samba share multi user access
In previous article we discussed about creating and configuring SMB / CIFS share with single user support which CIFS share can’t be accessed by multiple users. In this article we are going to discuss about samba share multi user access which means SMB / CIFS share can be accessed by multiple users with in the server OR from client.
Creating SMB / CIFS share means it should be accessible from UNIX and Windows platforms. Samba Share user access must be identified with valid users and groups by checking their passwords then controls by comparing their access rights to the permissions on files and directories.
SMB / CIFS share features
- Active File sharing
- Faster data transfer in low band width network
- Secure Data Transfer with user credential
- Node Fault tolerance
- Scalable
Samba Server Profile
- Packages required: samba*
- Port Number: 445
- Daemon Name: smb
- config File Location: /etc/samba/smb.conf
Let’s see how to create samba share multi user access
[root@ArkIT ~]# yum install samba*
Now Enable and Start SMB service. Enabling service which will automatically start the smb service immediate after server reboot.
# systemctl enable smb.service # systemctl start smb.service
Make an directory to share using SMB / CIFS
# mkdir /arkit-multiuser
By default SELinux is enabled. SELinux will not allow to share directory with other network client without proper SELinux security policies
# semanage fcontext -a -t samba_share_t "/arkit-multiuser(/.*)?"
# restorecon -vRF /arkit-multiuser/
# ls -ldZ /arkit-multiuser/
drwxr-xr-x. root root system_u:object_r:samba_share_t:s0 /arkit-multiuser/
SELinux context for SMB / CIFS share is samba_share_t
Enabling the firewall ports to communicate with clients
# firewall-cmd --permanent --add-service=samba success # firewall-cmd --reload success
Adding normal users and converting them as Samba users
# useradd ravi # useradd ramana # useradd srikanth # smbpasswd -a ravi New SMB password: Retype new SMB password: Added user ravi. # smbpasswd -a ramana New SMB password: Retype new SMB password: Added user ramana. # smbpasswd -a srikanth New SMB password: Retype new SMB password: Added user srikanth.
To verify Samba user
# pdbedit -L -v
Creating common group and add user to group provide access
# groupadd IT # usermod -aG IT ravi # usermod -aG IT ramana
Configuring the Samba share with multi user support. Edit the configuration file and add the configuration yet end of config file
[root@server ~]#vim /etc/samba/smb.conf
[multiuser]
comment = Information Technology Team
path = /arkit-multiuser
write list = @IT
hosts allow = 192.168.4.
Save and Exit
That’s about server side configuration
Now client side configuration
[root@server ~]# yum install cifs-utils
Now create an file in /root with username and password and restrict access to other user
[root@server ~]# vim /root/access [root@server ~]# chmod 600 /root/access [root@server ~]# ls -l /root/access -rw-------. 1 root root 30 May 29 18:24 /root/access [root@server ~]# cat /root/access username=ravi password=redhat
Open /etc/fstab file and mount the samba share permanently
[root@Client ~]#vim /etc/fstab //192.168.4.20/multiuser /mnt/coss cifs credentials=/root/access,defaults,multiuser,sec=ntlmssp 0 0
Save & Exit
# mount -a
now let login to other user and check the CIFS share visibility and access
# cifscreds add 192.168.4.20
Check using df command
That’s it.
Conclusion
samba share multi user access SMB / CIFS has been created. Now you learned that creating and configuring samba multi user access
Please do comment your feedback
Related Articles
Thanks for your wonderful Support and Encouragement
Hi Ravi,
i am getting below error while configure the samba client.
Error details:
[root@bgclient01 sbin]# mount -a
/sbin/mount.cifs: invalid option — ‘t’
Usage: mount.cifs -o
Mount the remote target, specified as a UNC name, to a local directory.
Options:
user=
pass=
dom=
Less commonly used options:
credentials=,guest,perm,noperm,setuids,nosetuids,rw,ro,
sep=,iocharset=,suid,nosuid,exec,noexec,serverino,
mapchars,nomapchars,nolock,servernetbiosname=
directio,nounix,cifsacl,sec=,sign,fsc
Options not needed for servers supporting CIFS Unix extensions
(e.g. unneeded for mounts to most Samba versions):
uid=,gid=,dir_mode=,file_mode=,sfu
Rarely used options:
port=,rsize=,wsize=,unc=,ip=,
dev,nodev,nouser_xattr,netbiosname=,hard,soft,intr,
nointr,ignorecase,noposixpaths,noacl,prefixpath=,nobrl
Options are described in more detail in the manual page
man 8 mount.cifs
To display the version number of the mount helper:
mount.cifs -V
Configuration File Details:
[root@bgclient01 sbin]# vi /etc/fstab
#
# /etc/fstab
# Created by anaconda on Mon May 30 09:32:40 2016
#
# Accessible filesystems, by reference, are maintained under ‘/dev/disk’
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=93feecc8-8474-493b-a9e7-c0290421dc7d / ext3 defaults 1 1
UUID=1fcf2890-98f5-4b69-9db1-35641bcc3826 /boot ext3 defaults 1 2
UUID=6c5e689a-28c0-4eab-a7ec-f76e547c19f7 swap swap defaults 0 0
//10.xx.xx.xx/multiuser /nfssamba cifs,credentials=/root/access,defaults,multiuser,sec=ntlmssp 0 0
Please help to resolve on this.
regards
Mahesh Dudhani
Syntax what you have written in /etc/fstab file is correct but did you enabled the Firewall ports from server and SELinux context. Try to mount manually without adding an entry in /etc/fstab file use #mount //server/ShareName /mountpoint -o username=user
while mounting you have to use share name .i.e.[mutiuser] not directory path.
fstab entry seems incorrect. There is a comma after cifs. I reckon the two options are separate, and mount options.
fstab Entry is correct.
Hi Ark,
Thanks for your tutorial. Very informative.
Just one question: how to use the cifscreds command? I understand it is for the Samba multiuser environment, but I don’t know how to get it worked. My hypothetical environment is as follows:
==========
Server Side (server.example.com)
==========
1) Two Linux users: user1 user2. Both belong to group sambagroup.
2) Added both users to Samba user database via ‘smbpasswd -a user1’ and ‘smbpasswd -a user2’
3) mkdir /sambashare; chgrp sambagroup /sambashare; chmod 2770 /sambashare
4) Edited /etc/samba/smb.conf accordingly. All services, firewall, and SELinux are configured properly. Shared folder can be accessed and mounted from remote clients.
==========
Client Side
==========
1) Add following to /etc/fstab:
//server.example.com/sambashare /sharedfolder cifs _netdev,multiuser,credentials=/root/smbpass 0 0
2) Added user1 login information into /root/smbpass:
username=user1
password=pass
3) mount -a can mount remote folder.
Now if I use ‘touch testfile’ in the folder, the file owner is always user1. I suppose this is where the cifscreds comes in, but don’t know how it worked. What should i do so that I can create a file under the owner user2?
Thank you very much!