linux, networking, nextcloud, nextcloudpi

Share your files in your LAN with SAMBA

| by nachoparker

In order to complement last post about the NFS remote file system, in this post we will cover SAMBA. The main focus of this series is to document the possibilities of NextCloudPi, but it aims to be a general introduction to the technology.

Like NFS, SAMBA provides a remote file system that allows us to mount locally folders that are in reality in another computer.

SAMBA is a free and open source implementation of the SMB/CIFS (Server Message Block/Common Internet File System) by MicroSoft that was started in 1992.

SMB/CIFS is the protocol used in Windows networks to share files and printers, so SAMBA allows us to host files and printers that can be accessed from a Windows computer, as well as it allows a Linux computer to access files and printers shared in a Windows system.

Actually, it is so popular that Mac computers can also access SMB/CIFS remote filesystems, which makes SAMBA a good choice for “mixed” networks where we want to serve files to Linux, Windows, Mac computers… and even some Android applications are able to mount SMB/CIFS folders over the network.

Features

This is a highlight of its features

  • The SAMBA server is implemented in userspace.
  • It is supported by multiple platforms
  • Its traffic is not encrypted, although it is in the roadmap of features
  • It provides authenticated access.
  • It can also share printers, combined with the CUPS printing server.

While the beauty of NFS its it’s simplicity, low resources requirements and the fact that it is implemented in the kernel, SAMBA is way more flexible, featureful and more appropriate for many setups except the most simple ones.

We have more control over the setup, as we can define different permissions for different users and the access is authenticated via username/password. Public shares can also be defined.

While installing the nfs-kernel-server only takes up 300 KB of our space, the smbd server takes around 40 MB.

Installation

Just install the appropriate package for your distribution, normally just samba.

In the case of NextCloudPi, just update to the latest version with

sudo ncp-update

As usual, the generic installer can be used on any Debian based running server to install and configure through SSH, or on a Raspbian image through QEMU.

git clone https://github.com/nextcloud/nextcloudpi.git
./installer.sh samba.sh 192.168.0.128

Default configuration (NextCloudPi only)

In the specific case of NextCloudPi, we usually want to share the data folder on the local network, so select samba in

sudo nextcloudpi-config

DIR is the directory to share. The default will be /var/www/nextcloud/data/admin/files for user admin on a fresh installation. If you have moved the data folder to an external drive, then it might be more similar to the default /media/USBdrive/ncdata/admin/files. Note that this is the path for the files belonging to the user admin.

If you would like a different setup, read the next section.

Manual configuration

The main configuration file is located at /etc/samba/smb.conf. There are many resources online about the configuration of this file, but the comments inside it are pretty much self-explanatory.

A share is defined by a configuration block that can be as simple as this

[NextCloudPi]
    path = /media/USBdrive/mysharedfolder
    writeable = yes
;   browseable = yes
    valid users = pi

If you want to be able to modify and delete files and folders from both Nextcloud and SAMBA mounts, you can add the following to the share

force group = www-data
create mask = 0770
directory mask = 0771
force create mode = 0660
force directory mode = 0770

Users are controlled by smbpasswd, and smb.conf can be configured to synchronize their credentials with the Linux user credentials.

In order to add the user pi, type

sudo smbpasswd -a pi

Make sure that the shared folder can be accessed by allowed users through the regular system permissions system.

Usage

Once the share is in place, we can browse it from Windows, Mac, and such.

In order to browse shares in Linux, we make use of smbclient.

$ smbclient -L 192.168.0.128 -U pi        
Enter pi's password:
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.2.14-Debian]

        Sharename       Type      Comment
        ---------       ----      -------
        print$          Disk      Printer Drivers
        NextCloudPi     Disk
        IPC$            IPC       IPC Service (Samba 4.2.14-Debian)
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.2.14-Debian]

        Server               Comment
        ---------            -------
        RASPBERRYPI          Samba 4.2.14-Debian

        Workgroup            Master
        ---------            -------
        WORKGROUP

We can see the NextCloudPi share defined earlier. We can use smbclient to login to a terminal interface that allows us to browse, push and pull files.

However, this is not very comfortable to use. It is better to mount the remote share.

$ sudo mount -t cifs //192.168.0.128/NextCloudPi /mnt -o username=pi,password=raspberry

, or at boot from /etc/fstab

//192.168.0.128/NextCloudPi /mnt cifs username=pi,password=raspberry,rw,user 0 0

That is not ideal though, as the password will be shown in our history for the mount command, and  fstab is visible to all users.

