Samba is a great tool to share files and folders between computers. Distributions that emphasize ease-of-use, such as Ubuntu, offer comfortable graphical user interfaces to share folders with a few mouse clicks. However, if you, like me, are not a professional network administrator, it is easy to overlook that Samba requires you to set up user permissions correctly at four different places. If you omit one, you will experience lots of ‘access denied’ and other errors.
In the following, I assume that you have already set up a Samba server and implemented basic security measures.
To share a folder, you need to do four things:
- Add a user to the system that runs the Samba server.
- Add this user to the Samba user configuration.
- Share a specific folder with this user.
- Make sure that file system permissions are appropriately set.
Add a user account to the system running the server
When I set up my server, I overlooked that external users need to be made known to the server system in two places, first as a system user, and second as a Samba user. It is not sufficient to just add a Samba user if there is no corresponding user account on the server system.
For the purpose of the demonstration, let’s assume that you want to share folders with your spouse.
$ sudo adduser spouse [sudo] password for daniel: Adding user 'spouse' ... Adding new group 'spouse' (1003) ... Adding new user 'spouse' (1002) with group 'spouse' ... Creating home directory '/home/spouse' ... Copying files from '/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for spouse Enter the new value, or press ENTER for the default Full Name : Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n]
To prevent creating a dedicated home directory and local logins, use this variant of the command:
$ sudo adduser --no-create-home --disabled-login --shell /bin/false spouse
Add a Samba user
To enable this newly created user to log into the Samba server, you need
to add it using a special command, because user accounts are not
automatically synchronized between the operating system and the Samba
smbpasswd takes care of adding Samba users.
$ sudo smbpasswd -a spouse [sudo] password for daniel: New SMB password: Retype new SMB password: Added user spouse.
Make use of the
pdbedit program to verify that the new Samba user
$ sudo pdbedit -L spouse:1002: daniel:1000:Daniel Kraus
Share a folder
One way to share a folder is to use the graphical tool in Ubuntu by
right-clicking on a folder name and choosing
Local Network Share:
Alternatively, you can issue a terminal command, which also allows you to specify which users have access to the folder:
$ sudo net usershare add documents /home/daniel/Documents "Daniel's documents" everyone:d,daniel:f,spouse:f
This enables sharing of Daniel’s Documents folder under the name
‘documents’, but access is denied to everyone (
everyone:d) except for
users ‘daniel’ and ‘spouse’, who both have full read/write access (
man net for details.
Unfortunately, there does not seem to be a comfortable way to edit existing usershares; if you want to modify a share, you need to run the command again, with different options.
Set file system permissions
At this point, user ‘spouse’ should be able to log into the Samba server on Daniel’s laptop by clicking on “Connect to server” in the file manager:
However, when you attempt to open the shared folder, the spouse will likely see a username/password prompt that she cannot overcome. This is because file system permissions need to be set on the folder.
At this point, Linux’ ability to add users to groups comes in handy.
$ sudo addgroup family Adding group `family' (GID 1004) ... Done. $ sudo addgroup spouse family Adding user `spouse' to group `family' ... Adding user spouse to group family Done.
Once you have created a group (
family in this example) and added at
least the user who is going to connect to the server, you can set the file
permissions on the folder:
$ chgrp family Documents $ chmod 750 Documents
The above command will grant the owner of the
Documents folder full
access, and allow members of the
family group to enter the folder and
With these four steps, I managed to share a folder with my wife in our home network.