Setting up Samba on Ubuntu

calendar September 30, 2021 nav_categories Tech nav_categories Software nav_tags samba nav_tags ubuntu nav_tags ubuntu server nav_tags linux

As part of my NAS migration from TrueNAS to Ubuntu, I needed to share the videos folder on my NAS, that is used by Plex.

I've done very basic, simple Samba shares before, simply to quickly transfer files, with little regard to security and/or safeguarding.

I'll give TrueNAS credit, it's GUI makes setting up a Samba share pretty simple, although manually setting it up isn't that difficult either.

The goal is to have the videos directory on the NAS non-browsable, but still accessible by a guest user. While a guest user would only have read access, I also want my own personal user account to have read/write access.

Install Samba

sudo apt-get install samba -y

Check Samba status

sudo systemctl status smbd
● smbd.service - Samba SMB Daemon
   Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-08-24 07:08:58 MDT; 39s ago
   ...

Check to see if the Ubuntu Firewall is inactive

sudo ufw status
Status: inactive

If it is not inactive, configure it to allow Samba connections

sudo ufw allow 'Samba'
Rules updated
Rules updated (v6)

Change the group ownership of the shared directory to sambashare. This group was created when Samba was installed.

sudo chgrp sambashare /videos

Add the group setgid (SGID) (2) to the directory permissions, so any files added to the directory can be accessed by any member of the sambashare group.

sudo chmod -R 2775 /videos

ls -l | grep videos
drwxr-sr-x   2 root sambashare       4096 Aug 31 07:32 videos

Note: If I wanted the user setuid (SUID), I would have used 4 instead of 2.

Backup the Samba config file

sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak

For the /videos directory, add this to the bottom of the /etc/samba/smb.conf file:

path = /videos
browsable = no
writeable = yes
read only = no
guest ok = yes
write list = @sambashare

`[vidoes]`: The name of the Samba share
`path`: Path on the Samba host to the shared directory
`browsable`: Can this directory be searched for?
`writeable`: Authenticated users have write access
`read only`: Self explanatory
`guest ok`: Anonymous (guest) access
`write list`: List of users that have *write* access to the share, in this case anyone in the *sambashare* group.

Add my username to the sambashare group:

sudo usermod -aG sambashare $USER

Samba does not user the same passwords as you would to log in, for security reasons, so we need to set the samba password for username:

sudo smbpasswd -a $USER
New SMB password:
Retype new SMB password:
Added user tom.

Then I needed to enable the Samba-level user:

sudo smbpasswd -e $USER
Enabled user tom.

References

How to Install and Configure Samba on Ubuntu 18.04 https://linuxize.com/post/how-to-install-and-configure-samba-on-ubuntu-18-04/

smb.conf — The configuration file for the Samba suite https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html