Category: System Administration

Adding a Samba Share

This post will use Samba Version 4.1.6-Ubuntu (the version in use on Ubuntu 14.04 LTS Server at the time of this writing) to setup Samba (smb) shares from a drive attached to a server on a local network. Three shares will be created: dropbox, hub, and restricted which will correspond to directories on the attached drive with the same names (although the names of shares and directories can differ).

The dropbox share will allow any user to connect and read, add, and remove objects from it. The hub, will allow any user to connect and read files, but only listed users will have the ability to add and remove them. Finally the restricted share will only allow access and privileges to certain users.

Mount the Drive in the File System

First, find and mount the drive that will host the shares in the file system. Use lsblk to print the device list, then mount the device — in our example the device that represents our drive is /dev/sdb1.

> lsblk
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda      8:0    0   149G  0 disk 
├─sda1   8:1    0 145.1G  0 part /
├─sda2   8:2    0     1K  0 part 
└─sda5   8:5    0   3.9G  0 part [SWAP]
sdb      8:16   0   1.8T  0 disk 
└─sdb1   8:17   0   1.8T  0 part 

> sudo mount /dev/sdb1 /media/share

To automatically mount this device, grab the UUID of the disk with blkid and add it to the /etc/fstab file (I’m using vim, but use whatever text editor you like). Once the fstab file has been edited correctly, the drive will be mounted automatically during system start up.

> sudo blkid
/dev/sda1: UUID="ed9feafe-6654-4173-9967-7b6fe43581b5" UUID_SUB="532b088c-66f9-4ca2-8664-d80ff7612891" TYPE="btrfs" 
/dev/sda5: UUID="678e7a38-6367-4305-929f-b96ae36d7329" TYPE="swap" 
/dev/sdb1: LABEL="Black" UUID="46E6328FE6327EED" TYPE="ntfs" 

> sudo vim /etc/fstab

Add the following line to fstab, save and close the file.

UUID=46E6328FE6327EED /media/share ntfs defaults 0 2

Creating the Share and Controlling Access

Before we begin editing the Samba configuration file, it’s a good idea to make a backup of the original. Also, access to the share is controlled by Samba, so we also need to create users within the Samba program.

> sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

> sudo smbpasswd -a [user]
New SMB password:
Retype new SMB password:
Added user [user].

The following are the definitions of the shares we’ve set out to create:

dropbox

Before defining our dropbox, we change the ownership of the /media/share/dropbox directory to facilitate the requirement that anyone can access/read/write/delete files and directories. In this case, I’ve chosen to set the nobody user and nogroup group as having ownership of the dropbox.

> sudo chown nobody:nogroup /media/share/dropbox

Now, we can create the definition of the share.

[dropbox]
 path = /media/share/dropbox
 browseable = yes
 read only = no
 guest ok = yes
 force user = nobody
 force group = nogroup
 force create mode = 664
 force directory mode = 775

The path directive tells where in the file system the share is located, and browseable determines whether or not the share will be advertised on the network (in the network neighborhood on Windows systems). By setting read only to ‘no’, we’ve declared that users who can access the share can write to it, and by setting guest ok to ‘yes’ we’re not restricting access.

Forcing the user and group to nobody and nogroup respectively we’re ensuring files and directories created in the dropbox will be owned by the unprivileged Posix user and group of the same corresponding names. Forcing create mode makes sure files are created with read and write privileges to users accessing the share, and force directory mode makes sure directories are created with read, write, and execute permissions.

hub

[hub]
 path = /media/share/hub
 browseable = yes
 read only = yes
 guest ok = yes
 write list = [user]
 force user = nobody
 force group = nogroup
 force create mode = 664
 force directory mode = 775

This share is a lot like the last one, but notice this share has been declared read only. This means that, although anybody can find and connect to the share, only those users listed in the write list can write new files and delete files within the share.

restricted

The restricted share will not be advertised on the network and only certain users will be allowed to access it. When these users do gain access they will have read and write permissions permissions on all files and full permissions on directories. Unix users that will have access to this share must be the user or in the group that the share forces users to use.

