samba4 server configuration in debian linux
Samba is file and print service, which is used to share files between different platforms such as windows, linux and unix environment. In this post, I am going to show you, how to install and configure the SAMBA server as a file sharing server. First, we will create a different users, which belongs to different groups, and we will also create a directory Engineering and Administration, such that Administration directory consists of extra three directories named as HR, Logistic, and Finance as shown in the tree structure below.
└───Administration ├───Finance ├───HR └───Logistic
So, according to our directory structure, let us create a different group, which will have different types of permission level to the different directories as shown below.
Finance_Group: will have, read, write and execute permission to Finance directory HR_Group: will have, read, write and execute permission to HR directory. Logistic_Group: will have read, write and execute permission to Logistic directory Engineering_Group: will have read, write and execute permission to Engineering directory Finance_Group: will have read and execute permission to Logistic directory.
so, we are done with the permission policy, now let us create four users, which belongs to different groups
I have identified the following user which belongs to the following groups.
Manoj Gautam belongs to Engineering_Group Kevin Khadka belongs to Finance_Group Aliza Shrestha belongs to HR_Group Pratish Shrestha belongs to Logistic_Group
So, now let us add these users to our Linux server.
Let us add user aliza, who belongs to HR_Group.
Let us add user pratish, who belongs to Logistic_Group.
Let us add user Kevin, who belongs to Finance Group.
So, the above series of command will add the Linux user to our Linux Samba system with respective groups.
We are done with the user and groups creation, now it is time to install samba server in our ubuntu server.
The configuration file of the samba services is located under
/etc/samba/smb.conf, so we will share our directories, using this file to the outside world.
Ok, before sharing our directories, let us set the permission to our directories, we can set the permission using UNIX file permission methods, but for the complex permission strategies we can use ACL also called Access control list, by default ACL packages is not installed, so we need to install it.
ACL has been installed, so we got the setfacl command to set the permission in our directories.
Before playing with setfacl, ACL must be supported by our file system. To check whether the acl has been supported or not, just issue the following commands against your file system.
If you see the output like Default mount options: user_xattr acl that’s good news, our file system support acl. To enable ACL in our file system, just edit fstab file and append acl in mount option as shown in the snapshot below.
Enabling the ACL has been done, now its time to apply the ACL policies in our directories. As from our previous policy, we want, only Engineering_Group can access the Engineering directory, to set this permission, use setfacl command as shown below.
The first command provides the read, write and execute permission in Engineering directory to all those users who belongs to the Engineering_Group , but for others, no read, write and execute permission.
The second command will set the default read, write and execute permission to the file and directories which will be created in the future.
Similarly, we can create the permission for other directories as well.
We also want to have the read only permission to Logistic directory for Finance_Group, so let’s set the permission as well.
Also, the Administration directory must have read and execute permission to others as well, which is r-x mode by default.
So, we are done with the permission, now it is time to share the directories. To share the directory, we need to edit the smb.conf file and share the directories as shown below
So, now you are done with Sharing and setting the permission, it’s time to test our setup. Open your window machine and access the Samba server as shown below, as my server IP is 192.168.10.4 as shown below
So, let us click to Administration directory, When I clicked to Administration directory, it prompt me to enter the network credentials. Let us try to login to our server using kkhadka username and it’s password., as kkhadka has the permission to access the Finance folder with read and write permission and Logistic with only read permission.
After entering the valid credentials, I was able to login and access the Finance folder as shown below.
But when I try to access the HR folder, with same credentials, as window OS remember our credentials, I was denied to access the HR Folder.
So, that’s it on setting up the Samba server as a standalone File server, We can do much more with samba server, we can set up a samba server as a PDC(Primary Domain Controller) and much more, to explore more about samba server please visit samba documentation.