Kali Linux Setup Samba Share for Home LAN: Difference between revisions
From WikiMLT
m →Notes: |
|||
Line 91: | Line 91: | ||
==== Notes: ==== | ==== Notes: ==== | ||
<code>[https://manpages.ubuntu.com/manpages/jammy/en/man8/net.8.html man net]/usershare</code>: The optional "acl" field specifies which users have read and write access to the entire share. Note that guest connections are not allowed unless the smb.conf parameter "usershare allow guests" has been set. The | * <code>[https://manpages.ubuntu.com/manpages/jammy/en/man8/net.8.html man net]/usershare</code>: The optional "acl" field specifies which users have read and write access to the entire share. Note that guest connections are not allowed unless the smb.conf parameter "usershare allow guests" has been set. The definition of a user defined share acl is: "user:permission", where user is a valid username on the system and permission can be "F", "R", or "D". "F" stands for "full permissions", ie. read and write permissions. "D" stands for "deny" for a user, ie. prevent this user from accessing this share. "R" stands for "read only", ie. only allow read access to this share (no creation of new files or directories or writing to files). | ||
== References == | == References == |
Revision as of 14:43, 14 September 2022
Install Samba
sudo apt install samba smbclient nautilus-share
sudo usermod -aG sambashare $USER
Samba Basic Setup
Add or modify the following lines within smb.conf
.
sudo nano /etc/samba/smb.conf
cat /etc/samba/smb.conf | grep -Pv '^(;|\s*#)' | sed '/^$/d'
[global]
client min protocol = LANMAN1
server min protocol = LANMAN1
workgroup = WORKGROUP
interfaces = 127.0.0.0/8 eth0 br0
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
usershare owner only = false
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
Notes:
- For client/server min protocol you can try also with
NT1
orSMB2
. - The following is not listed default value from the
[global]
section:usershare path = /var/lib/samba/usershares
.
Restart the Samba and the NetBIOS services.
sudo systemctl restart smbd.service nmbd.service
1. One option is to edit the file smb.conf
and add a section, as the shown below, at the very bottom of the file. Then restart the Samba and the NetBIOS services.
sudo nano /etc/samba/smb.conf
[Share]
comment = Shared filews
path = /home/share
public = yes
writable = yes
Notes:
- The section name
[Share]
is matter of you choice – this will become the name of the shared folder. - The directory provided as
path
value,/home/share
in this case, must have enough permissions.
2. Another option is to use the net
tool in a way as the the following.
net usershare add Git /home/$USER/Git : Everyone:F guest_ok=y
The above command will share the user's ~/Git
directory and will grant it guest access. The command actually creates a file entry in /var/lib/samba/usershares
.
cat /var/lib/samba/usershares/git
#VERSION 2
path=/home/pa4080/Git
comment=:
usershare_acl=S-1-1-0:F
guest_ok=y
sharename=Git
Notes:
man net/usershare
: The optional "acl" field specifies which users have read and write access to the entire share. Note that guest connections are not allowed unless the smb.conf parameter "usershare allow guests" has been set. The definition of a user defined share acl is: "user:permission", where user is a valid username on the system and permission can be "F", "R", or "D". "F" stands for "full permissions", ie. read and write permissions. "D" stands for "deny" for a user, ie. prevent this user from accessing this share. "R" stands for "read only", ie. only allow read access to this share (no creation of new files or directories or writing to files).
References
- …
- …