Minimalistic Samba smb.conf on Ubuntu

On Ubuntu 20 and Ubuntu 22, to start sharing via Samba is pretty easy.
Described here are 3 ways to share.

Read only share (ReadOnly), no authentication, this means clients connecting to this share will all have read only access and does not need to authenticate. I use this for example to place my installers e.g. Java SDK, Eclipse, Chrome installer, Firefox installer, Opera installer, ad blocking hosts file, etc. So that when I install a new computer I just can quickly install applications without downloading them again.
Read write share (ReadWrite), with authentication, a client that wants to connect, have to authenticate first, once authenticated, it can read and write as they wish.
Read write share (FreeForAll), without authentication, any client can connect and start reading and writing without authentication.

Starting with the default smb.conf.

Read only share with no authentication

[read]
        path = /disk/readonly
        guest ok = Yes

Change the path accordingly to which folder you want to share. The share name is called read. Connect using \\server-ip-address\read.

Permission on the folder, you do not want anyone to write to it.

drwxr-xr-x root root /disk/readonly

Read write share with authentication

[write]
        path = /disk/readwrite
        write list = ubuntu

Change the path accordingly to which folder you want to share. The share name is called write. Connect using \\server-ip-address\write. Windows will ask you for username and password.

Permission on the folder, i.e. you want it to be writeable by the user ubuntu, since that is what is specified in write list.

drwxr-xr-x ubuntu ubuntu /disk/readwrite

The username mentioned in the write list field must be a existing Linux user. The password is NOT the Linux password. You have to set another password just for Samba. Use the application called smbpasswd. When you first set the password use the -a flag in smbpasswd.
Setting password for a new user

smbpasswd -a ubuntu

If you want to set password for an existing user

smbpasswd ubuntu

It is also possible to map usernames, i.e. From Windows you connect as userA, userB, userD and all those users are mapped to user ubuntu in Linux. To do this use

[global]
        username map = /pathToMapFile/userMap.txt

Content of userMap.txt

ubuntu = userA
ubuntu = userB
ubuntu = userD

Read write share without authentication

[freeforall]
        path = /disk/share
        guest ok = Yes        
        read only = No

Permission on the folder, you want it to be world writable (chmod o+rwx).

drwxr-xrwx root root /disk/share

Here is a example complete smb.conf file, you can generate this by running the command testparm.

# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

# Global parameters
[global]
        log file = /var/log/samba/log.%m
        logging = file
        map to guest = Bad User
        max log size = 1000
        obey pam restrictions = Yes
        pam password change = Yes
        panic action = /usr/share/samba/panic-action %d
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        passwd program = /usr/bin/passwd %u
        server role = standalone server
        server string = %h server (Samba, Ubuntu)
        unix password sync = Yes
        usershare allow guests = Yes
        idmap config * : backend = tdb

[printers]
        browseable = No
        comment = All Printers
        create mask = 0700
        path = /var/spool/samba
        printable = Yes

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/printers

[write]
        path = /disk/readwrite
        write list = ubuntu

[read]
        path = /disk/readonly
        guest ok = Yes

[freeforall]
        path = /disk/share
        guest ok = Yes
        read only = No

It is also possible to do something like this, where ReadOnly and ReadWrite are pointing to the same path.

[write]
        path = /system/share
        write list = ubuntu

[read]
        path = /system/share
        guest ok = Yes

Remember that I use ReadOnly to store applications that I need to share without redownloading them. With this configuration, from 1 computer, I can download an application, check the checksums, do an anti virus scan, then I can authenticate to the share and copy. While from another computer, if just want read only access I can do that as well. In this case /system/share should be writable by user ubuntu (chmod u+rwx and chown ubuntu:ubuntu).

One last thing, if you use all three types, when you want to connect to the ReadOnly and FreeForAll, Windows will still ask you for a password, since it does not know whether you want to connect to the ReadWrite (with authentication) share or the other two. Just specify a random username, with a random password or without password, then you should be able to use both the ReadOnly and FreeForAll shares, if you supply the correct username and password, then you can use ReadOnly, FreeForAll and the ReadWrite shares.

Related Posts

Essential guide to SSH, SSH tunnel and PuTTY

How to reload Apache Tomcat without restarting

How to host multiple web applications in Apache Tomcat

Leave a Reply Cancel reply