A Step-by-Step Guide to Configuring Samba Server on Red Hat/CentOS/Rocky Linux 8

Introduction:

Samba, an open-source implementation of the SMB/CIFS networking protocol, enables seamless file and print sharing between Linux and Windows systems. Configuring a Samba server on Red Hat 8 is a straightforward process that allows you to create a shared network resource accessible from various operating systems. In this step-by-step guide, we'll walk you through the process of setting up a Samba server on Red Hat 8.

Prerequisites:

1.  Red Hat 8 Installation:

   Ensure that you have a Red Hat 8 system up and running.

2. Root or Sudo Access:

   You need administrative privileges to install and configure packages.

 Step 1: Install Samba Package:

Open the terminal and use the following command to install the Samba package:

#sudo dnf install samba samba-common samba-client

 

Step 2: Configure Samba:

1. Backup the Original Configuration:

   Before making any changes, it's wise to back up the original configuration file:

#sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak

 

2. Edit the Samba Configuration File:

   Use your preferred text editor to open the Samba configuration file:   

   Update the file according to your preferences. Below are some essential configurations:

#sudo vim /etc/samba/smb.conf

 [global]
       workgroup = WORKGROUP
       server string = Samba Server %v
        security = user

   [sharename]
       path = /DATA/Samba_share
       writable = yes
       browseable = no 
       guest ok = no
       valid users = user1 user2 @smb_group
       hosts allow = 127.  192.168.1.

  

   - `workgroup`: Set the workgroup name (default is WORKGROUP).

   - `server string`: Add a description for your Samba server.

   - `security`: Set to "user" for user-level security.

   Adjust the `[sharename]` section according to your needs.

Step 3: Create a Samba User and group:

Create a Samba user and set a password. This user should have access to the shared folder.

#sudo groupadd smb_group 
#sudo useradd -M username
#sudo smbpasswd -a username 

 

If you are managing access through group  add user in group too

#sudo usermod -aG smb_group  username

 

Step 4: Create the Shared Folder:

Create a folder to be shared and adjust permissions:

#sudo mkdir -p /DATA/Samba_share
#sudo chown  root:smb_group -R /DATA/Samba_share
#sudo chmod  0775 -R /DATA/Samba_share

 

Step 5: Start and Enable Samba Service:

Start the Samba service and enable it to start at boot:

#sudo systemctl enable smb
#sudo systemctl start smb 

#sudo systemctl status smb

Step 6: Configure Firewall:

If the firewall is active, allow Samba traffic:

#sudo firewall-cmd --add-service=samba --permanent

#sudo firewall-cmd --reload 

 

Step 7: Configure selinux:  

if the selinux is enabled set context  

#sudo chcon -t samba_share_t  /DATA/Samba_share

#sudo chown -R root:smb_group /DATA/Samba_share

 

Step 8: Test the Configuration:

Access the shared folder from a Windows or Linux machine using the Samba user credentials.

Here we have some commands to verify on Linux Server 

 A . Connect to a Samba Share:

#smbclient //server/sharename -U username 

 

- Replace `server` with the hostname or IP address of the Samba server.

- Replace `sharename` with the name of the shared folder.

- Replace `username` with the Samba username.

If you didn't specify a password during connection, you can enter it interactively:

B. List Files on the Samba Share:

Once connected, you can list files on the Samba share using:

#smb: \> dir

 

C. Download and Upload a File from the Samba Share:

To download a file from the Samba share to your local machine:

#smb: \> get filename 

 

- Replace `filename` with the name of the file you want to download.

D. Upload a File to the Samba Share:

To upload a file from your local machine to the Samba share:

#smb: \> put localfile 

 

- Replace `localfile` with the name of the file you want to upload.

E. Change Directory on the Samba Share:

Navigate to a specific directory on the Samba share:

#smb: \> cd directory 

 

- Replace `directory` with the name of the target directory.

F. Delete a File on the Samba Share:

To delete a file on the Samba share

#smb: \> del filename 

 

- Replace `filename` with the name of the file to be deleted.

G. Exit `smbclient`:

To exit the `smbclient` session:

#smb: \> exit 

 

These `smbclient` commands provide a basic set of functionalities for interacting with Samba shares. You can explore additional options and features by referring to the `smbclient` manual (`man smbclient`) or by typing `help` within the `smbclient` interactive session. This tool is invaluable for testing your Samba server configuration and ensuring seamless file sharing across your network.

Bonus:

The pdbedit --list command can be used to list the user that have been added to the SMB database. The output should be identical to the smb.passwd file.

#pdbedit --list

The smbpasswd command with the -x option can be used to delete a user from the SMB database.

 

#smbpasswd -x username

 

Congratulations! You have successfully configured a Samba server on Red Hat 8 or any RPM based server, allowing seamless file sharing across your network.

