeze system with Samba 3.5.6, SELinux disabled. Clients which were able to connect were running Mac OS X 10.7.4 and Windows XP SP3, respectively.
Please note that in the
smb.conf file there are options which are synonyms (e.g.
guest ok = yes is equivalent to
public = yes). This makes it sometimes hard to find out which parameters are really necessary. With this configuration the user and group specified with the
force user and
force group directive has to a user already present on the POSIX server. Make sure this user/group combination has access to the path that should be shared. Contrasting other setups no fiddling with
smbpasswd is necessary with this configuration.
To check the configuration before running the server, run the
testparm command to see the processed configuration file.
[global] workgroup = workgroup map to guest = Bad User force user = publicuser # user and group used to access the file path force group = publicgroup server string = My Samba fileserver [public-stuff] path = /public/stuff/ # the POSIX path to share public = yes # equivalent to guest ok = yes read only = no # enable anonymous writes, equivalent to writable = yes comment = Public stuff # the additional comment displayed in the windows explorer create mask = 0660 # corresponds to -rw-rw---- directory mask = 0770 # corresponds to drwxrwx---
Please note that sharing a path without any password is a potential security risk. This should only be done in tightly controlled network scenarios, e.g. a small home LAN.