Getting older, not necessarily wiser!
This is where things start to congeal. In this post we will set up network file shares on our server Virtual Machine (VM). Our goal is one share accessible by all users on its own drive. In addition each user should be able to access their own home directory.
To make all this happen we will be using a program called samba, which creates SMB/CIFS type file shares. This is what I refer to as the lowest common denominator. It is the system Windows uses. Since Windows is the most common desktop system, its protocols tend to be available on other Operating Systems (OS). Therefore almost any device on your Local Area Network (LAN) should be able to access the Network Attached Storage (NAS), assuming they have an account that is.
There are other choices, many of which are much faster and more secure than SMB/CIFS. However most of them are not as advantages (popularity) to work with for the average user. And since we are on a LAN, security concerns are not as prevalent as they would be across the Internet.
Installing SAMBA on Debian is fairy easy and quick (depending on the speed of your internet connection that is).
apt install samba
The above command should pull in all dependencies, so expect a number of additional packages to be installed. By default on Debian the service will be enabled and started when installed.
The samba configuration file is located at /etc/samba/smb.conf. I suggest making a copy before editing this file.
I am assuming you have a general storage directory at /srv/storage (see last post). I am also assuming you have a normal user on your system.
You will find the smb.conf file on Debian systems comes loaded with comments. Reading them should give one a good idea of what the various stanzas in the file do.
Our target in this example is to give users access to their home directory (/home/user), and to a shared direcotry (/srv/storage) where we have mounted a second hard drive. To get there we need to accomplish three things; setup the smb.conf file, create a system users, and a samba users.
The smb.conf file is setup in sections. Each section has a title enclosed in square brackets (). Several of the sections in the default configuration file are not needed. Below I will go over the sections we need and what I put in them.
Note the below is a minimal configuration file to accomplish the goal. If you are exposing the server to anything other than your LAN, there will be additional entries you may want to include. Also, I am not showing comments, but you should definitely add comments to your file so you will know what you were thinking when you revisit a year from now.
Global: The first part is the global section containing system wide parameters.
[global] workgroup = WORKGROUP interfaces = 127.0.0.0/8 enp0s3 log file = /var/log/samba/log.%m max log size = 1000 server role = standalone obey pam restrictions = yes map to guest = bad user
Since this is a standalone server, we want to identity our workgroup. If you have any Windows users on your LAN, their workgroup is set to WORKGROUP by default. If you want to make things easy for them, leave it alone. Otherwise change it to to whatever you like.
We want to limit the network interfaces samba will respond too. Here we have the local loop back address and our network adapter name. Unless you have multiple network adapters, you can leave this out if you want.
It is a good idea to setup some logging, just in case. We can specify where the logs go, and how big they can be. The %m should append the client net bios name to the end of a particular log (more useful for older OS, but no so much for newer).
We set the server role as standalone (not part of a Windows domain). We force the use of passwords with the Pluggable Authentication Module (PAM). And we set how to map unauthenticated users who attempt to log in (if a guest account is present it usually has very reduced privileges).
Homes: We need to set up access to the users home directory, for our users.
[homes] comment = Home Directories browseable = no read only = no create mask = 0700 directory mask = 0700 valid users = %S
Setting browsable to no means other users will not be able to see it. The read only parameter defaults to yes, we want to allow users to write to their home directroy.
The mask statements set default permissions for file and directory creation.
The valid users parameter ensures only the owner of the home folder can log into it.
Share: We also need to define our shared directory.
[share] path = /srv/storage writeable = yes browseable = yes public = yes create mask = 0644 directory mask = 0755 guest ok = yes
We need to define the path to our shared directory. Then we need to explicitly make it writable and browseble. We want to make it public. We also need to set default masks here too. And we need to allow guest log in.
To validate our configuration file, samba includes the testparm command. Running this command will validate the syntax of the smb.conf file, and print out the share definitions for review.
Once you have validated the file you will need to restart the samba service. I am assuming systemd in this example.
systemctl restart smbd
Samba users must exsist as regualr users on the server. You can create them with a no log in option (don’t give them a system password or shell) if you want to make sure they can only access files through the smb/cifs interface.
Once the user exists, you can add them to the samba user database using the smbpasswd command.
smbpasswd <user name>
You will be queried for a password and have to retype it.
Assuming our permissions are correct, we should be able to access or server from another device using the smb/cifs protocols.
If you have a Windows device, go to “Map network Drives”, enter the IP address, and see if the shares are visible and can be mapped to a drive letter (remember on Windows to use the double forward slash).
In this post we finished creating our simple File Server (or basic NAS if you like). there are a lot of things we could do differently. For example we could have used the File Transfer protocol (FTP) instead of smb.
This is also by no means a secure server. We have done nothing with firewalls, added some sort of backup or redundancy, and our smb .conf is minimal at best. But it is a big step forward towards the goal.
In the next post we will discuss various options for configuring multiple drives.
Hodgepodge 3xNAS Part 7 SMB/CIFS