Closing Thoughts:

Configuring a Samba server on Red Hat 8 is a valuable skill for anyone working in a mixed operating system environment. With this guide, you can easily set up a Samba server and enhance collaboration between Linux and Windows systems on your network. Happy sharing!

Mastering User and Group Management in Linux | User and group Management in Linux

 

User management is a fundamental aspect of Linux system administration. Whether you're a seasoned sysadmin or a Linux enthusiast, understanding the essential commands for user management is crucial. In this blog post, I we'll explore Linux commands that will empower you to efficiently manage users and group on Linux system

What is user ?

Every process (running program) on the system runs as a particular user. Every file is owned by a particular user. Access to files and directories are restricted by user. The user associated with a running process determines the files and directories accessible to that process. 

id command is used to show current logged-in user, also you can use id command to see the basic information about other user 

$id 
uid=1000(nirmal) gid=1000(nirmal) groups=1000(nirmal)

or 

$id root
uid=0(root) gid=0(root) groups=0(root)

To view user associated with a file or directory, you can use ls -l  command

$ls -l  /home

To view process associated with a user  you can use ps   command

$ps au

To switch user from one user to another user 

$ su - username 

or 

$su  username 

Database files for User  and group 

/etc/passwd

By default, systems use a simple "flat file," the /etc/passwd file, to store information about local users. The format of /etc/passwd follows (seven colon-separated fields) 

username : password : UID : GID : GECOS : HomeDir : Shell 

/etc/shadow

Then file /etc/shadow is used to store password information 
for all users in Linux 

/etc/group

Then file /etc/group is used to store group information 
for all the group in Linux 

/etc/gshadow

Then file /etc/gshadow is used to store password information 
for all group in Linux

 

What is a group? 

Like users, groups have a name and a number (GID). Local groups are defined in /etc/group 

There are two types of group used in Linux 

1 - Primary Group 

2 - Supplementary groups or Secondary Group  

Managing Local User Accounts 

UID ranges

• UID 0 is always assigned to the superuser account, root.

• UID 1-200 is a range of "system users" assigned statically to system processes by Red Hat.

• UID 201-999 is a range of "system users" used by system processes that do not own files onthe file system. They are typically assigned dynamically from the available pool when thesoftware that needs them is installed. Programs run as these "unprivileged" system users inorder to limit their access to just the resources they need to function.

• UID 1000+ is the range available for assignment to regular users. 

* To create user  

#useradd username 

 

* To set password to a user 

#passwd username 

 

* To create user with specific UID 

#useradd -u 1010 username 

 

* To create a user with specific group "supplementary groups" , shell and user with single command 

#useradd  -G groupname  -s /sbin/nologin -u 1010  username 

 

* To create user with user description 

#useradd   -c  "IT Department"   username 

 

* To create a user with specific expiry date 

#useradd -e 2024-12-31  username 

* To create a system user 

#useradd -r  username 

 

* To create a user without home Directory 

#useradd -M username 

 

* To create a user  with specific home directory on different location 

#useradd -d /opt/username  username 

 

Options:

  -b, --base-dir BASE_DIR       base directory for the home directory of the

                                new account

  -c, --comment COMMENT         GECOS field of the new account

  -d, --home-dir HOME_DIR       home directory of the new account

  -D, --defaults                print or change default useradd configuration

  -e, --expiredate EXPIRE_DATE  expiration date of the new account

  -f, --inactive INACTIVE       password inactivity period of the new account

  -g, --gid GROUP               name or ID of the primary group of the new

                                account

  -G, --groups GROUPS           list of supplementary groups of the new

                                account

  -h, --help                    display this help message and exit

  -k, --skel SKEL_DIR           use this alternative skeleton directory

  -K, --key KEY=VALUE           override /etc/login.defs defaults

  -l, --no-log-init             do not add the user to the lastlog and

                                faillog databases

  -m, --create-home             create the user's home directory

  -M, --no-create-home          do not create the user's home directory

  -N, --no-user-group           do not create a group with the same name as

                                the user

  -o, --non-unique              allow to create users with duplicate

                                (non-unique) UID

  -p, --password PASSWORD       encrypted password of the new account

  -r, --system                  create a system account

  -R, --root CHROOT_DIR         directory to chroot into

  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files

  -s, --shell SHELL             login shell of the new account

  -u, --uid UID                 user ID of the new account

  -U, --user-group              create a group with the same name as the user

  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping

Managing Local Groups 

1. Basic Group Creation:

   

#groupadd mygroup

 

This command creates a new group named "mygroup."

2. Specify GID (Group ID):

  

#groupadd -g 1001 mygroup

   This command creates a group with the name "mygroup" and specifies the Group ID as 1001. You can replace 1001 with the desired Group ID.

3. Add System Group:

   

#groupadd -r  mygroup 

   

   This creates a system group ("-r" option) .

