CREATE AND CONFIGURE FILE SHARING IN CENTOS 7
This will be a simple tutorial on how to create a Linux file server on CentOS 7 using Samba
Systems Settings
Server Settings
| Operating System : CentOS 7 Hostname : fileserver IP Address : 192.168.1.254/24 |
Client Settings (can be Windows, Mac or Linux/Unix computer)
| Operating System : Windows 7 Hostname : client IP Address : 192.168.1.101/24 |
Network Settings
Check workgroup setting on each computer
We assume that all the computers are set to WORKGROUP, if not fix that or change it to whatever you want
| net config workstation |
Setting up DNS
If you don’t have a Domain Naming System set up you can either set one up or manually add a host record on each machine.
To add a host record,
open cmd as an administrator
| notepad C:\Windows\System32\drivers\etc\hosts |
Add this record entry and save and exit host file
| 192.168.1.254 fileserver fileserver |
Install Software
Install Samba on CentOS Server
| yum -y install samba samba-client samba-common |
Enable Services
Enable/Start Samba Service
| systemctl enable smb.service systemctl start smb.service systemctl status smb.service |
Configure User Accounts
We are going to use variables <username> so for every user you want to add, substitute <username> for a real username
Add user <username>
| useradd <username> # or create an account that can't login to on the server directly useradd -s /sbin/nologin <username> |
Set the smb password
| smbpasswd -a <username> |
Create a group called <groupname>
Again, we use a variable called <groupname>, you can change this to salesteam, or cleaningstaff or whatever
| groupadd <groupname> |
Add the user <username> to group <groupname>
| usermod -a -G <groupname> <username> |
Edit Samba Configuration File
Backup the original file and edit
| mv /etc/samba/smb.conf /etc/samba/smb.conf.backup vi /etc/samba/smb.conf |
Copy and Paste
| [global] workgroup = WORKGROUP server string = Samba Server Version %v netbios name = fileserver security = user map to guest = bad user dns proxy = no hosts allow = 127. 192.168.1. #============================ Share Definitions ============================== [homes] [printers] |
Create a Public Share
We are going to use variable <publicfolder>, substitute this variable for your desired folder name
Add folder <publicfolder>
| mkdir -p /samba/<publicfolder> chmod -R 0755 /samba/<publicfolder> chown -R nobody:nobody /samba/<publicfolder> |
Edit samba configuration file
| vi /etc/samba/smb.conf |
Append this to the end of smb.conf
| [<publicfolder>] path = /samba/<publicfolder> browsable = yes writable = yes guest ok = yes guest only = yes create mode = 0777 directory mode = 0777 |
Save file and restart the smb service for settings to take effect.
Create a Private Share
We are going to use variables <privatefolder> substitute this variable for your desired folder name
Add folder <privatefolder>
| mkdir -p /samba/<privatefolder> chmod -R 0755 /samba/<privatefolder> chown -R <username>:<groupname> /samba/<privatefolder> |
Edit Samba configuration file
| vi /etc/samba/smb.conf |
append this to the end of smb.conf
| [<privatefolder>] path = /samba/<privatefolder> valid users = @<privategroup> force group = <privategroup> create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 writable = yes browsable = yes guest ok = no locking = yes |
Save file and restart the smb service for settings to take effect.
Don't forget to add the <username> to the group <privategroup>
Firewall Settings
Allow Samba service through firewall
| firewall-cmd --permanent --zone=public --add-service=samba |
Restart firewall to apply the changes
| firewall-cmd --reload |
SELinux Configuration
If you want to enable use home directories
| setsebool -P samba_enable_home_dirs on |
Set SELinux to allow Samba to read and write to it directories
| chcon -t samba_share_t /samba/<privatefolder>/ |
If you don’t want to mess around with SELinux, you can disable it
Edit SELinux configuration file
| vi /etc/sysconfig/selinux |
Set SELinux value to disabled
| SELINUX=disabled |
It's probably quicker to just reboot the server at this point.
ENJOY!