Manjaro Using Samba in your File Manager

Using Samba in your File Manager

From Manjaro
Revision as of 00:02, 11 July 2018 by imported>Cscs (Update smbd/nmbd>smb/nmb)
Warning
(30 June 2018) This page needs updating; search the forums for more current info


XFCE users using Thunar file manager should read this (old 2014) forum thread.



The following tutorial will guide you through setting up usersharing with Samba so that you can use your file manager to share folders (nautilus-share, nemo-share, Thunar Shares Plugin, etc.). Ubuntu style.


First we need to install a few packages. Open a terminal and become root:

su

Install samba, nautilus-share and gvfs-smb. If you use a different file manager, please install the corresponding sharing package for your file manager instead of nautilus-share. In the terminal, enter:

pacman -S samba nautilus-share gvfs-smb

Now we are ready to set up Manjaro for usershares. Usershares allows a non-root user to add, modify, and delete their own samba shares.

First we're going to create the usershare path. This is were samba stores the share configuration (so it's not going in /etc/samba/smb.conf) In the terminal, enter:

mkdir -p /var/lib/samba/usershare

We have now added the usershares directory in /var/lib/samba.

Next we need to create the sambashare group. In the terminal, enter:

groupadd sambashare

We need to make user root owner of both the usershares directory and the sambashare group.

In the terminal, enter:

chown root:sambashare /var/lib/samba/usershare

Because /var/lib/samba/usershare is now owned by root, we need to make the usershare directory accessible for non-root users. In the terminal, enter:

chmod 1770 /var/lib/samba/usershare

This chmod command sets the sticky bit (makes the permissions fixed for non-root users), as signified by the preceding 1 in the 1770 string. The 7+7 signifies that users and groups can read, write and execute. The 0 means that "others" have no rights to the directory.

Now we need to create a new smb.conf from the template configuration file. In the terminal, enter:

cp /etc/samba/smb.conf.default /etc/samba/smb.conf

Open the newly created smb.conf in a text editor. In the terminal, enter:

nano /etc/samba/smb.conf

Replace nanowith the name of your preferred text editor.

To make usershares possible we need to add the following parameters under section [global]:

 usershare path = /var/lib/samba/usershare
 usershare max shares = 100
 usershare allow guests = yes
 usershare owner only = yes

Approximately halfway in the [global] section is the parameter security = user. Find this line and add the following immediately after:

map to guest = bad user

This line makes it possible for users without a "proper username" to still connect to a share.

Save the smb.conf file with CTRL+O and close nano with CTRL+X.

Now add your user to the sambashare group. Replace <username> with your real username. In the terminal, enter:

usermod -a -G sambashare <username>

We still need to enable the samba service. In the terminal, enter:

systemctl enable smb nmb
systemctl start smb nmb

Log out and log back in. It should now be possible to configure samba shares using the GUI. For instance, in Gnome Files you can right click on any directory and share it on the network.

To be able to share directories in your home (/home/<username>) you also need to add new permissions to your home (/home/<username>). Replace <username> with your own username. In the terminal, enter:

chmod 701 /home/<username>

The 701 gives read, write and execute permissions to the user, zero rights to groups and execute rights to "other". The execute rights for "other" seems to be required for samba to be able to access the lower directories under /home/<username>. Other users can't enter your home directory with only the execute bit set, but it might lessen security, as others now do have permission to execute stuff under your home. There needs to be executable stuff in there beforehand, though, and others need to know the path to the executable by heart, before they can run it. It doesn't seem to have much room for misschief, but caveat emptor.


A forum thread (old 2014) discussing this subject is available here: [1]

Cookies help us deliver our services. By using our services, you agree to our use of cookies.