Create a Private Samba Share on Ubuntu 17.04 | 17.10
Few days ago we showed students and new users how to create public Samba shares on Ubuntu 17.04 | 17.10 systems. The public share had no restrictions. Everyone and anyone could create, modify and delete content from the share.
In some environments, this setup is not very common. There has to be some level of restrictions to protect some information or so data can’t get deleted mistakenly. This brief tutorial is going to show you how to create private shares so only those with permissions can create, modify or delete content from there.
For those who don’t know, Samba is a opensource implementation of Microsoft SMB/CIFS protocol. It provides fast and secure files and print services for clients using the SMB/CIFS protocol. Simply put, it provides files and printer sharing between clients and servers.
To read our previous post on Samba, please click the link below.:
To get started with creating private shares on Samba, follow the steps below:
To get started with creating a public share that can be fully accessed by everyone, continue with the steps below:
STEP 1: INSTALL SAMBA
The first thing you’ll need to do is install Samba. To install it run the commands below.
sudo apt-get update sudo apt-get install samba
The commands above install Samba and all other dependencies.
STEP 2: CREATE THE PRIVATE FOLDER
First, create the folder you want to share with select group of people. The folder can be anywhere but set its permission so that everyone can access it. For this this tutorial, our share folder will be called Private and created in the /home directory…
Run the commands below to create the folder you wish to share.
sudo mkdir /home/Private
Then set the share permission so that only members of a select group will have access to it…
Step 3: Create a private group
After creating the private share above, you should then create a private group that should have access to the shared folder. Only members in the group will be able to access or delete content.
Run the commands below to create a group called security
sudo groupadd security
Next, grant the group access to the folder.
sudo chgrp security /home/Private
sudo chmod -R 0770 /home/Private
STEP 4: CONFIGURE SAMBA
Now that Samba is installed, you must now configure it to provide file and print services to clients. This can be done by editing its default configurations file. First create a backup of the configuration file by running the commands below.
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
Next, run the commands below to open/create a new configuration file.
sudo nano /etc/samba/smb.conf
Then add the content below into the file and save. Our share will be called Private as defined in the settings below [Private]
[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = ubuntu
security = user
map to guest = bad user
name resolve order = bcast host
dns proxy = no
bind interfaces only = yes
# add to the end
[Private]
path = /home/Private
writable = yes
guest ok = no
read only = no
browsable = yes
create mode = 0777
directory mode = 0777
valid users = @security
Save the file and exit
Step 5: Add members to group
Now that you’ve created and private group and only want certain users as member, run the commands below for each user you want to add to the group.
sudo usermod -aG security richard
The commands above add the user name richard to the security group.
Then run the commands below for each member of the group to create a Samba password. This is required.
sudo smbpasswd -a richard
When prompted, create and confirm a new password for richard account.
STEP 6: RESTART SAMBA
After configuring the setting above, restart Samba by running the commands below.
sudo systemctl restart smbd
Now go and test the share using richard account.

Type the account name and password to access.

You can also map the network location

Access the mapped drive anytime from Windows

That’s it!
You may also like the post below:
The command
sudo usermod -G security richard
sets “security” to be the ONLY group that the user richard belongs to. You need to use -aG to APPEND the new group to the user’s list.
Thanks, updated
Having some issues… got samba working everything was setup. Rebooted the machine. smdb failed to start. Fails to reinstall. I have reverted my config file back to stock with no luck.
Any thoughts?
Process: 108887 ExecStart=/usr/sbin/samba $SAMBAOPTIONS (code=exited, status=1/FAILURE)
Main PID: 108887 (code=exited, status=1/FAILURE)
Status: “daemon failed to start: Samba detected misconfigured ‘server role’ and exited. Check logs for details”
Error: 22 (Invalid argument)
Feb 21 19:18:56 muffserver systemd[1]: Starting Samba AD Daemon…
Feb 21 19:18:56 muffserver systemd[1]: samba-ad-dc.service: Supervising process 108887 which is not our child. We’ll most likely not notice when it exits.
Feb 21 19:18:56 muffserver systemd[1]: samba-ad-dc.service: Main process exited, code=exited, status=1/FAILURE
Feb 21 19:18:56 muffserver systemd[1]: Failed to start Samba AD Daemon.
Now seeing
smbd.service – Samba SMB Daemon
Loaded: loaded (/lib/systemd/system/smbd.service; disabled; vendor preset: en
Active: failed (Result: exit-code) since Wed 2018-02-21 19:28:25 EST; 54s ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 113533 (code=exited, status=1/FAILURE)
Feb 21 19:28:25 muffserver systemd[1]: Starting Samba SMB Daemon…
Feb 21 19:28:25 muffserver systemd[1]: smbd.service: Main process exited, code=e
Feb 21 19:28:25 muffserver systemd[1]: Failed to start Samba SMB Daemon.
Feb 21 19:28:25 muffserver systemd[1]: smbd.service: Unit entered failed state.
Feb 21 19:28:25 muffserver systemd[1]: smbd.service: Failed with result ‘exit-co
I somehow managed to edit the chmod of all the files in VAR…. /var/lib/samba should have been 700 vs 755. I realized i don’t need the samba-ad-dc service as well. just smbd and nmbd…
Thanks for the article! One thing though…
You wrote: Our share will be called Public as defined in the setting below [Private]
Shouldn’t that be: our share will be called Private?
# add to the end
[Private]
path = /home/Private
Thanks, updated.