What do you think? Discuss, post comments, or ask questions at the end of this article [More about me]

Skip to end of metadata
Go to start of metadata

This guide covers how to create a samba share, and set it writeable by all, or by a group, or specific users.

Install samba

Debian / Ubuntu etc.

sudo apt install samba

Arch / Manjaro etc.

sudo pacman -S samba

Create user (and optionally group) under which will share

With this method we actually create a user (in this example we will call it 'shareuser') and set the folder (to share) to be owned by this user.

useradd --system shareuser
chown -R shareuser /media/share

Note: the folder we are sharing is /media/share

Share by group

Optional: If you want to share by group (i.e. allow all users from group access) then you'll need to create this group.  E.g. to add a group "sharegroup" and then make user "shareuser" part of said group, do:

sudo groupadd sharegroup
sudo useradd shareuser -G sharegroup

You can make set all new files to be created in a folder to be owned by a specific group using chmod.  For example,

chgrp -R sharegroup /media/share
chmod g+s /media/share

will change all folders and files' ownership group in /media/share to sharegroup, and then apply the setgid bit to make any new files or folders created also have sharegroup group ownership. 

Edit /etc/samba/smb.conf

We now need to edit /etc/samba/smb.conf.  Below are several examples depending on how you want to users to access your smb share.

Allow all users to access and write to your samba share

...
# share
[share]
  path = /media/share
  writeable = yes
  browseable = yes
  public = yes
  create mask = 0644
  directory mask = 0755
  force user = shareuser
...

Only allow all users from a (Linux) group to access and write to your samba share

Note: you should have created group "sharegroup" (or another group) as outlined above.

...
# share
[share]
  path = /media/share
  valid users = @sharegroup
  writeable = yes
  browseable = yes
  create mask = 0644
  directory mask = 0755
  force user = shareuser
...

Only allow specific (samba) users to access and write to your samba share

For this, we'll need to create a samba password for the user you created previously.  This samba password does not need to be the same as the Linux user password:

sudo smbpasswd -a shareuser

Follow the interative prompts to enter a samba password.

...
# share
[share]
  path = /media/share
  valid users = shareuser
  writeable = yes
  browseable = yes
  create mask = 0644
  directory mask = 0755
  force user = shareuser
...

Add rules to allow samba traffic through firewall

On your network you'll need to allow samba traffic through your server firewall.  If you're using UFW then you can add the requisite rules by executing the following commands.  The below assumes an internal network address range of 10.0.0.0 → 10.0.0.255 (or 10.0.0.0/24 CIDR) so you'll need to change to suit your internal network if it differs:

sudo ufw allow proto udp to any port 137 from 10.0.0.0/24
sudo ufw allow proto udp to any port 138 from 10.0.0.0/24
sudo ufw allow proto tcp to any port 139 from 10.0.0.0/24
sudo ufw allow proto tcp to any port 445 from 10.0.0.0/24

Restart smbd

For your changes to take effect, we need to restart samba.

sudo systemctl restart smbd

References

  1. https://unix.stackexchange.com/questions/206309/how-to-create-a-samba-share-that-is-writable-from-windows-without-777-permission
  2. https://www.techrepublic.com/article/how-to-set-up-quick-and-easy-file-sharing-with-samba/
  3. https://askubuntu.com/questions/51951/set-default-group-for-user-when-they-create-new-files
  4. https://www.ghacks.net/2010/12/29/allow-samba-through-your-linux-firewall-with-ufw/