Computer lessons

We are raising a file server on Samba under CentOS. How to create a Linux server with your own hands and what you need for this Creating a shared directory

When creating a file server, the question of choosing an operating system inevitably arises. There is something to think about here: spend money on Windows Server or look at free Linux and BSD? In the second case, you will still have to decide on the choice of file system, of which there are quite a few in Linux. It is impossible to give a definite answer to the questions posed; we need comprehensive testing, which we conducted in our test laboratory.

How we tested

It is impossible to embrace the immensity. So it is in our case. It is not possible to test all file server options. Therefore, we decided to limit ourselves to the most common ones. For Windows Server, these are versions 2003 and 2008 R2, since the former is still widely used, and the latter is interesting for its technical innovations, in particular support for the SMB2 protocol and the NTFS file system.

For the Linux platform, Ubuntu 10.04 LTS was chosen. After conducting a series of additional tests, we found that the performance of file servers is practically independent of the Linux distribution, while at the same time there is a certain dependence on the version of Samba (in our case, 3.4.7). From the variety of file systems, we chose the most common and popular: ext3, ext4, reiserfs, XFS, JFS. The FreeNAS distribution was also tested, as a representative of the BSD family (built on the basis of FreeBSD 7.2) with UFS.

Windows 7 32-bit was used as the client. Let us immediately upset XP fans, whether you like it or not, Windows 7 will become the default corporate OS in the coming years.

Two PCs were used for the test platform Core2 Duo E8400 - P45 - 2 GB PC2-8500 connected by a gigabit network. One of them had Windows 7 installed, the second one had server OS installed and an additional hard drive was connected 750 Gb Western Digital RE3 used exclusively for testing. This disk was formatted into the desired file system and configured as a shared resource.

Testing was carried out using the Intel NASPT 1.0.7 package; you can learn more about the tests included in it. For each configuration, we performed 5 test runs, using the average result as the final result.

File operations

Working with files

In write operations, Windows Server is confidently in the lead, more than twice as fast as Linux; in read operations, the gap between Linux and Windows Server 2003 is practically narrowing, but Windows Server 2008 R2 holds high positions, significantly ahead of both Linux and Windows Server 2003.

In the Linux family of file systems, reiserfs unexpectedly takes the lead when working with large files, ext4 showed rather poor results when writing, and ext 3 when reading. JFS is a testing underdog and has problems writing large files, producing unacceptably low scores. FreeNAS showed a very modest result, according to the lower bar of Linux systems.

Working with folders

When working with a large number of small files distributed in folders of varying degrees of nesting, the result is more uniform. Windows systems are again in the lead, although not by such an impressive margin. SMB2 makes itself felt here too, making Windows Server 2008 R2 the undisputed leader with a 40% advantage over Linux.

In Linux, the results are quite even, reiserfs and JFS are slightly in the lead for writing, there is no clear leader for reading, JFS is a clear outsider. FreeNAS has comparable results, being slightly ahead on reads and slightly behind on writes.

Working with applications

So, the absolute leader today is Windows Server 2008 R2; the SMB2 protocol shows a significant advantage, leaving no chance for competitors. If you are faced with the task of creating a high-performance file server to work in a modern infrastructure, then there is no choice as such. The new server OS from Microsoft will certainly be worth the money spent on it.

Windows Server 2003 in the overall ranking takes second place with 76.31%, given that in some tasks it showed rather low results and a small gap from Linux solutions (10-15%) does not seem advisable to deploy new servers under this OS. The same should be taken into account when legalizing software; in this case, it is advisable to upgrade to Windows Server 2008 R2 or switch to a Linux solution.

Among Linux solutions, with the exception of JFS, the result is quite uniform, with XFS and reiserfs ahead by a small margin (3-5%). JFS is a clear outsider and is categorically not recommended for use. Solutions based on FreeBSD also cannot be recommended for serious use; they are inferior to Linux by 10-15%, not to mention the much more serious lag behind Windows systems.

