Kali Linux Setup Samba Share for Home LAN: Difference between revisions

From WikiMLT
Line 76: Line 76:
* The section name <code>[Share]</code> is matter of you choice - this will become the name of the shared folder.
* The section name <code>[Share]</code> is matter of you choice - this will become the name of the shared folder.
* The directory provided as <code>path</code> value, <code>/home/share</code> in this case, must have enough permissions.
* The directory provided as <code>path</code> value, <code>/home/share</code> in this case, must have enough permissions.
'''2.''' Another option is to use the <code>[https://manpages.ubuntu.com/manpages/jammy/en/man8/net.8.html net]</code> tool in a way as the the following.<syntaxhighlight lang="shell" line="1" class="mlw-continue">
'''2.''' Another option is to use the <code>[https://manpages.ubuntu.com/manpages/jammy/en/man8/net.8.html net]</code> tool in a way as the the following to create or remove a network share.<syntaxhighlight lang="shell" line="1" class="mlw-continue">
net usershare add Git /home/$USER/Git : Everyone:F guest_ok=y
net usershare add Git /home/$USER/Git "$USER's git projects" Everyone:F guest_ok=y
</syntaxhighlight><syntaxhighlight lang="shell" line="1" class="mlw-continue mlw-shell-gray">
net usershare delete Git
</syntaxhighlight>The above command will share the user's <code>~/Git</code> directory and will grant it guest access. The command actually creates a file entry in <code>/var&shy;/&shy;lib&shy;/&shy;samba&shy;/&shy;user&shy;shares</code>.<syntaxhighlight lang="shell" line="1" class="mlw-continue">
</syntaxhighlight>The above command will share the user's <code>~/Git</code> directory and will grant it guest access. The command actually creates a file entry in <code>/var&shy;/&shy;lib&shy;/&shy;samba&shy;/&shy;user&shy;shares</code>.<syntaxhighlight lang="shell" line="1" class="mlw-continue">
cat /var/lib/samba/usershares/git
cat /var/lib/samba/usershares/git
</syntaxhighlight><syntaxhighlight lang="terraform" class="mlw-pre-max-height-320" line="1" start="1">
</syntaxhighlight><syntaxhighlight lang="terraform" class="mlw-pre-max-height-320" line="1" start="1">
#VERSION 2
#VERSION 2
path=/home/pa4080/Git
path=/home/<user>/Git
comment=:
comment=<user>'s git projects
usershare_acl=S-1-1-0:F
usershare_acl=S-1-1-0:F
guest_ok=y
guest_ok=y
sharename=Git
sharename=Git


</syntaxhighlight>
</syntaxhighlight>Notes:
 
* <code>[https://manpages.ubuntu.com/manpages/jammy/en/man8/net.8.html man net]/usershare</code>: The optional "acl" field specifies which users have read and write access to the entire share. Note that guest connections are not allowed unless the smb.conf parameter "usershare allow guests" has been set. The    definition of a user defined share acl is: "user:permission", where user is a valid username on the system and    permission can be "F", "R", or "D".
==== Notes: ====
** "F" stands for "full permissions", ie. read and write permissions.
* <code>[https://manpages.ubuntu.com/manpages/jammy/en/man8/net.8.html man net]/usershare</code>: The optional "acl" field specifies which users have read and write access to the entire share. Note that guest connections are not allowed unless the smb.conf parameter "usershare allow guests" has been set. The    definition of a user defined share acl is: "user:permission", where user is a valid username on the system and    permission can be "F", "R", or "D". "F" stands for "full permissions", ie. read and write permissions. "D" stands for "deny" for a user, ie. prevent this user from accessing this share. "R" stands for "read only", ie. only allow read access to this share (no creation of new files or directories or writing to files).
** "D" stands for "deny" for a user, ie. prevent this user from accessing this share.
** "R" stands for "read only", ie. only allow read access to this share (no creation of new files or directories or writing to files).
* In addition the user must have enough filesystem permissions to the directory, for example yf you really want to allow everyone to write to the directory you may need to <code>chmod o+rwx ~/Git</code>.


