Connecting a Share Using Samba
November 26, 2020
November 26, 2020
Sharing files makes it easier to collaborate as well as access what you need without having to physically be at the device you need. I lost some serious sleep trying to get this to work, and I'm glad I figured it out. So, the prerequisites:
• Your devices should be on the same network
• You must enable port 445 through the Linux Firewall
• If you use encrypted directories, make sure you allow your user forced access
• Create samba credentials (something I forgot to do)
• your user account must be part of the sambashare group
• create a share
Open your mint menu, type "Firewall" and select the resulting program, which resembles a brick wall. This task requires elevation. Provide your password when prompted. You will see a window similar to the one below this paragraph. Press the "+" icon at the bottom left, then the "Simple" tab and choose "Allow" for "Policy", "Both" for "Direction" and "Protocol", and "445" for "Port", then click "Add". You will NOT get visual confirmation in the active window. Instead, you will see a statusbar ticker in the foreground window say "Rule(s) added".
Open your mint menu, and type "Users and" and select the resulting program, which resembles a silhouetted person against a teal background. This task requires elevation. Provide your password when prompted. Next, click the user account you wish to give sambashare privileges. You will see three fields appear on the right. Click the space next to "Groups" and check the "sambashare" box in the list box.
To make sure that your chosen smb user can access encrypted directories, you'll need to add the force user = $USER to the /etc/samba/smb.conf. To edit this file via Cinnamon, open a terminal and type the following:
sudo xed /etc/samba/smb.conf
You will be asked for your password. Enter it now. Once you do, XED will open. You'll see a red ticker indicating that you're editing a file with elevated privileges. add the "force user" directive just after line 100. Commenting in code is good practice, and I was sure to do so in order to know why I put it there. I also added a "force group" directive. Save the file and exit.
Now we create the credentials needed to access the share. Open up a terminal, and type the following:
sudo smbpasswd -a $USER
You will then be asked to provide a "New SMB Password:" and asked again to confirm it. Now to create a share. Right click the desired file, and click "Sharing Options". Click the slider to the right where it says "Share This Folder", check the box "Allow others to create and delete files in this folder" and then click the "Create Share" button on the bottom right.
Now log in to your client PC on the same network, open your explorer, go to Network, and you should see your share's computer name appear. Click on it, and you'll see the folder you shared in the list. Double click it, and you will be asked to provide the username and password for it. It will then be mounted and show up as a folder on your desktop.
If you do not see your device listed in Network, you can also manually connect to it by opening your mint menu and typing "Connect to" in the search query. Click the result, which should resemble a white cloud on a bright blue background. Enter the credentials for your samba server, and then decide how those credentials are stored and for how long. I prefer it sticking until logoff. On a public PC, it should clear when you close the share window. Example below.
Some do's and don'ts - I ask that you avoid using SMB1.0 and do not be encouraged into using it. Please see Line 1560 of man smb.conf for information on what protocols you can use. Make sure that all devices you wish to interact with have matching directives in the [Global] header of their smb.conf, and that you don't bind interfaces if you are behind a firewall. If you want to share removable drives, you must add the directive usershare owner only = false to your smb.conf file. If you want to add shares manually, you can place them at the end of the smb.conf file, formatted as follows:
comment = optional
path = /folder1/folder1.1/sharename
read-only = no
browsable = yes
directory mask = 0777
write list = user
The above example creates a share located in a specific folder on your device, that you can navigate using a file manager, is completely writable (if you prefer something less restrictive but more secure, use 0644), and a write list. The write list should consist of users you created samba credentials for.
Samba supports at-boot mouting. To do this, you will need to add samba credentials to a separate file and place it in the root folder. Do not include Unix credentials. Format it as follows, preferably in an elevated nano session:
Save the file with a dot modifier. If you plan on connecting multiple samba servers, create a dotfile that distinguishes, like .smbcred_hostname1 and .smbcred_hostname2. Please type the following into the command line:
chmod 600 /root/.smbcred*
What this does is allow owner-only access to the files that start with ".smbcred". When you auto-mount, you need to make sure root has the authority to touch everything it mounts. You should also create the folders on your system so that when the auto-mount starts, they have somewhere to mount. Unlike Windows, you must explicitly find a place for files to go. While still in command prompt, type the following for each share you wish to connect: (You can adjust based on your acct details)
sudo mkdir /media/user/hostname1/sharename
sudo chown -R user:root /media/user/hostname1
This ensures root can see the directories and act on them at boot (I use encrypted home folders, so this step must be followed. The -R directive applies this to subfolders. Now we will need to open the filesystem tab, which is an instruction set that tells Linux what to mount at boot time by opening /etc/fstab in a privileged nano session. Add a comment after the default mount points and only make changes after that comment line - it should resemble this.
This mounts two samba servers which the directory owner has full execute privileges but the groups and everyone else does not, and file system permissions that do not have execute bits for anyone but read and write access for all, and the uid and gid specifiers ensure that you can write to the samba folders. The credentials paramter points to the files we created earlier, because /root is not an encrypted directory to itself. If you were to put this in home, the auto-mount would fail, but you would be able to mount afterwards using the command mount -t cifs without elevation.
© 2021 Mass Transit Honchkrow | Last modified Saturday, 06-Nov-2021 14:14:41 EDT