[restricted]
  path = /media/share/restricted
  browseable = no
  read only = no
  guest ok = no
  valid users = [user]
  force user = [user]
  force group = restricted
  force create mode = 664
  force directory mode = 775

 

Installing the LAMP stack on Debian Wheezy

Otherwise known as a LAMP server, the LAMP software stack consists of GNU\Linux as the operating system, Apache as the Web server, MySql for a database, and PHP (or possibly Pearl or Python) as the programming language used to host a Web application.

I’m going to assume a minimal install (I’ll be using debian-7.6.0-i386-CD-1.iso)
[http://cdimage.debian.org/debian-cd].

First we’ll need to make sure we have all the necessary repos in our
/etc/apt/sources.list file. If you installed from a complete
installation image you probably won’t need to mess with this, but
cat out the sources list and make sure you have the following or
something simialr.

root@debian32-base:# cat /etc/apt/sources.list
deb http://ftp.us.debian.org/debian stable main contrib non-free
deb http://ftp.debian.org/debian/ wheezy-updates main contrib non-free
deb http://security.debian.org/ wheezy/updates main contrib non-free

Okay, now update apt and install our software packages.
You will need to set a password for MySql’s root user.

root@debian32-base:# apt-get update
---output omitted---
root@debian32-base:~# apt-get install apache2 mysql-client mysql-server php5 libapache2-mod-php5
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libaio1 libapr1 libaprutil1 libaprutil1-dbd-sqlite3
  libaprutil1-ldap libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient18 libonig2 libqdbm14
  mysql-client-5.5 mysql-common mysql-server-5.5 mysql-server-core-5.5 php5-cli php5-common ssl-cert
Suggested packages:
  apache2-doc apache2-suexec apache2-suexec-custom php-pear libipc-sharedcache-perl libterm-readkey-perl tinyca
  openssl-blacklist
The following NEW packages will be installed:
  apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libaio1 libapache2-mod-php5 libapr1
  libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdbd-mysql-perl libdbi-perl libhtml-template-perl
  libmysqlclient18 libonig2 libqdbm14 mysql-client mysql-client-5.5 mysql-common mysql-server mysql-server-5.5
  mysql-server-core-5.5 php5 php5-cli php5-common ssl-cert
0 upgraded, 27 newly installed, 0 to remove and 2 not upgraded.
Need to get 16.1 MB of archives.
After this operation, 115 MB of additional disk space will be used.
Do you want to continue [Y/n]? 
Get:1 http://security.debian.org/ wheezy/updates/main mysql-common all 5.5.38-0+wheezy1 [78.6 kB]
---output omited---

Right about now, you get hit with the ncurses screen


And then the installation will finish uninterrupted

---output omitted---
Creating config file /etc/php5/apache2/php.ini with new version
[ ok ] Restarting web server: apache2 ... waiting .
Setting up libhtml-template-perl (2.91-1) ...
Setting up mysql-client (5.5.38-0+wheezy1) ...
Setting up mysql-server (5.5.38-0+wheezy1) ...
Setting up php5 (5.4.4-14+deb7u12) ...
Setting up php5-cli (5.4.4-14+deb7u12) ...

Creating config file /etc/php5/cli/php.ini with new version
update-alternatives: using /usr/bin/php5 to provide /usr/bin/php (php) in auto mode
Setting up ssl-cert (1.0.32) ...
root@debian32-base:~# 

Now you should be able to navigate to the server with a Web Browser. Just type
the computer’s IP address into the address bar.


What we don’t know for sure at this point is if PHP is working. Let’s rename
the default index.html file to a PHP file (index.php)
(FYI: to rename in the terminal, we use the move mv command).
Then we can open it with a text editor and add some PHP code and see if it’s
working.

root@debian32-base:~# mv /var/www/index.html /var/www/index.php
root@debian32-base:~# vim /var/www/index.php
<html><body><h1>It works!</h1>
<p>This is the default web page for this server.</p
<p>The web server software is running but no content has been added, yet.</p>
</body>
<?php echo('Hello World'); ?>
</html>