Kali Linux Setup Samba Share for Home LAN: Difference between revisions

From WikiMLT
Spas (talk | contribs)
Spas (talk | contribs)
Line 91: Line 91:


==== Notes: ====
==== Notes: ====
<code>[https://manpages.ubuntu.com/manpages/jammy/en/man8/net.8.html man net]/usershare</code>: The optional "acl" field specifies which users have read and write access to the entire share. Note that guest connections are not allowed unless the smb.conf parameter "usershare allow guests" has been set. The        definition of a user defined share acl is: "user:permission", where user is a valid username on the system and        permission can be "F", "R", or "D". "F" stands for "full permissions", ie. read and write permissions. "D"      stands for "deny" for a user, ie. prevent this user from accessing this share. "R" stands for "read only", ie.        only allow read access to this share (no creation of new files or directories or writing to files).
* <code>[https://manpages.ubuntu.com/manpages/jammy/en/man8/net.8.html man net]/usershare</code>: The optional "acl" field specifies which users have read and write access to the entire share. Note that guest connections are not allowed unless the smb.conf parameter "usershare allow guests" has been set. The   definition of a user defined share acl is: "user:permission", where user is a valid username on the system and   permission can be "F", "R", or "D". "F" stands for "full permissions", ie. read and write permissions. "D" stands for "deny" for a user, ie. prevent this user from accessing this share. "R" stands for "read only", ie. only allow read access to this share (no creation of new files or directories or writing to files).


== References ==
== References ==

Revision as of 14:43, 14 September 2022

In­stall Sam­ba

sudo apt install samba smbclient nautilus-share
sudo usermod -aG sambashare $USER

Sam­ba Ba­sic Set­up

Add or mod­i­fy the fol­low­ing lines with­in smb.conf.

sudo nano /etc/samba/smb.conf
cat /etc/samba/smb.conf | grep -Pv '^(;|\s*#)' | sed '/^$/d'
[global]
   client min protocol = LANMAN1
   server min protocol = LANMAN1
   workgroup = WORKGROUP
   interfaces = 127.0.0.0/8 eth0 br0
   log file = /var/log/samba/log.%m
   max log size = 1000
   logging = file
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
   usershare owner only = false
[homes]
   comment = Home Directories
   browseable = no
   read only = yes
   create mask = 0700
   directory mask = 0700
   valid users = %S
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

Notes:

  • For client/​​​server min pro­to­col you can try al­so with NT1 or SMB2.
  • The fol­low­ing is not list­ed de­fault val­ue from the [glob­al] sec­tion: user­share path = /​​​var­/​​​­lib­/​​​­samba­/​​​­user­shares.

Restart the Sam­ba and the Net­BIOS ser­vices.

sudo systemctl restart smbd.service nmbd.service

Share a Di­rec­to­ry via CLI

1. One op­tion is to ed­it the file smb.conf and add a sec­tion, as the shown be­low, at the very bot­tom of the file. Then restart the Sam­ba and the Net­BIOS ser­vices.

sudo nano /etc/samba/smb.conf
[Share]
   comment = Shared filews
   path = /home/share
   public = yes
   writable = yes

Notes:

  • The sec­tion name [Share] is mat­ter of you choice – this will be­come the name of the shared fold­er.
  • The di­rec­to­ry pro­vid­ed as path val­ue, /​​​home/​​​share in this case, must have enough per­mis­sions.

2. An­oth­er op­tion is to use the net tool in a way as the the fol­low­ing.

net usershare add Git /home/$USER/Git : Everyone:F guest_ok=y

The above com­mand will share the user's ~/​​​Git di­rec­to­ry and will grant it guest ac­cess. The com­mand ac­tu­al­ly cre­ates a file en­try in /​​​var­/​​​­lib­/​​​­samba­/​​​­user­shares.

cat /var/lib/samba/usershares/git
#VERSION 2
path=/home/pa4080/Git
comment=:
usershare_acl=S-1-1-0:F
guest_ok=y
sharename=Git

Notes:

  • man net/​​​usershare: The op­tion­al "acl" field spec­i­fies which users have read and write ac­cess to the en­tire share. Note that guest con­nec­tions are not al­lowed un­less the smb.conf pa­ra­me­ter "user­share al­low guests" has been set. The de­f­i­n­i­tion of a user de­fined share acl is: "user:permission", where user is a valid user­name on the sys­tem and per­mis­sion can be "F", "R", or "D". "F" stands for "full per­mis­sions", ie. read and write per­mis­sions. "D" stands for "de­ny" for a user, ie. pre­vent this user from ac­cess­ing this share. "R" stands for "read on­ly", ie. on­ly al­low read ac­cess to this share (no cre­ation of new files or di­rec­to­ries or writ­ing to files).

Ref­er­ences