We hope that our testing will help you make the right decision in choosing the operating and file systems for your file server.

One of the most common uses of servers in general is file storage. Such storages may contain backup copies of user files and databases, and storages are also used to store information that needs to be shared among employees of a company or a certain department of the company. Within the framework of this material - setting up a Samba server.

Samba is the most popular software package used for creating file storage, ( SMB/CIFS storage that allows you to organize a file server, to which clients using machines based on both Linux and Windows OS will have access).

Also applicable NFS(“Network File Systems”) and iSCSI storages based on data blocks (partitions, LVM) to which remote access is provided. iSCSI “exports” not the file system, but the device itself; you can work with it remotely as with a local disk.

This article will look at an example of building a file storage using Samba.

Setting up a Samba server on Ubuntu

Samba is widely used precisely because of its ability to work with clients using different operating systems. It can be integrated with Active Directory, which, however, is not common practice.

The file server that will be configured is designed to serve 30-50 clients.

Two basic configurations will be configured sequentially: a file storage to which all users of the organization have access (“ file dump") and storage that has certain access restrictions.

We read the package description and check the dependencies:

apt-cache show samba | less

If a 404 error occurs during the installation process, this means that any files necessary for correct installation were not found in the repositories.

We update the lists of repositories (if necessary, adding the necessary ones in advance and install the package; && means that the second part of the command will be executed only if the first is executed successfully).

apt-get update && apt-get install samba

workgroup = remote-tech-support

We bring the value of the workgroup parameter in accordance with the recommendations contained in the commented out lines of the config - we indicate our domain - setting this parameter, by the way, is not at all necessary.

The package will work using the default options, however, to ensure a minimum level of security, one value must be adjusted:

Remove the comment mark before the parameter

security = user

Setting up a basic file server configuration

Samba's function now is to provide minimal functionality - the ability to freely exchange files.

Go to the bottom of the config and add a “ball”:



read only = no
path = /mnt/fileserver
guest ok = no

The main ones are the directives with the name of the shares, the access level and the path to the directory to which shared access is provided.

read only determines the ability to write to shared files

Restarting the service

/etc/init.d/smbd restart

Creates a directory for the file server

Now the logical volume is 10 GB in size, let's call it vg0

lvcreate -L 10G -n samba vg0

Add to fstab so that the volume is mounted every time the computer is rebooted

/dev/vg0/samba /mnt/fileserver ext4 defaults 0 0

Updating information about mounted devices

Checking whether the ball is visible in the file system

Passwords for accessing the file server

User passwords for working with smbd differ from system user passwords (which are set in /etc/passwd).

Passwords for working with Samba are set using the smbpasswd command

Create test directories

We see that the owner of TestA is student

TestB owner is root

The goal now is to allow all users to write information to files in both directories.

Create a new fileserver group and add the student user to it

adduser student fileserver

We see that the test directories have the owner group root.

Removing directories

We install the group ID bit balls on the directory.

chgrp fileserver fileserver/

chmod g+rws fileserver/

Due to +s, rights (user ownership) will be inherited by all files created within the shared

catalogue.

Checking that the fileserver user group is listed

We add a line to the config, due to which all users accessing the share will be temporarily added to the fileserver group

mcedit /etc/samba/smb.conf


comment = Everybody can use that share
read only = no
path = /mnt/fileserver
guest ok = no
force group = fileserver
force create mode = 666
force create mode = 777

Open another terminal and log in as user student

ALT+F2

Let's create files whose owner will be student

drwxr-sr-x student fileserver TestA
drwxr-sr-x student fileserver TestB

The owner of the directories is student, the owner group is fileserver. The security bit(s) installed earlier is present.

We turn on a Windows PC located on the same subnet. Log in using the student user details.

At the command line, type //server01 (or any other name previously given to the server)
We see the Public share directory, which contains the TestA and TestB directories

We create a text document in Public share and make sure that no errors occur.
We look at the properties of TestB - we see that the owner of the directory is root, the group is fileserver. For TestA - fileserver and student, respectively.

