Nowadays sharing data across different computers is not something new at home or many work places. Riding on this trend, modern operating systems make it easy to share and exchange data transparently across computers via network file systems. If your work environment involves a mix of Microsoft Windows and Linux computers, one way to share files and folders among them is via SMB/CIFS, a cross-platform network file sharing protocol. Windows Microsoft natively supports SMB/CIFS, while Linux offers free software implementation of SMB/CIFS network protocol in Samba.
In this article, we will demonstrate how to share a directory using Samba. The Linux platform we will use is Fedora or CentOS. This article is dividied into four parts. First, we will install Samba under Fedora/CentOS environment. Next, we discuss how to adjust SELinux and firewall configurations to allow file sharing with Samba. Finally, we cover how to enable Samba to share a directory.
Step One: Install Samba on Fedora or CentOS
First thing first. Let's install Samba and configure basic settings.
Check whether Samba application is already installed on your system by running:
If the above command doesn't show anything at all, it means that Samba is not installed. In that case, install Samba using the command below.
Next, creates a local directory which will share data over network. This directory will be exported to remote users as a Samba share. In this tutorial, we will create this directory in the top-level directory '/', so make sure that you have the privileges to do it.
If you want to create a shared directory inside your home directory (e.g., ~/shared), you must activate Samba home directory sharing in the SELinux options, which will be described below in more detail.
After creating /shared directory, set the privileges of the directory so other users can access it.
If you don't want other users to be able to have write to the directory, just remove the 'w' option in chmod command as follows.
Next, create one empty file as a test. This file will be used to verify that he Samba share is mounted properly.
Step Two: Configure SELinux for Samba
Next, we need to re-configure SELinux which is enabled by default in Fedora and CentOS distributions. SELinux allows Samba to read and modify files or directories only when they have the right security context (e.g., labeled with the 'samba_share_t' attribute).
The following command adds the necessary label to file-context configuration:
Replace the <directory> with the local directory we created earlier for Samba share (e.g., /shared):
To activate the label change, we then must run the restorecon command like below.
To share a directory inside our home directory via Samba, we must enable sharing home directory option in SELinux because it is disabled by default. The following command achieves the desired effect. Skip this step if you are not sharing your home directory.
Step Three: Configure Firewall for Samba
The next step is to open necessary TCP/UDP ports in the firewall settings for Samba to operate.
If you are using firewalld (e.g., on Fedora or CentOS 7), the following command will take care of permanent firewall rule change for Samba service.
If you are using iptables for your firewall (e.g., CentOS 6 or earlier), use the following commands to open up necessary Samba ports to the world.
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
Then restart iptables service:
Step Four: Change Samba Configuration
The last step is to configure Samba to export a created local directory as a Samba-share.
Open the Samba configuration file with a text editor, and add the following lines at the bottom of the file.
[myshare] comment=my shared files path=/shared public=yes writeable=yes
In the above the text inside a pair of brackets (e.g., "myshare") is the name of the Samba-shared resource, which will be used to access the Samba share from a remote host.
Create a Samba user account which is required to mount and export the Samba file system. To create a Samba user, use the smbpasswd tool. Note that the Samba user account must be the same as any existing Linux user. If you try to add a non-existing user with smbpasswd, it will give an error message.
If you don't want to use any existing Linux user as a Samba user, you can create a new dedicated user in your system. For safety, set the new user's login shell to /sbin/nologin, and do not create its home directory.
In this example, we are creating a new user named "sambaguest" as follows.
$ sudo passwd sambaguest
After creating a new user, add the user as a Samba user using smbpasswd command. When this command asks a password, you can type a different password than the user's password.
4. Activate the Samba service, and check whether the Samba service is running or not.
$ sudo systemctl start smb.service
$ sudo systemctl is-active smb
To see the list of shared directories in Samba, type the following command.
The following is a screenshot of accessing the Samba-shared directory on Thunar file manager, and doing copy-paste of file1. Note that the Samba share is accessible via "smb://<samba-server-IP-address>/myshare" address on Thunar.
Subscribe to Xmodulo
Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.
Did you find this tutorial helpful? Then please be generous and support Xmodulo!