Samba & SMB
Preparing the partition for Samba
sudo mkfs.ext4 /dev/vdc
sudo mkdir /company
sudo mount /dev/vdc /company
echo "/dev/vdc /company ext4 defaults,noatime 0 0" | sudo tee -a /etc/fstab
Preparing groups, users, directories
Creating groups
sudo groupadd company_it
sudo groupadd company_finance
Using a common prefix (e.g., company_) makes it easier to filter company-related groups:
grep company /etc/group
Creating users without home directories or shell access
sudo useradd -M -s /sbin/nologin john
sudo useradd -M -s /sbin/nologin kate
Setting Samba (SMB) passwords
sudo smbpasswd -a john
sudo smbpasswd -a kate
Changing an SMB password from an Arch Linux client
(Requires Samba installed: sudo pacman -S samba)
smbpasswd -r 192.168.122.100 -U john
Adding users to the appropriate groups
sudo usermod -aG it john
sudo usermod -aG finance kate
Creating directory structure
sudo mkdir -p /company/it
sudo mkdir -p /company/finance
Setting permissions
sudo chown -R root:it /company/it
sudo chmod 770 /company/it
sudo setfacl -R -m d:g:it:rwx /company/it
sudo chown -R root:finance /company/finance
sudo chmod 770 /company/finance
sudo setfacl -R -m d:g:finance:rwx /company/finance
Applying SELinux context
sudo chcon -R -t samba_share_t /company
Samba configuration
Edit /etc/samba/smb.conf:
[company]
path = /company
browseable = yes
writable = yes
guest ok = no
create mask = 0660
directory mask = 0770
inherit permissions = yes
inherit acls = yes
Restart Samba: sudo systemctl restart smb
Mounting the SMB share
Standard mount:
sudo mount -t cifs //SERVER_IP/company /mnt/company -o username=username,vers=3.0
Arch Linux workaround
Arch’s CIFS client ignores Samba ACLs unless noperm is used:
sudo mount -t cifs //SERVER_IP/company /mnt/company \ -o username=username,vers=3.0,uid=$(id -u),gid=$(id -g),noperm
Checking active Samba sessions (on the server)
sudo smbstatus