SAMBA group Permissions Centos 7

Mary, Eve, Peter and Julian are coworkers in a new startup.

their share all documents in a samba share because they’re using cutting edge technologies.

One shared folder is mapped to a network drive inside these unit there are 4 folders, billing, marketing, projects and contracts, permisions are defined by the next matrix

They are a little special and they need to have all folders inside the network unit, because they waste a lot of time searching for server folders.

So let’s go to configure this samba server under Centos 7.

1.- we will need to install several packages


yum -y update

yum install epel-release

yum install samba samba-client samba-common vim

2.- Open several ports and enable services


systemctl enable smb.service
systemctl enable nmb.service
systemctl start smb.service
systemctl start nmb.service
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload

3.- Create users

Each member of group needs an user


adduser   -s /sbin/nologin mary
adduser   -s /sbin/nologin eve
adduser   -s /sbin/nologin peter
adduser   -s /sbin/nologin julian

4.- Create Groups

each folder needs a group


groupadd billing
groupadd marketing
groupadd projects
groupadd contracts

5.- Join Groups and users

We will need to join users and groups


usermod -a -G billing mary
usermod -a -G marketing mary
usermod -a -G marketing eve
usermod -a -G projects eve
usermod -a -G projects peter
usermod -a -G contracts peter
usermod -a -G contracts julian
usermod -a -G billing julian

6.- Create samba config

we will edit our samba config, shared folder will be at /media/shared


vim /etc/samba/smb.conf

our config file should be like these


[global]
workgroup = SAMBA
security = user
name = THESERVER
passdb backend = tdbsam

[shared]
comment = shared folder
path = /media/shared
guest ok = no
guest only = no
write list = @billing, @marketing, @projects, @contracts
valid users = @billing, @marketing, @projects, @contracts
create mask = 660
directory mask = 2770

we need to inform selinux that /media/shared directory will be user by samba process


chcon -t samba_share_t /media/shared/

7 Create directory structure

we need to create our directory structure inside /media/shared and give correct permissions.


mkdir billing
mkdir marketing
mkdir projects
mkdir contracts

chgrp billing billing/

chgrp contracts contracts/

chgrp marketing marketing/

chgrp  projects projects/

and now here it’s the magic

all directories needs to have read and write permisions for group


chmod g+rw *

and we will enable Set Group ID for all directories


chmod g+s *

with Set Group ID SETGID all files created in each directory will have the same group that parent directory

8 Create password for users

each user needs to have a password to access to shared folder


smbpasswd -a mary

smbpasswd -a eve

smbpasswd -a peter

smbpasswd -a julian

Test if everything is working

Enjoy

Centos 7 Samba server workgroup

Step 1: Enable epel

yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

Step 2: Install packages

yum install samba samba-client samba-common vim

Step 3: enable service and open firewalld ports

systemctl enable smb.service
systemctl enable nmb.service
systemctl start smb.service
systemctl start nmb.service
firewall-cmd –permanent –zone=public –add-service=samba
firewall-cmd –reload

Step 4: Configure samba

cp smb.conf  smb.conf.orig

vim  /etc/samba/smb.conf


[global]
workgroup = "Put here your workgroup name"
server string = Samba Server Version %v
netbios name = "Put here host name you desire"
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
local master = yes
load printers = no
cups options = raw
map to guest = Bad User

restart samba services

systemctl restart smb.service

systemctl restart nmb.service

now a computer running windows 7 your server should be visible in network host list

server visible in workgroupnow we will add a shared folder where all users can write even guest.

Step 5: Add a global write shared folder:

create a directory in your linux system where is located your shared folder

mkdir -p /home/commonfolder

chmod -R 0755 /home/commonfolder/

setsebool -P samba_enable_home_dirs on

chown -R nobody:nobody /home/commonfolder/

chcon -t samba_share_t /home/commonfolder/

add shared folder in smb.conf file

vim /etc/samba/smb.conf

it should look similar this example


[global]
workgroup = "Put here your workgroup name"
server string = Samba Server Version %v
netbios name = "Put here host name you desire"
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
local master = yes
load printers = no
cups options = raw
map to guest = Bad User

[commonfolder]
path = /home/commonfolder
read only = No
guest ok = Yes

verify your config file

testparm

reload your samba configuratión

systemctl restart smb.service
systemctl restart nmb.service

In your windows client machine click your samba server and verify that you can read and write in your shared folder

anonymous shared folderwriting anonymous shared folder

 Step 6: Add a secured shared folder

Now we will create a shared folder for our user peter, first we will create a system user

 useradd -s /sbin/nologin peter

groupadd smbgroup

usermod  -a -G smbgroup peter

set samba password for peter user

smbpasswd -a peter

mkdir -p  /samba/peter_share

chmod -R 0775 /samba/peter_share/

chown -R peter:smbgroup /samba/peter_share

chcon -t samba_share_t /samba/peter_share/

add Peter share in smb config file

vim /etc/samba/smb.conf

it should be like these

[global]
    workgroup = "Put here your workgroup name"
    server string = Samba Server Version %v
    netbios name = "Put here host name you desire"
    log file = /var/log/samba/log.%m
    max log size = 50
    security = user
    passdb backend = tdbsam
    local master = yes
    load printers = no
    cups options = raw

[commonfolder]
    path = /home/commonfolder
    read only = No
    guest ok = Yes

[peter]
        path= /samba/peter_share
        writable = yes
        browsable = yes
        guest ok = no
        valid users = peter

After this  restar your samba services

systemctl restart smb.service
systemctl restart nmb.service

now you can access to your shared folder

samba autentificationSolving problems with user permissions in guest share

If user Peter try to modify data from commonfolder all data will be mapped agains user peter and can have problems to solve this add the option guest only = yes in commonfolder share options


[commonfolder]
path = /home/commonfolder
browsable =yes
writable = yes
guest ok = yes
read only = no
guest only = yes

 

References:

https://www.howtoforge.com/samba-server-installation-and-configuration-on-centos-7

http://www.unixmen.com/install-configure-samba-server-centos-7/

problemas con OpenDNS y SAMBA

samba
samba

¿Has decidido pasarte a OpenDNS y no puedes ver la lista de host en samba?, simplemente modifica tu archivo smb.conf introduciendo o editando la resolución de nombres

name resolve order = lmhosts bcast wins host