It is better to save our credentials in a read-only file and use the option credentials.

cat > ~/.smbfile <<EOF
username=pi
password=raspberry
EOF
chmod 600 ~/.smbfile
//192.168.0.128/NextCloudPi /mnt cifs credentials=/home/pi/.smbfile,rw,user 0 0

The folder in the server at location /media/USBdrive/mysharedfolder will now be available in /mnt with those access permissions of user pi on that server.

Code

#!/bin/bash

# SAMBA server for Raspbian 
# Tested with 2017-03-02-raspbian-jessie-lite.img
#
# Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
# GPL licensed (see end of file) * Use at your own risk!
#
# Usage:
# 
#   ./installer.sh samba.sh <IP> (<img>)
#
# See installer.sh instructions for details
# More at: https://ownyourbits.com
#

DIR_=/media/USBdrive/ncdata/admin/files
USER_=pi
PWD_=raspberry
DESCRIPTION="SMB/CIFS file server (for Mac/Linux/Windows)"

install()
{
  apt-get update
  apt-get install --no-install-recommends -y samba
  update-rc.d smbd disable

  # the directory needs to be recreated if we are using nc-ramlogs
  grep -q mkdir /etc/init.d/smbd || sed -i "/\<start)/amkdir -p /var/log/samba" /etc/init.d/smbd
}

configure()
{
  # INFO
  ################################
  whiptail --msgbox \
           --backtitle "NextCloudPi configuration" \
           --title "Instructions for external synchronization" \
"If we intend to modify the data folder through SAMBA,
then we have to synchronize NextCloud to make it aware of the changes. \n
This can be done manually or automatically using 'nc-scan' and 'nc-scan-auto' 
from 'nextcloudpi-config'" \
  20 90

  # CHECKS
  ################################
  [ -d "$DIR_" ] || { echo -e "INFO: directory $DIR_ does not exist. Creating"; mkdir -p "$DIR_"; }
  [[ $( stat -fc%d / ) == $( stat -fc%d $DIR_ ) ]] && \
    echo -e "INFO: mounting a in the SD card\nIf you want to use an external mount, make sure it is properly set up"

  # CONFIG
  ################################
  sed -i '/\[NextCloudPi\]/,+5d' /etc/samba/smb.conf
  cat >> /etc/samba/smb.conf <<EOF
[NextCloudPi]
	path = $DIR_
	writeable = yes
;	browseable = yes
	valid users = $USER_
EOF

  update-rc.d smbd defaults
  update-rc.d smbd enable
  service smbd start

  usermod -aG www-data $USER_
  echo -e "$PWD_\n$PWD_" | smbpasswd -s -a $USER_
  sudo chmod g+w $DIR_
}

cleanup()
{
  apt-get autoremove -y
  apt-get clean
  rm /var/lib/apt/lists/* -r
  rm -f /home/pi/.bash_history
  systemctl disable ssh
}

# License
#
# This script is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This script is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this script; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place, Suite 330,
# Boston, MA  02111-1307  USA

References

https://www.samba.org/samba/docs/using_samba/ch06.html

https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html

Author: nachoparker

Humbly sharing things that I find useful [ github dockerhub ]

19 Comments

  1. That’s great, but I couldn’t understand well how I’d do a setup like what I’ll describe. Could you please help me?
    – there’s only one user on the RPi, which is the default user Pi with changed password. I can add other users, if necessary;
    – NextCloudPi users are: admin (just admin stuff, I’d delete it if I could, but no big deal); me (username ‘alc’, with admin privileges); my partner (username ‘lif’, belongs to group ‘users’, no admin privileges);
    – user ‘lif’ should access her NextCloud data folder from her Macbook, and only her data folder, not ‘alc”s or ‘admin”s;
    – user ‘alc’ should only access his NC data folder, and only this folder, not the other users’;
    – users should be able to share files with each other through NC’s sharing feature, no need for sharing through samba, in principle.

    So, is it attainable? Could you please help me?

    On a side note, this NextCloudPi installation is just on the local network, no internet access – this is just for local wireless handling of files. Should I worry about SSL? Because I disabled ‘force HTTPS’.

    Thank you and props for the great work!

    Reply

    1. I would create two samba users with `smbpasswd`, then two shares, one for each user ( `valid users` line ) at their Nextcloud data locations ( `/media/USBdrive/ncdata/alc/files` ).

      Finally, grant system permissions over the data folder, but always keep Nextcloud (user `www-data`) able to access. You can for example, change the group for the folder ( group `alc` ), and grant it read/write permissions.

