Linux / RHEL7

samba share multi user access

by ARK · Published May 29, 2016 · Updated November 18, 2018

In previous article we discussed about creating and configuring SMB / CIFS share with single user support which CIFS share can’t be accessed by multiple users. In this article we are going to discuss about samba share multi user access which means SMB / CIFS share can be accessed by multiple users with in the server OR from client.

Creating SMB / CIFS share means it should be accessible from UNIX and Windows platforms. Samba Share user access must be identified with valid users and groups by checking their passwords then controls by comparing their access rights to the permissions on files and directories.

SMB / CIFS share features

Active File sharing
Faster data transfer in low band width network
Secure Data Transfer with user credential
Node Fault tolerance
Scalable

Samba Server Profile

Packages required: samba*
Port Number: 445
Daemon Name: smb
config File Location: /etc/samba/smb.conf

Let’s see how to create samba share multi user access

[root@ArkIT ~]# yum install samba*

Now Enable and Start SMB service. Enabling service which will automatically start the smb service immediate after server reboot.

# systemctl enable smb.service
# systemctl start smb.service

Make an directory to share using SMB / CIFS

# mkdir /arkit-multiuser

By default SELinux is enabled. SELinux will not allow to share directory with other network client without proper SELinux security policies

# semanage fcontext -a -t samba_share_t "/arkit-multiuser(/.*)?"
# restorecon -vRF /arkit-multiuser/
# ls -ldZ /arkit-multiuser/
drwxr-xr-x. root root system_u:object_r:samba_share_t:s0 /arkit-multiuser/

SELinux context for SMB / CIFS share is samba_share_t

Enabling the firewall ports to communicate with clients

# firewall-cmd --permanent --add-service=samba
success
# firewall-cmd --reload
success

Adding normal users and converting them as Samba users

# useradd ravi
# useradd ramana
# useradd srikanth
# smbpasswd -a ravi
New SMB password:
Retype new SMB password:
Added user ravi.
# smbpasswd -a ramana
New SMB password:
Retype new SMB password:
Added user ramana.
# smbpasswd -a srikanth
New SMB password:
Retype new SMB password:
Added user srikanth.

To verify Samba user

# pdbedit -L -v

Creating common group and add user to group provide access

# groupadd IT
# usermod -aG IT ravi
# usermod -aG IT ramana

Configuring the Samba share with multi user support. Edit the configuration file and add the configuration yet end of config file

[root@server ~]#vim /etc/samba/smb.conf

[multiuser]
 comment = Information Technology Team
 path = /arkit-multiuser
 write list = @IT
 hosts allow = 192.168.4.

Save and Exit

That’s about server side configuration

Now client side configuration

[root@server ~]# yum install cifs-utils

Now create an file in /root with username and password and restrict access to other user

[root@server ~]# vim /root/access
[root@server ~]# chmod 600 /root/access
[root@server ~]# ls -l /root/access
-rw-------. 1 root root 30 May 29 18:24 /root/access
[root@server ~]# cat /root/access
username=ravi
password=redhat

Open /etc/fstab file and mount the samba share permanently

[root@Client ~]#vim /etc/fstab
//192.168.4.20/multiuser /mnt/coss cifs credentials=/root/access,defaults,multiuser,sec=ntlmssp 0 0

Save & Exit

# mount -a

now let login to other user and check the CIFS share visibility and access

# cifscreds add 192.168.4.20

Check using df command

That’s it.

Conclusion

samba share multi user access SMB / CIFS has been created. Now you learned that creating and configuring samba multi user access

Please do comment your feedback

Linux Tutorial

CIFS Share Single USer

Video tutorial

Thanks for your wonderful Support and Encouragement

Get Email | Download E-Books
Facebook Page
Youtube Channel
Twitter
Exclusive Telegram Group
Discuss On WhatsApp Group

More than 40000 Techies in our community do you want part of it Join Now

Tags: samba share multi user access

ARK

My Name is ARK. Expert in grasping any new technology, Interested in Sharing the knowledge. Learn more & Earn MoreView all Posts

msdudhani says:
May 31, 2016 at 2:09 pm
Hi Ravi,

i am getting below error while configure the samba client.
Error details:
[root@bgclient01 sbin]# mount -a
/sbin/mount.cifs: invalid option — ‘t’

Usage: mount.cifs -o

Mount the remote target, specified as a UNC name, to a local directory.

