Hi there, Samba is the most common file sharing service available for any Linux distribution.
Installing SAMBA on centOS is the same as installing it on other Linux distros. But in this case, we are not going to perform the traditional installation on Linux. Because the Redhat Linux is running on servers and security is one of the top priorities of us. Therefore We need to pay attention to the security of the SAMBA server. Let’s move to installation and security configurations.
CentOS 8 VM on VMware Workstation 15
IP address: 192.168.1.20 /24
Follow the steps below for a successful installation. First of all, log in as root before performing the following steps. Because root access is necessary for installing services.
Step 01 – Install the service
Samba is available in standard CentOS repositories. Therefore fire up the terminal and execute the following command.
yum install samba samba-client -y
After the installation, check the status of the service.
Step 02 – Start the service
After the service installation process, start the samba service and make a symlink for automatically start when system booting.
systemctl enable nmb
systemctl enable smb
systemctl start nmb
systemctl start smb
Step 03 – Configure the firewall
After the above steps, we need to configure the firewall to access samba service from outside. Samba is running as a service name called “smbd”. That uses TCP port 139 and 445 for file and printer sharing. Samba also uses UDP port 137 for NetBios service called “nmbd”. These port numbers can be opened using the following commands.
firewall-cmd –add-service=samba –permenant
Step 04 – Create the directory for the Samba
By default, the samba file-sharing uses the user’s home directory to store their files. This is not the best practice for configuring the samba. If we create 100 users, then their files stores in different locations and that becomes hard to manage the permissions. Therefore, we create one location for all the files. I make a new directory called “Samba” in the root directory.
Step 05 – Create Samba User Group
All Samba Users Needs to be in same group for easy administration. For example, Its very easy to assign permissions for single group. I add new group into the system.
groupadd -r sambashares
In the above command -r means the system group. This is the recommended method in the production environment.
Step 06 – Create Samba Users & assign Permissions
Samba uses the system users for user management and Its own authentication mechanism. Therefore we need to add a new user into our system. In this case, samba users don’t need to access the system terminal. So, we can prevent them from shell access from -s option. This is also the best practice in the production environment.
useradd -s /sbin/nologin -d /samba/Juliet -g sambashares Juliet
The meaning of the options added to above command explained below.
-d = specify the user’s home directory
-g = specify the user’s primary group
Now, we need to create user’s home directory in /samba location and assign ownership.
chown Juliet:sambashares /samba/Juliet
The special permission in Linux is most important in samba configuration. We need to add setgid bit to /samba directory to inherit group membership from the parent directory. This means If any user creates the file, that will be inherited “sambashares” group from the parent directory. The first 2 means setgid bit.
chmod 2770 /samba
Step 07 – Assign Password for Users
As I said before samba service uses system users but with It’s own authentication mechanism. Therefore we need to add user password via samba commands.
smbpasswd -a Juliet
smbpasswd -e Juliet
-a means add the user called “Juliet” into samba database and -e means enable that user for authentication.
Step 08 – Configure Samba Shares via Config file
Samba uses Its main configuration file to identify the shares. Therefore making a new share is a must to access it. Access the samba main config file via the following command.
Add the following lines to bottom of the file.
path = /samba
browseable = yes
read only = no
valid users = @sambashares
“smbshare” is my share name and @sambashares means all users in this group able to access this share.
Also possible to check configuration file errors via testparm command.
Step 09 – Configure SELinux for SAMBA
SELinux is additional security layer added to centOS by developers . This layer prevents the normal behavior of the samba service. Therefore, we need to execute following commands to gain access to samba service.
semanage fcontext -a -t samba_share_t “/samba(/.*)?“
Step 10 – Access SAMBA Service from Windows.
After the above configurations, we can access our share file via windows or Linux system. For this article, I’ll use a Windows 7 PC to demonstrate this. Navigate to run the utility and type the server IP with two backward slashes like the following.