Create a Private Samba Share on Ubuntu 17.04 | 17.10

Few days ago we showed students and new users how to create public Samba shares on Ubuntu 17.04 | 17.10 systems. The public share had no restrictions. Everyone and anyone could create, modify and delete content from the share.

In some environments, this setup is not very common. There has to be some level of restrictions to protect some information or so data can’t get deleted mistakenly. This brief tutorial is going to show you how to create private shares so only those with permissions can create, modify or delete content from there.

For those who don’t know, Samba is a opensource implementation of Microsoft SMB/CIFS protocol. It provides fast and secure files and print services for clients using the SMB/CIFS protocol. Simply put, it provides files and printer sharing between clients and servers.

To read our previous post on Samba, please click the link below.:

Create a Public Samba Share on Ubuntu 17.04 / 17.10

To get started with creating private shares on Samba, follow the steps below:

To get started with creating a public share that can be fully accessed by everyone, continue with the steps below:

STEP 1: INSTALL SAMBA

The first thing you’ll need to do is install Samba. To install it run the commands below.

sudo apt-get update
sudo apt-get install samba

The commands above install Samba and all other dependencies.

STEP 2: CREATE THE  PRIVATE FOLDER

First, create the folder you want to share with select group of people. The folder can be anywhere but set its permission so that everyone can access it. For this this tutorial, our share folder will be called Private and created in the /home directory…

Run the commands below to create the folder you wish to share.

sudo mkdir /home/Private

Then set the share permission so that only members of a select group will have access to it…

Step 3: Create a private group

After creating the private share above, you should then create a private group that should have access to the shared folder. Only members in the group will be able to access or delete content.

Run the commands below to create a group called security

sudo groupadd security

Next, grant the group access to the folder.

sudo chgrp security /home/Private
sudo chmod -R 0770 /home/Private

STEP 4: CONFIGURE SAMBA

Now that Samba is installed, you must now configure it to provide file and print services to clients. This can be done by editing its default configurations file. First create a backup of the configuration file by running the commands below.

sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

Next, run the commands below to open/create a new configuration file.

sudo nano /etc/samba/smb.conf

Then add the content below into the file and save. Our share will be called Private as defined in the settings below  [Private]

[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = ubuntu
security = user
map to guest = bad user
name resolve order = bcast host
dns proxy = no
bind interfaces only = yes

# add to the end
[Private]
   path = /home/Private
   writable = yes
   guest ok = no
   read only = no
   browsable = yes
   create mode = 0777
   directory mode = 0777
   valid users = @security

Save the file and exit

Step 5: Add members to group

Now that you’ve created and private group and only want certain users as member, run the commands below for each user you want to add to the group.

sudo usermod -aG security richard

The commands above add the user name richard to the security group.

Then run the commands below for each member of the group to create a Samba password. This is required.

sudo smbpasswd -a richard

When prompted, create and confirm a new password for richard account.

STEP 6: RESTART SAMBA

After configuring the setting above, restart Samba by running the commands below.

sudo systemctl restart smbd

Now go and test the share using richard account.

ubuntu samba private shares

Type the account name and password to access.

ubuntu samba shared

You can also map the network location

ubuntu samba shares

Access the mapped drive anytime from Windows

That’s it!

You may also like the post below:

Upgrading from Ubuntu 17.04 to 17.10 (Artful Aardvark)

7 Replies to “Create a Private Samba Share on Ubuntu 17.04 | 17.10

  1. The command
    sudo usermod -G security richard
    sets “security” to be the ONLY group that the user richard belongs to. You need to use -aG to APPEND the new group to the user’s list.

  2. Having some issues… got samba working everything was setup. Rebooted the machine. smdb failed to start. Fails to reinstall. I have reverted my config file back to stock with no luck.

    Any thoughts?

    Process: 108887 ExecStart=/usr/sbin/samba $SAMBAOPTIONS (code=exited, status=1/FAILURE)
    Main PID: 108887 (code=exited, status=1/FAILURE)
    Status: “daemon failed to start: Samba detected misconfigured ‘server role’ and exited. Check logs for details”
    Error: 22 (Invalid argument)

    Feb 21 19:18:56 muffserver systemd[1]: Starting Samba AD Daemon…
    Feb 21 19:18:56 muffserver systemd[1]: samba-ad-dc.service: Supervising process 108887 which is not our child. We’ll most likely not notice when it exits.
    Feb 21 19:18:56 muffserver systemd[1]: samba-ad-dc.service: Main process exited, code=exited, status=1/FAILURE
    Feb 21 19:18:56 muffserver systemd[1]: Failed to start Samba AD Daemon.

  3. Now seeing
    smbd.service – Samba SMB Daemon
    Loaded: loaded (/lib/systemd/system/smbd.service; disabled; vendor preset: en
    Active: failed (Result: exit-code) since Wed 2018-02-21 19:28:25 EST; 54s ago
    Docs: man:smbd(8)
    man:samba(7)
    man:smb.conf(5)
    Main PID: 113533 (code=exited, status=1/FAILURE)

    Feb 21 19:28:25 muffserver systemd[1]: Starting Samba SMB Daemon…
    Feb 21 19:28:25 muffserver systemd[1]: smbd.service: Main process exited, code=e
    Feb 21 19:28:25 muffserver systemd[1]: Failed to start Samba SMB Daemon.
    Feb 21 19:28:25 muffserver systemd[1]: smbd.service: Unit entered failed state.
    Feb 21 19:28:25 muffserver systemd[1]: smbd.service: Failed with result ‘exit-co

  4. I somehow managed to edit the chmod of all the files in VAR…. /var/lib/samba should have been 700 vs 755. I realized i don’t need the samba-ad-dc service as well. just smbd and nmbd…

  5. Thanks for the article! One thing though…
    You wrote: Our share will be called Public as defined in the setting below [Private]
    Shouldn’t that be: our share will be called Private?
    # add to the end
    [Private]
    path = /home/Private

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.