First, we must install package samba and accept all dependencies.
yum install samba -y
Create user, who can access our samba secure folder:
useradd -s /sbin/nologin user groupadd smbgroup usermod -a -G smbgroup user smbpasswd -a user
Then, create a directories for samba shares. Chcon command mark our directory with label, that SELinux allows samba service to operate with this folder. Another possibility is disable SELinux, but it is not the right way 🙂
#for anonymous mkdir -p /mnt/aaa chmod -R 0777 /mnt/aaa chcon -t samba_share_t /mnt/aaa -R chown -R nobody:nobody /mnt/aaa
#for another secure user mkdir -p /mnt/nfs/kadeco/ chmod -R 0755 /mnt/nfs/kadeco/ chcon -t samba_share_t /mnt/nfs/kadeco/ -R chown -R user:smbgroup /mnt/nfs/kadeco/ restorecon -R /mnt/nfs/kadeco/
Edit samba config for ours anonymous and secure shares
vi /etc/samba/smb.conf
[global]
workgroup = home
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
map to guest = bad user
[Anonymous-aaa]
path = /mnt/aaa
writable = yes
browsable = yes
guest ok = yes
create mode = 0777
directory mode = 0777
[kadeco]
path = /mnt/nfs/kadeco
writable = yes
browsable = yes
guest ok = no
valid users = user
create mask = 0755
directory mask = 0755
read only = No
Now, we can see our configuration of samba by this command and test it for errors:
testparm
Next, if we use firewall, we must add some ports, or service for samba to allow:
firewall-cmd --permanent --zone=public --add-port=137/tcp firewall-cmd --permanent --zone=public --add-port=138/tcp firewall-cmd --permanent --zone=public --add-port=139/tcp firewall-cmd --permanent --zone=public --add-port=445/tcp firewall-cmd --permanent --zone=public --add-port=901/tcp firewall-cmd --reload or we can use simple: firewall-cmd --permanent --zone=public --add-service=samba firewall-cmd --reload
And finally, start samba services and enable it, after reboot.
systemctl start smb.service systemctl start nmb.service systemctl enable smb.service systemctl enable nmb.service
A way to restart samba services:
systemctl restart smb systemctl restart nmb
And now we can use our samba server. Anonymous folder, or secured folder 🙂
If you want to access some folder for read from apache, just made a selinux modify:
Allow samba read/write access everywhere:
setsebool -P samba_export_all_rw 1 or if you want to be a little more descrite about it: chcon -t public_content_rw_t /mnt/nfs/kadeco 2) setsebool -P allow_smbd_anon_write 1 3) setsebool -P allow_httpd_anon_write 1
This should allow both Samaba and Apache write access to public_content_rw_t context.
Status of samba we can list by this commands:
smbstatus -p - show list of samba processes smbstatus -S - show samba shares smbstatus -L - show samba locks
If we need restart samba process, or restart server, we can list locked files by “smbstatus -L”. We can see, which share is locked and which specific file is accessing.
Have fun