# Install Samba on CentOS 7

By

Charl Cronje

The first thing we have to do is to install samba on our machine. The package and the needed libraries are available in the official RHEL 7 / CentOS 7 repositories, therefore we can install them just by using yum or dnf. In this version of RHEL/CentOS, the first command it’s just a link to the second:

sudo dnf install samba samba-common samba-client

The samba-client package is not strictly needed, but the utilities provided by it can be useful. Once the packages are installed, we have to start and enable the smb and the nmb daemons at boot. The first is the daemon which takes care of performing the actual transfers and the sharing operations, while the second performs the NetBIOS name resolutions, allowing the resources to appear when browsing the network on Windows. We can now enable and start both systemd services with just one command:

sudo systemctl enable --now {smb,nmb}

Normally you would need to configure the firewall but we disabled it so :)

Let’s say we want to share a directory via samba, and we want to let free access to this directory to guest users, without them having to provide a password. To obtain the desired result, we must make some changes to the /etc/samba/smb.conf file, and add a “stanza” for our share. Open the file with your favorite editor, and in the [global]` section, add the highlighted text:

mv /etc/samba/smb.conf /etc/samba/smb.con.bak

I want to share /var/www, normally you would do the following to create a share

sudo mkdir -p /srv/samba/shared
sudo chmod -R 0755 /srv/samba/shared
sudo chown -R nobody:nobody /srv/samba/shared
sudo chcon -t samba_share_t /srv/samba/share

But in this case I already have the folders I want to share and I need to keep the ownership to apache, so all I can do for now is

chcon -h system_u:object_r:bin_t:s0 /var/www

Now create a new samba configuration file

sudo nano /etc/samba/smb.conf

The file share we just created is accessible to everyone and any user can create and delete files. This poses a challenge if you want to share critical documents as they can be overwritten or deleted as well. For this reason, we need to create a secure file share to address this challenge.

First, we are going to create a new group for samba users as shown:

sudo groupadd secure_group

Then we shall add a new user to the newly created group

sudo useradd -g secure_group charl

necessary permissions and file ownership as shown below .

sudo chcon -t samba_share -p /var/www
sudo chown -R charl:secure_group /var/www

This will prompt you to provide a SMP password and later confirm it.

 sudo smbpasswd -a charl

sudo nano /etc/samba/smb.conf

Append the config below

[global]
# Set the workgroup to the same as the network domain
workgroup = isa
# This will be the device name on the network
netbios name = CentOS-8
# This will let linux users access the share
security = user
# This sets the network to be discoverable by windows
wins support = yes

[Share]
# The path that will be shared
path = /var/www
# No matter who logged in he will be treated as if he is the apache user
force user = apache
writeable = yes
browseable = yes
# No matter who logged in he will be treated as if he is in the apache group
force group = apache
# All new files that is created will het this permissions
create mask = 0644
read only = no
guest ok = yes
# All new folders that is created will het this permissions
directory mask = 0755 

sudo systemctl start smb
sudo systemctl enable smb

Then confirm if smb service is running:

sudo systemctl status smb

sudo systemctl start nmb
sudo systemctl enable nmb

Similarly confirm if nmb service is running just like we did with smb service:

sudo systemctl status nmb

I then connected the share as a network drive, In windows right click This PC and click on Map network drive

• path: \\[server ip]\Share
• Drive letter: S:

sudo groupadd apache
sudo useradd apache -G apache
# Change the group to apache
chgrp -R apache /var/www
# Change the owner to apache
chown -R apache /var/www
# replicate the group and permissions as they have been set
chmod g+s /var/www