In TestA you can create and edit any files, TestB can be viewed through the fileserver group, you cannot create or edit files here.

User or group write rights are sufficient. There is no need to use both user and group for the same directory.

Setting up a more secure configuration and differentiating rights

Now we will change the Samba configuration by providing each user with a directory for storing personal information

mcedit /etc/samba/smb.conf

remove comment marks from the lines related to the section. After restarting Samba, upon authorization, each user will see a directory whose name will coincide with the user name; personal data can be stored in this directory, to which only the user who owns the directory (and root) will have access.

We set the value of the read only parameter in the section to no, and also edit the values ​​of other parameters:

read only = no
create mask = 0700
directory mask = 0700
valid users = %S

/etc/init.d/samba reload

Let's go to Windows. It is necessary to update the list of shared directories because the OS caches data - one way is to go directly to the user directory, type \\server01 in the command line, then in the address field \\server01\student

We find ourselves in the user’s home directory, where we can create files and directories. Creating a directory

Back to Linux. We look at the rights and see that the owner and group of the owner are student


comment = Share for accounting department
read only = no
path = /mnt/fileserver/Accounting
guest ok = no
force group = +accounting
force create mode = 660
force directory mode = 770

Here we add security by setting +accounting; in contrast to the previously configured configuration, users are not added to the group, but only use it to gain access to the share. By setting rights, users who are not members of the owner’s group are prevented from even reading files created by Samba.

Accordingly, in order for a user to be assigned the rights of the accounting user group, he must already be a member of it.


comment = IT department
read only = no
path = /mnt/fileserver/IT
guest ok = no
force group = +IT
force create mode = 660
force directory mode = 770

Create directories:

mkdir /mnt/fileserver/Accounting

mkdir /mnt/fileserver/IT

Add groups and an existing user to one of the groups. All user and group names in Linux are case sensitive.

Reading the configuration

Specify users and user groups:

chmod root.fileserver fileserver

chmod root.accounting Accounting

Checking whether directory ownership is configured correctly

Removing test directories:

We return to Windows. Since student is a member of the IT group, he should only have access to the directory related to the IT department. He must not have access to other directories (he can view the contents of the Accounting directory, but cannot create or edit files). Let us make sure that this is indeed the case.

Let's make the settings according to the last scenario. Let's create a group with limited access.

adduser student internet_dev

chown www-data.internet_dev internet/

mcedit /etc/samba/smb.conf


comment = IT department
read only = no
path = /var/www/internet
guest ok = no
valid users = @internet_dev
force group = internet_dev
force create mode = 664
force directory mode = 775

The valid users value here assumes the presence of users in the internet_dev group, and you can also specify a list of users here.
Other rights are set because not only users will work with the /var/www/internet directory, but also, in this case, Apache

In Windows, refresh the information on the screen (F5) and try to open the internet directory. If the settings made are correct, these attempts will not be successful - the password entry window will be displayed endlessly.

adduser student internet_dev

Let's create and open a document in Windows - we don't save it.

On Linux we run smbstatus

smbstatus- a command showing the shared shares, the files opened in them and the users using them.

We find the ID of the process responsible for maintaining the connection with the share (let's say 2456) and kill it

Let's do ps aux and among the processes we see a newly spawned process of the same kind, but with a different ID - it was recreated by Samba

We go back to Windows and see that the open but not saved document is in the same state in which we left it, we can continue to edit it, then save it.

Our experience confirms that if the file server is interrupted, the data being worked with will not be lost.

Chapter 11: Setting Up a Read-Only File Server

11.1. Creating a shared directory

Let's start working with the Samba server by setting up a simple file server with read-only access. Every client (even anonymous clients using guest access) will be able to read the contents of shared files.

The first step is to create a directory and place several test files in it.

