This guide covers how to create a samba share, and set it writeable by all, or by a group, or specific users.
Install samba
Debian / Ubuntu etc.
sudo apt install samba
Arch / Manjaro etc.
sudo pacman -S samba
Create user (and optionally group) under which will share
With this method we actually create a user (in this example we will call it 'shareuser') and set the folder (to share) to be owned by this user.
useradd --system shareuser chown -R shareuser /media/share
Note: the folder we are sharing is /media/share
Share by group
Optional: If you want to share by group (i.e. allow all users from group access) then you'll need to create this group. E.g. to add a group "sharegroup" and then make user "shareuser" part of said group, do:
sudo groupadd sharegroup sudo useradd shareuser -G sharegroup
You can make set all new files to be created in a folder to be owned by a specific group using chmod
. For example,
chgrp -R sharegroup /media/share chmod g+s /media/share
will change all folders and files' ownership group in /media/share to sharegroup
, and then apply the setgid
bit to make any new files or folders created also have sharegroup
group ownership.
Edit /etc/samba/smb.conf
We now need to edit /etc/samba/smb.conf. Below are several examples depending on how you want to users to access your smb share.
Allow all users to access and write to your samba share
... # share [share] path = /media/share writeable = yes browseable = yes public = yes create mask = 0644 directory mask = 0755 force user = shareuser ...
Only allow all users from a (Linux) group to access and write to your samba share
Note: you should have created group "sharegroup" (or another group) as outlined above.
... # share [share] path = /media/share valid users = @sharegroup writeable = yes browseable = yes create mask = 0644 directory mask = 0755 force user = shareuser ...
Only allow specific (samba) users to access and write to your samba share
For this, we'll need to create a samba password for the user you created previously. This samba password does not need to be the same as the Linux user password:
sudo smbpasswd -a shareuser
Follow the interative prompts to enter a samba password.
... # share [share] path = /media/share valid users = shareuser writeable = yes browseable = yes create mask = 0644 directory mask = 0755 force user = shareuser ...
Add rules to allow samba traffic through firewall
On your network you'll need to allow samba traffic through your server firewall. If you're using UFW
then you can add the requisite rules by executing the following commands. The below assumes an internal network address range of 10.0.0.0 → 10.0.0.255 (or 10.0.0.0/24 CIDR) so you'll need to change to suit your internal network if it differs:
sudo ufw allow proto udp to any port 137 from 10.0.0.0/24 sudo ufw allow proto udp to any port 138 from 10.0.0.0/24 sudo ufw allow proto tcp to any port 139 from 10.0.0.0/24 sudo ufw allow proto tcp to any port 445 from 10.0.0.0/24
Restart smbd
For your changes to take effect, we need to restart samba.
sudo systemctl restart smbd
References
- https://unix.stackexchange.com/questions/206309/how-to-create-a-samba-share-that-is-writable-from-windows-without-777-permission
- https://www.techrepublic.com/article/how-to-set-up-quick-and-easy-file-sharing-with-samba/
- https://askubuntu.com/questions/51951/set-default-group-for-user-when-they-create-new-files
- https://www.ghacks.net/2010/12/29/allow-samba-through-your-linux-firewall-with-ufw/
Related articles