Install Samba

Install samba:

sudo apt update
sudo apt install samba

Check if the installation successful:

whereis samba

The expected output should be something like this:

samba: /usr/sbin/samba /usr/lib/samba /etc/samba /usr/share/samba /usr/share/man/man7/samba.7.gz /usr/share/man/man8/samba.8.gz

Configure Firewall

If you have a firewall running on your Ubuntu system you’ll need to allow incoming UDP connections on ports 137 and 138 and TCP connections on ports 139 and 445. Assuming you are using UFW to manage your firewall, you can open the ports by enabling the samba profile:

sudo ufw allow samba

Configuring Global Samba options

Before making changes to the Samba configuration file, create a backup for future reference purposes:

sudo cp /etc/samba/smb.conf{,.backup}

Open /etc/samba/smb.conf and make sure server role is set to standalone server:

# Most people will want "standalone sever" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
   server role = standalone server

Creating Samba Users and Directory Structure

Create Samba Directory

All Samba directories and data will be located in the /samba directory. To create the /samba directory type:

sudo mkdir /samba

Set the group ownership to sambashare. This group is created during the Samba installation, later we will add all Samba users to this group:

sudo chgrp sambashare /samba

Creating Samba Users

To create a new user named smbuser use the following command:

sudo useradd -M -d /samba/smbuser -s /usr/sbin/nologin -G sambashare smbuser

The useradd options have the following meanings:

  • -M do not create the user’s home directory. We’ll manually create this directory.
  • -d samba/smbuser - set the user’s home directory to /samba/smbuser.
  • -s /usr/sbin/nologin - disable shell access for this user.
  • -G sambashare - add the user to the sambashare group

Creating Samba Users Home directory

Create the user’s home directory and set the directory ownership to user smbusetr and group sambashare:

sudo mkdir /samba/smbuser
sudo chown smbuser:sambashare /samba/smbuser

Setting Samba Users Home directory Permissions

The following command will add the setgid bit to the /samba/smbuser directory so the newly created files in this directory will inherit the group of the parent directory. This way, no matter which user creates a new file, the file will have group-owner of sambashare:

sudo chmod 2770 /samba/smbuser

Add Samba User to Samba Database

Add the smbuser user account to the Samba database by setting the user password:

sudo smbpasswd -a smbuser

You will be prompted to enter and confirm the user password.

Enable Samba user account

Once the password is set to enable the Samba account run:

sudo smbpasswd -e smbuser

Configuring Samba Shares

Open the Samba configuration file:

sudo vim /etc/samba/smb.conf

and append the section at the end of the file:

    path = /samba/smbuser
    browseable = yes
    read only = no
    force create mode = 0660
    force directory mode = 2770
    valid users = smbuser @sambashare

Samba Options

The options have the following meanings:

  • [smbuser] - The names of the shares that you will use when logging in.
  • path - The path to the share.
  • browseable - Whether the share should be listed in the available shares list. By setting to no other users won’t be able to see the share.
  • read only - Whether the users specified in the valid users list are able to write to this share.
  • force create mode - Sets the permissions for the newly created files in this share.
  • force directory mode - Sets the permissions for the newly created directories in this share.
  • valid users - A list of users and groups that are allowed to access the share. Groups are prefixed with the @ symbol.

Restart Samba Services

sudo systemctl restart smbd
sudo systemctl restart nmbd

Samba Commands

List Samba Users

pdbedit is used to manage the SAM database:

sudo pdbedit -L -v

Add User to Samba Group

sudo usermod -aG sambashare someuser

Delete Samba users

Delete from Samba database:

smbpasswd -x smbuser

Delete from Unix system:

userdel -r smbuser