Hey all, this is part 2 of setting up an Cent OS server. For backup and accessibility, I always set up a Samba share. Samba is a filesharing protocol supported by Microsoft Windows, Linux and MacOS and I therefor prefer this type of fileshare over others in terms of compatibility. If you want to see other parts of this series:
Set up a secure home server with Cent OS – Part 1
Samba is can be challenging to set up because of the complexity and the amount of configuration options, however, for the purpose of a homeserver, we’ll keep it simple. We’ll associate the rights of the share with a local linux user account on the target machine and we’ll share the /opt/* folders to allow us to remotely access configuration files of the docker containers that we’ll be setting up in a future tutorial.
To start with Samba, we first have to install it:
sudo yum install samba samba-client samba-common
Let’s start samba and let it run by default:
sudo systemctl start smb sudo systemctl start nmb sudo systemctl enable smb sudo systemctl enable nmb
Preparing the firewall and the share
Then, before proceeding with the configuration of Samba, let’s first prepare the machine in terms of firewall and SELinux:
sudo firewall-cmd --permanent --zone=public --add-service=samba
sudo firewall-cmd --reload
Create the directory which will be shared:
sudo mkdir -p /opt/Docker
The directory will now be owned by root, however, I want this to be owned by my user, which i called Linux earlier. When checking the permissions, this will be the result:
[[email protected] ~]$ ls -l /opt total 0 drwxr-xr-x. 2 root root 6 Dec 29 10:57 Docker
Now, let’s change some options:
sudo chmod -R 0750 /opt/Docker sudo chown -R linux:linux /opt/Docker chcon -t samba_share_t /opt/Docker
In the first line, the permissions on the folder are adjusted to allow the logged in user to read and adjust the files, but not for anonymous users. This is recursive for all folder below. Then, the folder’s owner is changed to the user linux and group linux, and finally, SELinux is setup to allow folder access. Otherwise Samba won’t work properly.
Also, even though this is optional, it’s strongly recommended to secure the server by using a smbgroup and authenticate the user. The configuration of Samba below assumes you’ll complete the following steps as well.
sudo smbpasswd -a linux
You are then prompted to fill in a password which is used for samba access:
[[email protected] ~]$ sudo smbpasswd -a linux New SMB password: Retype new SMB password: Added user linux.
Now we can get on with Samba configuration.
sudo vi /etc/samba/smb.conf
This already contains a config in some cases. You can choose to back it up, or to overwrite it. Backing up would work like this:
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.old
Then, the following code can be inserted into the file:
# See smb.conf.example for a more detailed config file or # read the smb.conf manpage. # Run 'testparm' to verify the config is correct after # you modified it. [global] netbios name = XR-APP01 server string = XR-APP01 workgroup = WORKGROUP hosts allow = remote announce = remote browse sync = security = user dns proxy = no passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw #===================== SHARES ====================== [Docker] path = /opt/Docker browsable = yes read only = no valid users = @linux writable = yes guest ok = no [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = root create mask = 0664 directory mask = 0775
Test the validity of the configuration:
sudo systemctl restart smb sudo systemctl restart nmb
Now you’ll be able to connect to the share on other computers, in Windows by pressing
Windows Flag + R and typing:
On MacOS, in Finder go to the taskbar Go > Connect to server..
Fill in the server IP address:
Click connect and then login with the credentials created in this tutorial in the security section.
Then all available shares are visible: