samba

Here is my basic knowledge I picked up trying to use samba shares for my needs. I use it for sharing files between my host system(linux) and various guest systems(linux, windows) in particular. I want to share folders in such a way I can use it as a guest or as a user specified by login. Guest access is fine as long as you don’t need to change access rights. This is allowed for file owner or root only and since files created by guest are owned by nobody this is not possible(maybe it is achiavable, but in such a case little bit unusual). I prefer to use valid login on samba server and uid and gid parameter in mount command to refer to client user account I want to work with.

Short version:

Samba configuration file:

[global]
server role = standalone server
security = user
map to guest = Bad user

[shareone]
   comment = for testing sharing
   path = /share/one
   guest ok = yes
   browseable = yes
   read only = no

Mount command on linux:

mount -t cifs //bunty.local/shareone -o user=joe,password=joe,gid=jim,uid=jim /mnt/buntyshareone/

Mount command on windows:

net use \\bunty.local\shareone
mklink /d c:\mnt\buntyshareone \\bunty.local\shareone

It is highly addictive to use similar mount system technique like is on linux, I have letter C only for quite a while:).

Long version:

I had decided to use last version of ubuntu to test samba server so I downloaded last iso file(ubuntu-18.10-live-server-amd64.iso) and installed it as virtulbox guest. I installed zeroconf network and ssh server along with samba server. Zeroconf network takes care for translating names to IP addresses in my host only network and accessing server from my host console makes work with system a lot easier.

I am not prefixing commands with sudo in examples. So you need to prefix it when necessary or switch to root for a while using sudo interactive regime sudo -i or whatever.

apt-get update
apt-get upgrade
apt-get install avahi-daemon libnss-mdns mdns-scan
apt-get install openssh-client openssh-server
apt-get install samba

Next I created directory to share and user to use to login to samba server. I want guest login to have full rights so that is whay I set full access for everybody. I still use guest access from my windows guest.

mkdir -p /share/one
chmod g+rwx,o+rwx /share/one/
useradd joe
passwd joe

Let’s backup samba configuration file

cp /etc/samba/smb.conf /etc/samba/smb.conf.original

replace it with test configuration

echo "[global]
server role = standalone server
security = user
map to guest = Bad user

[shareone]
   comment = for testing sharing
   path = /share/one
   guest ok = yes
   browseable = yes
   read only = no

" > /etc/samba/smb.conf

restart samba service

service smbd restart

mount share on client linux system

mount -t cifs //bunty.local/shareone -o user=joe,password=joe /mnt/buntyshareone/

create new file

touch /mnt/buntyshareone/test1

and list shared directory on samba server

ls -l /share/one/
total 0
-rwxr--r-- 1 nobody nogroup 0 Jan 12 21:39 test1

File was created, but owner is nobody and group is nogroup. Since I didn’t add user joe to samba users, samba server didn’t recognized him and logged me as guest instead. This is what combination of security = user and map to guest = Bad user will do - when you use bad user for login, you will get logged as guest.

Let’s add user joe(with password joe)

smbpasswd -a joe

remount share and create other new file and list shared directory once again

umount /mnt/buntyshareone/
mount -t cifs //bunty.local/shareone -o user=joe,password=joe /mnt/buntyshareone/
touch /mnt/buntyshareone/test2
ls -l /share/one/
total 0
-rwxr--r-- 1 nobody nogroup 0 Jan 12 21:39 test1
-rwxr--r-- 1 joe    joe     0 Jan 12 23:05 test2

You can see now I am logged in as user joe. Let’s add user jim to client computer and use this account to work with share. I configured separately all parts of new account just to have here some memo in case I need this info in future. Many things can be done by useradd parameters or you can use more friendly adduser program.

useradd jim
passwd jim
usermod -s /bin/bash jim
mkdir -p /home/jim
cp -r /etc/skel/. /home/jim
chown -R jim:jim /home/jim

Log as jim on client computer and list shared directory

ls -l /mnt/buntyshareone/
total 0
-rwxr-xr-x 1 root root 0 Jan 12 22:39 test1
-rwxr-xr-x 1 root root 0 Jan 13 00:05 test2

You can see read and execute rights for user jim. I want to have full rights for jim, but don’t want to be logged as root. So I employ attributes gid and uid for this very purpose

umount /mnt/buntyshareone/
mount -t cifs //bunty.local/shareone -o user=joe,password=joe,gid=jim,uid=jim /mnt/buntyshareone/
ls -l /mnt/buntyshareone/
total 0
-rwxr-xr-x 1 jim jim 0 Jan 12 22:39 test1
-rwxr-xr-x 1 jim jim 0 Jan 13 00:05 test2

And voila - jim is owner from client point of view. But remember - you cannot achive grater rights then the user used to login to samba server have. Other possibility here is to use noparm parameter in mount command. This will cause not to check permission on client side of share. I hadn’t test it, I just belive explanation in man pages. I am satisfied with setup I described before.

Tips:

• user information in passwd file

cat /etc/passwd | grep jim
jim:x:1001:1001::/home/jim:/bin/bash

• user information about ids and gids

id jim
uid=1001(jim) gid=1001(jim) groups=1001(jim)

• list samba server users

pdbedit -L -v
---------------
Unix username:        joe
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-1252991625-2679482323-2142547561-1000
Primary Group SID:    S-1-5-21-1252991625-2679482323-2142547561-513
Full Name:
Home Directory:       \\bunty\joe
HomeDir Drive:
Logon Script:
Profile Path:         \\bunty\joe\profile
Domain:               BUNTY
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Wed, 06 Feb 2036 15:06:39 UTC
Kickoff time:         Wed, 06 Feb 2036 15:06:39 UTC
Password last set:    Sat, 12 Jan 2019 21:53:00 UTC
Password can change:  Sat, 12 Jan 2019 21:53:00 UTC
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

• View details about connected share

mount | grep bunty
//bunty.local/shareone on /mnt/buntyshareone type cifs (rw,relatime,vers=default,cache=strict,username=joe,uid=1001,forceuid,gid=1001,forcegid,addr=192.168.56.101,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1,user=joe)

• Another command to display details about connected share

findmnt -t cifs | grep bunty
/mnt/buntyshareone //bunty.local/shareone      cifs   rw,relatime,vers=default,cache=strict,username=joe,uid=1001,forceuid,gid=1001,forcegid,addr=192.168.56.101,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1

• Manual for mount cifs file system

man mount.cifs

• Unix extensions have an influence on sharing, but I didn’t find any source of information about its possibilities. Especially in case of setup samba as standalone server. As of now unix extensions works only with protocol version 1.0 anyway. You can see it in output of mount a findmnt command as nounix flag. So all setup depend on how you configure samba in this case, shared folder and mount command(parameters like uid, forceuid, gid, forcegid, file_mode, dir_mode, noperm parameters). There are a lot more params described in samba man pages and smb.conf original file.

• Sometimes cifs mount in fstab failed due to network wasn’t prepared yet. I had googled somewhere(don’t know exact link location now), that this is a problem with systemd and can be solved by adding comment=systemd.automount. I had no problem from time I set it up.

mount -t cifs //bunty.local/shareone -o comment=systemd.automount,user=joe,password=joe,gid=jim,uid=jim /mnt/buntyshareone/

Links:

• arch linux wiki
• ubuntu
• redhat
• unixextensions