Options:
user=
pass=
dom=

Less commonly used options:
credentials=,guest,perm,noperm,setuids,nosetuids,rw,ro,
sep=,iocharset=,suid,nosuid,exec,noexec,serverino,
mapchars,nomapchars,nolock,servernetbiosname=
directio,nounix,cifsacl,sec=,sign,fsc

Options not needed for servers supporting CIFS Unix extensions
(e.g. unneeded for mounts to most Samba versions):
uid=,gid=,dir_mode=,file_mode=,sfu

Rarely used options:
port=,rsize=,wsize=,unc=,ip=,
dev,nodev,nouser_xattr,netbiosname=,hard,soft,intr,
nointr,ignorecase,noposixpaths,noacl,prefixpath=,nobrl

Options are described in more detail in the manual page
man 8 mount.cifs

To display the version number of the mount helper:
mount.cifs -V

Configuration File Details:

[root@bgclient01 sbin]# vi /etc/fstab

#
# /etc/fstab
# Created by anaconda on Mon May 30 09:32:40 2016
#
# Accessible filesystems, by reference, are maintained under ‘/dev/disk’
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=93feecc8-8474-493b-a9e7-c0290421dc7d / ext3 defaults 1 1
UUID=1fcf2890-98f5-4b69-9db1-35641bcc3826 /boot ext3 defaults 1 2
UUID=6c5e689a-28c0-4eab-a7ec-f76e547c19f7 swap swap defaults 0 0

//10.xx.xx.xx/multiuser /nfssamba cifs,credentials=/root/access,defaults,multiuser,sec=ntlmssp 0 0

Please help to resolve on this.

regards
Mahesh Dudhani

Reply
- Ankam Ravi Kumar says:
  May 31, 2016 at 3:55 pm
  Syntax what you have written in /etc/fstab file is correct but did you enabled the Firewall ports from server and SELinux context. Try to mount manually without adding an entry in /etc/fstab file use #mount //server/ShareName /mountpoint -o username=user
  
  while mounting you have to use share name .i.e.[mutiuser] not directory path.
  
  Reply
D says:
December 15, 2017 at 4:51 am
fstab entry seems incorrect. There is a comma after cifs. I reckon the two options are separate, and mount options.

Reply
- ARK says:
  December 18, 2017 at 9:51 am
  fstab Entry is correct.
  
  Reply
James says:
January 28, 2018 at 5:46 pm
Hi Ark,

Thanks for your tutorial. Very informative.

Just one question: how to use the cifscreds command? I understand it is for the Samba multiuser environment, but I don’t know how to get it worked. My hypothetical environment is as follows:

==========
Server Side (server.example.com)
==========
1) Two Linux users: user1 user2. Both belong to group sambagroup.

2) Added both users to Samba user database via ‘smbpasswd -a user1’ and ‘smbpasswd -a user2’

3) mkdir /sambashare; chgrp sambagroup /sambashare; chmod 2770 /sambashare

4) Edited /etc/samba/smb.conf accordingly. All services, firewall, and SELinux are configured properly. Shared folder can be accessed and mounted from remote clients.

==========
Client Side
==========
1) Add following to /etc/fstab:

//server.example.com/sambashare /sharedfolder cifs _netdev,multiuser,credentials=/root/smbpass 0 0

2) Added user1 login information into /root/smbpass:

username=user1
password=pass

3) mount -a can mount remote folder.

Now if I use ‘touch testfile’ in the folder, the file owner is always user1. I suppose this is where the cifscreds comes in, but don’t know how it worked. What should i do so that I can create a file under the owner user2?

Thank you very much!

Reply