====== SMB Provide Network Shares Suitable For Group Collaboration ======
**General Information**
Samba shares for groups.
**Prerequisites**
* [[linux_wiki:smb_provide_network_shares_to_specific_clients#server_install_and_config|Samba server installed and configured]]
* [[linux_wiki:smb_provide_network_shares_to_specific_clients#client_install_and_config|Samba client installed and configured]]
----
====== Lab Setup ======
The following virtual machines will be used:
* server1.example.com (192.168.1.150) -> Perform all SMB client tests from here
* server2.example.com (192.168.1.151) -> Install the Samba Server here
----
====== Group Shares: Server ======
Create a group
groupadd smbgrp
\\
Add users to the group
usermod -G smbgrp user1
usermod -G smbgrp user2
\\
Create samba passwords
smbpasswd -a user1
smbpasswd -a user2
\\
Setup the group directory for sharing
mkdir /sambashare_group
chown :smbgrp /sambashare_group
chmod 770 /sambashare_group
\\
SELinux: Set file context
semanage fcontext -at samba_share_t "/sambashare_group(/.*)?"
restorecon -Rv /sambashare_group
\\
Create the new directory share config
vim /etc/samba/smb.conf
[sambashare_group]
comment = My Groups Samba Share
path = /sambashare_group
valid users = @smbgrp
write list = @smbgrp
writable = yes
force group = +smbgrp
create mask = 0664
directory mask = 0775
# Defaults, but listing in case something in [global] over rides
browsable = yes
public = no
* +smbgrp -> The "+" means that only users already in the group (smbgrp) will use that as their primary group when accessing the share.
\\
Restart the service for changes to take effect
systemctl restart smb
----
====== Group Shares: Client ======
Ensure the same users and group exist on the client
* **uids and gids must match!**
\\
List shares
smbclient -L //192.168.1.200 -U user1
\\
Setup local directory for mounting the remote samba share
mkdir /collaborate
\\
Mount Persistently
vim /root/.sharedcreds
username=user1
password=password
vim /etc/fstab
//192.168.1.200/smbgroupshare /collaborate cifs _netdev,rw,credentials=/root/.sharedcreds,uid=1004,gid=1004 0 0
----