      Regarding HTTPS… I think you can never be too paranoid, specially with private data. I would leave it on, because nowadays everything can access the internet. Say you have cheap chinese IoT toaster at home… it will be able to sniff your data and send it to the internet.

      Reply

  2. hey nacho,

    do you know or/and would you be so kind an tell me on which protocol the installed samba bases? smb1, smb2 or smb3?

    Reply

      1. thanks for your answer.

        >It would probably be a good idea to disable SMB1

        that was the reason for asking. how do i do that? and/or couldn’t you do that on default? just for security reasons?

        Reply
  3. Pingback: NextCloudPi, a ready to use NextCloud image for Raspberry Pi – Own your bits

  4. Hi nachoparker, do you have any updates on the encryption of samba.
    I would like to use samba to share movies but I’m concerned about the security as I have it connected to the internet.
    Any other ideas how I could stream movies from the pi to other devices in a secure way?

    Reply

    1. well, samba is LAN only, so in principle, nobody would be able to access from outside because your router is on the way.

      if you want to stream movies, you can open movies from your browser with Nextcloud, or you could mount your video folder with SSHfs, or you could set up vlc as a server… first things that come to my head, but you can investigate, I might be missing something

      Reply

  5. I can’t get this to work as all folders and files created under NextCloudPi are created with permission that doesn’t allow Samba to delete or amend, specifically the w(rite) bit is not set for the group www-data. Creating files or folders under Samba works great and NextCloud is able to deal with them without issue.

    Initally I ran;
    sudo chgrp -R www-data
    sudo chmod -R g+w

    And;
    sudo find -type d -exec chmod 2775 {} \;
    sudo find -type f -exec chmod ug+rw {} \;

    Which works great for all files and folders currently listed in NextCloud, but get NextCloud to create a new file or folder and it doesn’t create it with the w(rite) bit set for the group, seems the aforementioned commands would also need to be run everytime – seems very clumsy. What is the correct way to handle this?

    Reply

  6. Hi there,
    I’m new to Nextcloudpi and Linux. I managed to install Nextcloudpi, now I only want to install a samba server to access the data from my Windows PC.

    I type in the following, and it works as far as I can say: “git clone https://github.com/nextcloud/nextcloudpi.git

    Then I type “./installer.sh samba.sh 192.168.0.128”
    and I get the response “-bash: ./install.sh: No such file or directory”

    What am I doing wrong? Do I have to type in another IP address?
    It’s really bothering me that I can’t make it work. Please help

    Reply

  8. Hi there,

    I was wondering if I can also add other nextcloud users to Samba by using your NextCloudPi Panel or do I have to do it manually?

    Thanks!

    Reply

  9. Thanks a lot for sharing this! The share was easily mounted in Windows or on my Smartphone!

    In Linux I had the problem that I could only write files as an administrator.
    The fix for that was to add “,uid=**linux-user**,gid=sambashare” to the end of the fstab line where I mount the share:

    //**server-IP**/ncp-ncp /mnt cifs credentials=/home/**linux-user**/.smbfile,uid=**linux-user**,gid=sambashare,rw,user 0 0

    Where the **linux-user** is a member of the gid sambashare.

    Reply

  10. Hi All,
    I have the same problem with access to the user data over samba. Exactly the same stuff described by Alex Centim in first post.
    Nextcloud added automatically the samba users data in relation to the created accounts to the end of the smb.conf
    For example one looks like that;
    [ncp-user1]
    path = /media/USBdrive/ncdata/user1/files
    writeable = yes
    ; browseable = yes
    valid users = user1
    force user = www-data
    force group = www-data
    create mask = 0770
    directory mask = 0771
    force create mode = 0660
    force directory mode = 0770

    When I was turning on samba option in NextcloudPi panel it asked me to enter password. And it is assumed that the one password is related to all users. Which is strange for me.
    I can only connect one user from the 4 created. Using the one password for samba, not even the real user password.

    Another thing is that shared folders arent displayed in samba for that user. I have got group folders that are accessible for all users. But cannot see them in samba.

    Anyone can help to fix this issues.
    I add that I am new to linux and NC.

    Thanks

    Reply

  11. Hi All,
    Nice wroteup! Thank you for this.
    It works like a charme!

    But: Do you have any solution for shared files/folders or Groupfolders?
    For the groupfolder there are the way, that we can set the specific rights to the __groupfolder share and sub share and so on… but thats horrible to configure.

    And also for the share files/folders. There is a way to give rights to the specific file/folder in the path of the other user, but that is also a nogo….

    Do you have an idea to solve that?

    Thank you for your reply…

    Best

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *