kaashif's blog

Programming, software freedom and Unix


Samba

Recently, I’ve been trying to get away from pre-packaged file sharing solutions (e.g. FreeNAS) and trying to set up the services they provide from scratch. While I obviously won’t be able to write a web GUI or create a whole distro, that simply isn’t necessary. What is necessary is setting up a file share and appropriate read/write permissions.

What is Samba?

Among other things, Samba is a collection of daemons - winbindd, nmbd and smbd - that let you provide file shares and printers to any client capable of communicating with Samba. I don’t really care about the printer part, but it’s nice to know about.

Essentially, if you have a Windows machine, Samba lets a Unix machine announce itself and provide file shares when you click on your Unix box in the file manager. You can do the same with free tools, on Unix, but I don’t think any Unix has a default that’s as easy to use as Windows’, as much as it pains me to say.

Setting it up

If you have a Windows PC, you might have noticed that your Unix box doesn’t show up on the network, because it’s not broadcasting its name. That’s easy to fix, just start nmbd! Assuming OpenBSD:

# /etc/rc.d/nmbd -f start
nmbd(ok)

Now you should see your hostname appear on the network from a Windows machine or other Samba client.

While that may be cool, it isn’t very useful. You might want to share some files. Let’s assume you have a directory you want to share, at /home/samba. If someone with no valid credentials walks into your house with their laptop, do you want them to be able to read your share? Chances are you do, since you might want people to see your pictures from their phone or whatever. You don’t necessarily want everyone to have write access, though.

Keeping that in mind, let’s take a look at /etc/samba/smb.conf, which is the config for smbd, the “main” Samba daemon that takes care of authentication, printers and, what we want, file shares.

$ cat /etc/samba/smb.conf
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba, 
# read the Samba-HOWTO-Collection. This may be obtained from:
#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the 

That goes on and on and on… So let’s empty the file first.

# : > /etc/samba/smb.conf

Now there’s nothing in it, and you’re free to put this in there with whatever editor you want:

[global]
workgroup = WORKGROUP
server string = Kaashif's Server
security = user
map to guest = Bad User
guest account = nobody
log file = /var/log/samba/smbd.%m
max log size = 50

[Public]
comment = Public Files
path = /home/samba
public = yes
writable = no
browseable = yes
guest ok = yes
write list = @staff

Let’s go through that line by line:

[global]

These are settings global to all shares and printers.

workgroup = WORKGROUP

This doesn’t mean anything significant to a home user, but it should be set to the same as whatever your other PCs are set to. WORKGROUP is the default, so leave it like this.

server string = Kaashif's Server

A short description of your server.

security = user
map to guest = Bad User
guest account = nobody

If a user trying to access your shares is not recognised, it is mapped to the guest user, which is an alias for the “nobody” user locally. So whatever permissions you set for the /home/samba directory, it should be readable by the “nobody” user.

log file = /var/log/samba/smbd.%m
max log size = 50

This creates a log file for each machine that accesses your shares. Have a look in /var/log/samba after you’ve accessed the share to see what the logs look like.

[Public]
comment = Public Files
path = /home/samba
public = yes
writable = no
browseable = yes
guest ok = yes
write list = @staff

“Public” is the name of the share. The rest is self-explanatory, other than the “write list” line, which means any user in the login class “staff” will be allowed to write. If your user (for example, “fred”) is not in this class, then add him:

# usermod -L staff fred

This means that if you give Samba the username “fred” and his password, you can write to the share, assuming the file system permissions allow fred to write there.

Starting Samba

Instead of starting smbd and nmbd separately, you can start them together using the "/etc/rc.d/samba" script:

# /etc/rc.d/samba -f start
smbd(ok)
nmbd(ok)

If you want it to start at boot, edit "/etc/rc.conf.local" and add the line:

samba_flags=""

That should be that, and you should be able to see your server on the network, click on it, and be able to see and download any files from "/home/samba" on your server.