samba share multi user access

In previous article we discussed about creating and configuring SMB / CIFS share with single user support which CIFS share can’t be accessed by multiple users. In this article we are going to discuss about samba share multi user access which means SMB / CIFS share can be accessed by multiple users with in the server OR from client.

Creating SMB / CIFS share means it should be accessible from UNIX and Windows platforms. Samba Share user access must be identified with valid users and groups by checking their passwords then controls by comparing their access rights to the permissions on files and directories.

SMB / CIFS share features

  • Active File sharing
  • Faster data transfer in low band width network
  • Secure Data Transfer with user credential
  • Node Fault tolerance
  • Scalable

Samba Server Profile

  • Packages required: samba*
  • Port Number: 445
  • Daemon Name: smb
  • config File Location: /etc/samba/smb.conf

Let’s see how to create samba share multi user access

[root@ArkIT ~]# yum install samba*

Now Enable and Start SMB service. Enabling service which will automatically start the smb service immediate after server reboot.

# systemctl enable smb.service
# systemctl start smb.service

Make an directory to share using SMB / CIFS

# mkdir /arkit-multiuser

By default SELinux is enabled. SELinux will not allow to share directory with other network client without proper SELinux security policies

# semanage fcontext -a -t samba_share_t "/arkit-multiuser(/.*)?"
# restorecon -vRF /arkit-multiuser/
# ls -ldZ /arkit-multiuser/
drwxr-xr-x. root root system_u:object_r:samba_share_t:s0 /arkit-multiuser/

SELinux context for SMB / CIFS share is samba_share_t

Enabling the firewall ports to communicate with clients

# firewall-cmd --permanent --add-service=samba
success
# firewall-cmd --reload
success

Adding normal users and converting them as Samba users

# useradd ravi
# useradd ramana
# useradd srikanth
# smbpasswd -a ravi
New SMB password:
Retype new SMB password:
Added user ravi.
# smbpasswd -a ramana
New SMB password:
Retype new SMB password:
Added user ramana.
# smbpasswd -a srikanth
New SMB password:
Retype new SMB password:
Added user srikanth.

To verify Samba user 

# pdbedit -L -v

Creating common group and add user to group provide access

# groupadd IT
# usermod -aG IT ravi
# usermod -aG IT ramana

Configuring the Samba share with multi user support. Edit the configuration file and add the configuration yet end of config file

[root@server ~]#vim /etc/samba/smb.conf

[multiuser]
 comment = Information Technology Team
 path = /arkit-multiuser
 write list = @IT
 hosts allow = 192.168.4.

Save and Exit 

That’s about server side configuration

Now client side configuration

[root@server ~]# yum install cifs-utils

Now create an file in /root with username and password and restrict access to other user

[root@server ~]# vim /root/access
[root@server ~]# chmod 600 /root/access
[root@server ~]# ls -l /root/access
-rw-------. 1 root root 30 May 29 18:24 /root/access
[root@server ~]# cat /root/access
username=ravi
password=redhat

Open /etc/fstab file and mount the samba share permanently 

[root@Client ~]#vim /etc/fstab
//192.168.4.20/multiuser /mnt/coss cifs credentials=/root/access,defaults,multiuser,sec=ntlmssp 0 0

Save & Exit

# mount -a

now let login to other user and check the CIFS share visibility and access

# cifscreds add 192.168.4.20

Check using df command

That’s it. 

Conclusion

samba share multi user access SMB / CIFS has been created. Now you learned that creating and configuring samba multi user access

Please do comment your feedback

Related Articles

Linux Tutorial

CIFS Share Single USer

Video tutorial

Thanks for your wonderful Support and Encouragement

ARK

My Name is ARK. Expert in grasping any new technology, Interested in Sharing the knowledge. Learn more & Earn More

5 Responses

  1. msdudhani says:

    Hi Ravi,

    i am getting below error while configure the samba client.
    Error details:
    [root@bgclient01 sbin]# mount -a
    /sbin/mount.cifs: invalid option — ‘t’

    Usage: mount.cifs -o

    Mount the remote target, specified as a UNC name, to a local directory.

    Options:
    user=
    pass=
    dom=

    Less commonly used options:
    credentials=,guest,perm,noperm,setuids,nosetuids,rw,ro,
    sep=,iocharset=,suid,nosuid,exec,noexec,serverino,
    mapchars,nomapchars,nolock,servernetbiosname=
    directio,nounix,cifsacl,sec=,sign,fsc

    Options not needed for servers supporting CIFS Unix extensions
    (e.g. unneeded for mounts to most Samba versions):
    uid=,gid=,dir_mode=,file_mode=,sfu

    Rarely used options:
    port=,rsize=,wsize=,unc=,ip=,
    dev,nodev,nouser_xattr,netbiosname=,hard,soft,intr,
    nointr,ignorecase,noposixpaths,noacl,prefixpath=,nobrl

    Options are described in more detail in the manual page
    man 8 mount.cifs

    To display the version number of the mount helper:
    mount.cifs -V

    Configuration File Details:

    [root@bgclient01 sbin]# vi /etc/fstab

    #
    # /etc/fstab
    # Created by anaconda on Mon May 30 09:32:40 2016
    #
    # Accessible filesystems, by reference, are maintained under ‘/dev/disk’
    # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
    #
    UUID=93feecc8-8474-493b-a9e7-c0290421dc7d / ext3 defaults 1 1
    UUID=1fcf2890-98f5-4b69-9db1-35641bcc3826 /boot ext3 defaults 1 2
    UUID=6c5e689a-28c0-4eab-a7ec-f76e547c19f7 swap swap defaults 0 0

    //10.xx.xx.xx/multiuser /nfssamba cifs,credentials=/root/access,defaults,multiuser,sec=ntlmssp 0 0

    Please help to resolve on this.

    regards
    Mahesh Dudhani

    • Syntax what you have written in /etc/fstab file is correct but did you enabled the Firewall ports from server and SELinux context. Try to mount manually without adding an entry in /etc/fstab file use #mount //server/ShareName /mountpoint -o username=user

      while mounting you have to use share name .i.e.[mutiuser] not directory path.

  2. blank D says:

    fstab entry seems incorrect. There is a comma after cifs. I reckon the two options are separate, and mount options.

  3. blank James says:

    Hi Ark,

    Thanks for your tutorial. Very informative.

    Just one question: how to use the cifscreds command? I understand it is for the Samba multiuser environment, but I don’t know how to get it worked. My hypothetical environment is as follows:

    ==========
    Server Side (server.example.com)
    ==========
    1) Two Linux users: user1 user2. Both belong to group sambagroup.

    2) Added both users to Samba user database via ‘smbpasswd -a user1’ and ‘smbpasswd -a user2’

    3) mkdir /sambashare; chgrp sambagroup /sambashare; chmod 2770 /sambashare

    4) Edited /etc/samba/smb.conf accordingly. All services, firewall, and SELinux are configured properly. Shared folder can be accessed and mounted from remote clients.

    ==========
    Client Side
    ==========
    1) Add following to /etc/fstab:

    //server.example.com/sambashare /sharedfolder cifs _netdev,multiuser,credentials=/root/smbpass 0 0

    2) Added user1 login information into /root/smbpass:

    username=user1
    password=pass

    3) mount -a can mount remote folder.

    Now if I use ‘touch testfile’ in the folder, the file owner is always user1. I suppose this is where the cifscreds comes in, but don’t know how it worked. What should i do so that I can create a file under the owner user2?

    Thank you very much!

Leave a Reply

Your email address will not be published.