== References ==
== References ==

Revision as of 14:51, 14 September 2022

In­stall Sam­ba

sudo apt install samba smbclient nautilus-share
sudo usermod -aG sambashare $USER

Sam­ba Ba­sic Set­up

Add or mod­i­fy the fol­low­ing lines with­in smb.conf.

sudo nano /etc/samba/smb.conf
cat /etc/samba/smb.conf | grep -Pv '^(;|\s*#)' | sed '/^$/d'
[global]
   client min protocol = LANMAN1
   server min protocol = LANMAN1
   workgroup = WORKGROUP
   interfaces = 127.0.0.0/8 eth0 br0
   log file = /var/log/samba/log.%m
   max log size = 1000
   logging = file
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
   usershare owner only = false
[homes]
   comment = Home Directories
   browseable = no
   read only = yes
   create mask = 0700
   directory mask = 0700
   valid users = %S
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

Notes:

  • For client/​​​server min pro­to­col you can try al­so with NT1 or SMB2.
  • The fol­low­ing is not list­ed de­fault val­ue from the [glob­al] sec­tion: user­share path = /​​​var­/​​​­lib­/​​​­samba­/​​​­user­shares.

Restart the Sam­ba and the Net­BIOS ser­vices.

sudo systemctl restart smbd.service nmbd.service

Share a Di­rec­to­ry via CLI

1. One op­tion is to ed­it the file smb.conf and add a sec­tion, as the shown be­low, at the very bot­tom of the file. Then restart the Sam­ba and the Net­BIOS ser­vices.

sudo nano /etc/samba/smb.conf
[Share]
   comment = Shared filews
   path = /home/share
   public = yes
   writable = yes

Notes:

  • The sec­tion name [Share] is mat­ter of you choice – this will be­come the name of the shared fold­er.
  • The di­rec­to­ry pro­vid­ed as path val­ue, /​​​home/​​​share in this case, must have enough per­mis­sions.

2. An­oth­er op­tion is to use the net tool in a way as the the fol­low­ing to cre­ate or re­move a net­work share.

net usershare add Git /home/$USER/Git "$USER's git projects" Everyone:F guest_ok=y
net usershare delete Git

The above com­mand will share the user's ~/​​​Git di­rec­to­ry and will grant it guest ac­cess. The com­mand ac­tu­al­ly cre­ates a file en­try in /​​​var­/​​​­lib­/​​​­samba­/​​​­user­shares.

cat /var/lib/samba/usershares/git
#VERSION 2
path=/home/<user>/Git
comment=<user>'s git projects
usershare_acl=S-1-1-0:F
guest_ok=y
sharename=Git

Notes:

  • man net/​​​usershare: The op­tion­al "acl" field spec­i­fies which users have read and write ac­cess to the en­tire share. Note that guest con­nec­tions are not al­lowed un­less the smb.conf pa­ra­me­ter "user­share al­low guests" has been set. The de­f­i­n­i­tion of a user de­fined share acl is: "user:permission", where user is a valid user­name on the sys­tem and per­mis­sion can be "F", "R", or "D".
    • "F" stands for "full per­mis­sions", ie. read and write per­mis­sions.
    • "D" stands for "de­ny" for a user, ie. pre­vent this user from ac­cess­ing this share.
    • "R" stands for "read on­ly", ie. on­ly al­low read ac­cess to this share (no cre­ation of new files or di­rec­to­ries or writ­ing to files).
  • In ad­di­tion the user must have enough filesys­tem per­mis­sions to the di­rec­to­ry, for ex­am­ple yf you re­al­ly want to al­low every­one to write to the di­rec­to­ry you may need to chmod o+rwx ~/​​​Git.

Ref­er­ences