File Permissions
In addition to the security settings in the smb.conf file, under Linux every file has its own security built-in by means of file permissions that limit what a given user is allowed to do with a file. These permissions overlap with the Samba security settings, and if there is a discrepancy the most secure settings will take precedence. This means that if you allow access with either these permissions or with Samba, but not both, you will not be able to access your share from a client machine. Conflicts between these two families of settings are the biggest source of frustration for new Samba users, but once you understand them they are easy to correctly set.
To see the Linux permissions for the files inside the current folder you are in enter “ls –l” into the terminal. The ls command tells Linux to list the contents of a directory, similar to the dir command in DOS. The –l options tells it to use the full or “long” format, which includes the permissions we are interested in seeing. You should get something like this:
matt@mojo2:/mnt$ ls -l
total 24
drwxr-xr-x 13 matt root 4096 2006-05-24 22:45 media/
Starting from the beginning of each line, the d means it is a directory rather than a file, and then there are 3 separate sets of permissions, one each for the owner of the file, the group that owns the file, and a setting for anyone who accesses the file. The permissions are shown by the letters rwx for read, write, and execute or a dash to show that the permission is not present. In the above example the owner of each file has all three permissions, but the group and everybody only have read and execute permission, without any write permission. In case you’re scratching your head, executing a folder simply means opening it.
To change the permissions of a particular file we use the chmod command. The file permissions are set by bits in Linux, and multiple permissions are the sum of the bits. 1 is execute, 2 is write, and 4 is read. Therefore, 7 is the sum of all three, total permission, 0 is no permission, and 5 is the sum of 4 and 1, read and execute but not write. 755 would be a good choice for public shares and 700 would make the file or directory only accessible to one user, the owner. For example, to change the media directory so that the owner has full permission, the group can read and execute (enter) it, and all others have no permission, you would type “chmod 750 media”. After doing this, again type “ls –l” to verify that your changes have taken effect.
matt@mojo2:/mnt$ chmod 750 movies
matt@mojo2:/mnt$ ls -l
total 24
drwxr-x— 13 matt root 4096 2006-05-24 22:45 media/
Finally, to change the permissions of files and folders inside the directory as well as the directory itself, add “-R” to the chmod command to set the permissions recursively. To change the owner of a directory type “chown [user] [directory]“. In the example from above I would type “chown bill media” to make bill the owner of the media directory. Changing the group is the same as changing the owner except the command is chgrp instead of chown. As you can imagine, there can be many complex interactions between Linux and Samba security settings. Personally I leave Samba settings relatively open and use Linux permissions for security, but the choice is yours.
Adding Users and Starting Samba
The last thing you need to do before you have a working Samba server is to add users and start or restart Samba. You must add the users as both normal Linux users and as Samba users. Enter “useradd bill” (bill is the new user in this example) then “passwd bill” and set the password for bill. This adds bill as a regular user on the system and sets his password. Then enter “smbpasswd –a bill” and enter bill’s Samba password, the same as his Linux password. This will register bill as a Samba user. If for some reason when you enter smbpasswd you get back “command not found,” you just need to tell the computer exactly where the small program is that sets Samba passwords. If this is the case, enter “/usr/bin/smbpassword –a bill” instead of the shorter version. After that type in “./etc/init.d/samba restart” to start or restart your Samba service with the configuration you have made and you’re done! You should now be able to access the server from your windows client machines. If you make any later changes you must restart the Samba service to put them into effect.
Connecting to the Server
Finally, let’s connect to the server from a Windows client computer. There are several ways to do this. The fastest is just to type in “\\” followed by the hostname of your server in the windows “Run…” box on the start menu. In the example below the hostname of the server is mojo2.
With this method, the server will check the username and password you are logged into Windows with, so it is easiest if this is the same as what you configured on your Samba server. You can also type in the same address, \\ and then the hostname, into any Windows explorer window. Another way to connect to your server is to browse to it using My Network Places, as shown below.
The third way is to map your server as a network drive in Windows. First, select Map Network Drive from the Tools menu in My Computer.
Next, chose any unused drive letter and type in \\server\share for the folder. Below I map the media share on the server mojo2. The beauty of this method is that you can log on to your Samba server using a different username and password that what you have used in Windows. To do this, click on “Connect using a different user name.” Enter the username and password and click OK, then click on finish.
More Information
For more information check the official Samba website at http://us3.samba.org/samba/ or the manual page for the smb.conf file at http://www.linuxmanpages.com/man5/smb.conf.5.php or directly in Linux by typing “man smb.conf” at the prompt.
Conclusion
Congratulations on making what might be your first server of any kind, and welcome to the Linux community if this is all new for you. You can many more useful things with Linux and any computer you have lying around, like making a dedicated game server.
