Simple Samba Configuration for Public Shares

The Aim

Sometimes it is necessary to share files from a POSIX operating system (Linux, FreeBSD, etc.) with Windows computers via the network. For this task Samba is the powerful interoperability suite which can handle this task. To distinguish between these two systems I will differentiate between POSIX (that is the samba server) and Windows computers.

In my specific case I have the following requirements:

  1. A public share that can be accessed without a password from Windows computers
  2. This share should use an existing POSIX user and group to access and write files. This means the standard POSIX permission system can be used to control file access.

This seems very straightforward and easy but the Google results are not very consistent and refer to older versions of samba.

The Solution

After studying some configurations out there and especially the Samba documentation itself, a quite simple configuration file was the result. Please note that this is tested on a Debian squeeze system with Samba 3.5.6, SELinux disabled. Clients which were able to connect were running Mac OS X 10.7.4 and Windows XP SP3, respectively.

Please note that in the smb.conf file there are options which are synonyms (e.g. guest ok = yes is equivalent to public = yes). This makes it sometimes hard to find out which parameters are really necessary. With this configuration the user and group specified with the force user and force group directive has to a user already present on the POSIX server. Make sure this user/group combination has access to the path that should be shared. Contrasting other setups no fiddling with smbpasswd is necessary with this configuration.

To check the configuration before running the server, run the testparm command to see the processed configuration file.

smb.conf

[global]
workgroup = workgroup
map to guest = Bad User
force user = publicuser   # user and group used to access the file path
force group = publicgroup
server string = My Samba fileserver
 
[public-stuff]
path = /public/stuff/   # the POSIX path to share
public = yes            # equivalent to guest ok = yes
read only = no          # enable anonymous writes, equivalent to writable = yes
comment = Public stuff  # the additional comment displayed in the windows explorer
create mask = 0660      # corresponds to -rw-rw----
directory mask = 0770   # corresponds to drwxrwx---

Disclaimer

Please note that sharing a path without any password is a potential security risk. This should only be done in tightly controlled network scenarios, e.g. a small home LAN.

References

Thomas

Chemist, Programmer, Mac and iPhone enthusiast. Likes coding in Python, Objective-C and other languages.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.