How to secure your local file sharing server with Samba
- Author: Stan
- Filed under: Linux
Oct 1,2007
For this guide, we will use samba. It is popular enough, so any problems with it, should have a published solution on the internet.
First off, we will need Samba installed on our box. Different operating systems have various ways of installing it.
for gentoo:
emerge -av samba
for debian based:
apt-get install samba
for almost all operating systems, samba can be installed from its binary, which can be downloaded from samba.org
Now in our /etc directory, the installation will create a subfolder /samba and a generic configuration file in it names smb.conf. Lest back up the original configuration file with:
hostname ~ # cd /etc/samba/
hostname samba # cp smb.conf smb.conf.before.changes
This will create a copy of this file labeled smb.conf.before.changes. We continue with flushing the smb.conf file, so we have a clear ground to start building our local network configuration:
echo > smb.conf
this will write 0 bytes in the file.
Step two will be to select the folder, which are to be used for storage. Typically they are in /home. Lets create two folders, which we will use later on:
hostname / # cd /home/
hostname home # mkdir files
hostname home # mkdir docs
hostname home # chown nobody:nobody files/ docs/
Important: on some Linux distributions, the default group for nobody may vary (like nogroup for example). Make sure to check this and apply the correct group when changing ownership and group.
Why was changing ownership necessary? Because we are going to use the nobody user for samba 
Finally, as we have both the necessary directories and an empty configuration file, lets build our storage service. Open the /etc/samba/smb.conf file for editing with your preferred editor.
We start with the global (main) samba configuration:
[global]
workgroup = FUTUREPAGES
netbios name = futurepages
comment = futurepages.net
server string = futurepages.net samba server
security = SHARE
encrypt passwords = No
load printers = No
hosts allow = 192.168.0.0/24
hosts deny = ALL
write raw = Yes
read raw = Yes
interfaces = eth0 127.0.0.1
bind interfaces only = yes
The workgroup, name, string and comment determine how other operating systems will see our storage space. Customize to fit your local network’s specifics. Printers are removed, since we are only going to use this as a storage space. Cups will be covered later on. Security is set to share level, since we have restricted the service to our local network only.
The hosts allow directive lets you add the networks which will be granted access. Here we use a typical home network and will allow the 24bit network with 192.168.0.0/24. Multiple networks are separated with intervals. It is very important that the hosts deny directive is after hosts allow, since the file is parsed from up to bottom. Write and Read raw are supposed to be optimization options, which is always good to have. However, an actual speed up is not noted on a low-end machine with a standard (slow) hard drive.
The important directives here are:
interfaces = eth0 127.0.0.1
bind interfaces only = yes
The first one tell samba on which interface(s) it will listen. The second instructs samba to serve requests only on the specified interface and refuses anything (even datagrams) on other interfaces.
Finally, lets add the folders, which we created earlier:
[files]
comment = here be all kinds of files
path = /home/files
writable = Yes
guest ok = Yes
[docs]
comment = here be documents only
path = /home/docs
writable = Yes
guest ok = Yes
Important: Trailing slashes should NOT be added at the end of each directory’s path.
If you liked this post, buy me a beer. ($3 for a beer or $7.5 for a pitcher)
Categories
Links
Meta
Recent Posts
- How to encrypt your disk with TrueCrypt?
- Server virtualization and consolidation with Innotek VirtualBox
- Setup your own server with Ubuntu 7.10 server edition
- Installing eAccelerator on Ubuntu
- SEO for blogs
- HTTP Cookies
- How to find the exact domain name extension (in PHP)
- First steps in starting your own eCommerce website
- How to write an online press release
- Firefox issue or the 207 error
- Add form fields dynamically with JavaScript
- PuTTY with tab management
- openvpn and a Windows client
- Apache with multiple PHP Versions
- PHP Checkbox values
Recent Comments
- Yossi on Firefox issue or the 207 error
- samba x server on How to secure your local file sharing server with Samba
- tashman on How to find the exact domain name extension (in PHP)
- Icarin on Firefox issue or the 207 error
- Amaury on Add form fields dynamically with JavaScript
- layout examples on How to edit keyboard layout in Windows Vista
- create free home page on BlogRush — traffic rush or more nasty adds
- samba localization on How to secure your local file sharing server with Samba
- Manohar Raj on Setup your own server with Ubuntu 7.10 server edition
- Manohar Raj on Setup your own server with Ubuntu 7.10 server edition
4 Responses for "How to secure your local file sharing server with Samba"
[...] (which can spoil our cert) and of course for security I recommend WinSCP to copy them or your local Samba file sharing server. If you used default settings when the client was installed, the certs and ley shoulg go to: [...]
Apparently, I have missed this, but files in your Samba folder must be owned by somebody and in group somebody or be at least readable by somebody. So it is a good idea to either give 777 permissions to your samba folder recursively or chown it with -R
[...] need samba installed on our box. Different operating systems have various ways of installing it.http://futurepages.net/how-to-secure-your-local-file-sharing-server-with-samba/Multiparametric study SAMBA 200 of estrogen receptor …A computerized system of image analysis [...]
[...] [...]
Leave a reply