4. Add Description to Group:

   

#groupadd -r -g 1001 -f "My important group" mygroup 

   

   This creates a system group ("-r" option) with a specific Group ID and a description.

5. Display Group Information:

   

#grep mygroup /etc/group 

 

   After creating the group, you can use `grep` to display group information from the `/etc/group` file.

Remember to replace "mygroup" and the Group ID with your preferred group name and ID. 

Modification of  Local User and group Accounts 

A : Modification of  Local User

The usermod and userdel command in Linux is used to modify user account attributes. Here are some examples:

1. Change User's Home Directory:

   

#usermod -d /path/to/new/home username 

 

2. Change User's password :

   

#passwd  username 

    

3. Change User's Login Name:

   

#usermod -l newusername oldusername 

    

4. Add User to Additional Groups:

   

#usermod -aG group1,group2 username 

    

5. Change User's Shell:

   

 

#usermod -s /path/to/new/shell username 

    

6. Lock/Unlock User Account:

   - Lock:

     

#usermod -L username 

      

   - Unlock:
     

#usermod -U username 

      

7. Set User's Expiry Date:

   

#usermod -e YYYY-MM-DD username 

    

8. Remove User Expiry Date:

   

#usermod -e -1 username 

    

9. Change User's UID (User ID):

   

 

#usermod -u newUID username 

    

10. Delete User Account (Keep Home Directory):

   

   

#userdel username 

 

11. Delete User Account and Home Directory:

      

#userdel -r username 

   The `-r` option removes the user's home directory along with the user account.

12. Force Removal (Even if User is Logged In):

   

#userdel -f username 

 Use this with caution, as it forcefully removes the user, even if they are logged in.

13. Remove Only User's Home Directory:

   

      

#rm -r /home/username 

 

   This is a separate step if you want to keep the user account but remove the home directory manually.

Remember to replace placeholders like `username`, `group1`, `group2`, etc., with your actual usernames and group names. Always double-check your changes to avoid accidental misconfigurations.

B: Modification of  Local Groups

The `groupmod` command in Linux is used to modify group attributes. Here are some examples:

1. Change Group Name:

   

#groupmod -n newgroupname oldgroupname

 

2. Set Password on Group:

   

#gpasswd  groupname

 

3. Change Group GID (Group ID):

   

   

#groupmod -g newGID groupname 

 

4. Add User to Group:

   

     

#usermod -aG newgroupname username 

 

5. Remove User from Group:

  

#gpasswd -d username groupname 

 

6. Change Group Password:

   

#groupmod -p newpassword groupname 

 

Remember to replace placeholders like `newgroupname`, `oldgroupname`, `username`, etc., with your actual group names and usernames. Always double-check your changes to avoid accidental misconfigurations.

C: Managing password expiry of user

The `chage` command in Linux is used to change user password expiry information. Here are some examples:

1. **View Password Expiry Information:**

           

#chage -l username 

 

  This command displays detailed information about the password aging for the specified user.

2. Set Maximum Number of Days between Password Changes:

           

#chage -M 60 username

 

   This example sets the maximum number of days between password changes to 60 for the specified user.

3. Set Password Expiry Date:

          

#chage -E YYYY-MM-DD username 

 

   This example sets the password expiry date for the specified user.

4. Force Password Change on Next Login:

   

           

#chage -d 0 username

 

   This example forces the user to change their password on the next login.

5. Disable Password Expiry:

        

#chage -M -1 username 

    This example disables Account expiry for the specified user.

6. Disable Account Expiry:

  

#chage -E -1 username 

 

   This example disables Account expiry for the specified user.

Remember to replace `username` with the actual username you want to modify. The `chage` command provides flexibility in managing password aging and expiry policies for user accounts on Linux systems.

D : Creating Super User (sudo user) 

To create a superuser (sudo user) in Red Hat 8 or similar distributions, you can follow these steps:

1. Create a New User:

        

#useradd superusername 

#passwd  superusername

 

   Replace `superusername ` with the desired username for the new sudo user. 

2. Add the User to the sudo Group:

   

#usermod -aG wheel superusername 

 

   This command adds the user to the `wheel` group, which is typically configured to have sudo privileges.

3. Verify sudo Access:

   Switch to the new user and try running a command with sudo to verify access.

       

#su - superusername
$sudo some_command

 

   Replace `some_command` with the actual command you want to run with sudo.

Note : You can also create sudo user by editing in sudoers file like

  

#vim /etc/sudoers 

superusername    ALL=(ALL)       ALL

 

save the file 

* If you wanted password less sudo user make entry like this 

#vim /etc/sudoers 

superusername    ALL=(ALL)      NOPASSWD: ALL

 

save the file 

   

#su - superusername
$sudo some_command

 

Now, the newly created user should have sudo privileges on your

Red Hat 8 system. Remember to replace `superusername ` with the chosen username for your new sudo user.