# mkdir -p /srv/samba/readonly # cd /srv/samba/readonly/ # echo "It's cold today." >winter.txt # echo "It's hot today." >summer.txt # ls -l total 8 -rw-r—r— 1 root root 17 Jan 21 05:49 summer.txt -rw-r—r— 1 root root 18 Jan 21 05:49 winter.txt #

11.2. Configuring shared directory settings

11.2.1. Section of global parameters of the smb.conf configuration file

In this example, the Samba server is in a workgroup named WORKGROUP (which is a standard workgroup). We also specify a server description string that can be seen by users exploring the network using the net view command, Windows Explorer, or the smbclient utility.

# head -5 smb.conf workgroup = WORKGROUP server string = Public Anonymous File Server netbios name = TEACHER0 security = share

You may have noticed a line in the above section of the server configuration file. This line sets the standard mode for restricting access to our Samba server. Setting the access mode allows clients (which can be the smbclient utility, any version of Windows OS, another Samba server) to provide a password to access each of the shared resources. This is one of the options for using the SMB/CIFS protocol. Another use of this protocol (called user mode) allows the client to provide a username and password combination before the server obtains information about the share the client wishes to access.

11.2.2. Section of shared resource settings of the smb.conf configuration file

Our shared resource will be named pubread, and the path to the previously created directory will be used as the path (specified using the path parameter). Each user will be able to access this directory (through the use of the parameter value) read-only (according to the parameter value).

Path = /srv/samba/readonly comment = files to read read only = yes guest ok = yes

Below is a very similar configuration used by the Samba server included with the Ubuntu 11.10 distribution.

root@ubu1110:~# cat /etc/samba/smb.conf workgroup = LINUXTR netbios name = UBU1110 security = share path = /srv/samba/readonly read only = yes guest ok = yes

In fact, the name of the Linux distribution you use is not critical. Below is a similar configuration used by the Samba server included in the Debian 6 distribution, which is essentially identical to the one above.

root@debian6:~# cat /etc/samba/smb.conf workgroup = LINUXTR netbios name = DEBIAN6 security = share path = /srv/samba/readonly read only = yes guest ok = yes

11.3. Restarting the server

After testing the configuration file using the utility, you should restart the Samba server (so that you do not have to wait for information about the shared resource to begin distributing between computers on the network).

# service smb restart Shutting down SMB services: [ OK ] Shutting down NMB services: [ OK ] Starting SMB services: [ OK ] Starting NMB services: [ OK ]

11.4. Checking the presence of a shared resource

11.4.1. Checking using the smbclient utility

Now you can check the availability of a shared resource using the utility. Our share is the fourth share in the list.

# smbclient -NL 127.0.0.1 Domain= OS= Server= Sharename Type Comment ——— —- ——- IPC$ IPC IPC Service (Public Anonymous File Server) global$ Disk pub0 Disk pubread Disk files to read Domain= OS= Server= Server Comment ——— — —- TEACHER0 Samba 3.0.33-3.7.el5 W2003EE Workgroup Master ——— ——- WORKGROUP W2003EE

11.4.2. Check using Windows OS

The last step in checking for the presence of a shared resource is to read the file from the Samba shared directory using a computer running Microsoft Windows. First of all, we must use the command to mount the pubread shared directory as a disk drive, denoted by the letter K:.

C:\> net use K:\\teacher0\pubread The command completed successfully.

After this, we must check the ability to view the contents of the shared directory and read files from this directory.

C:\> dir k: Volume in drive K is pubread Volume Serial Number is 0C82-11F2 Directory of K:\ 01/21/2009 05:49

. 21/01/2009 05:49 .. 01/21/2009 05:49 17 summer.txt 01/21/2009 05:49 18 winter.txt 2 File(s) 35 bytes 2 Dir(s) 13.496.242.176 bytes free

In order to simply make sure that it is safe to use a Samba server to organize file sharing, let's try to write data to a file from a directory shared with it.

K:\> echo very cold > winter.txt Access is denied. K:\>

Or, you can use Windows Explorer.

11.5. Note about using netcat utility

The above Windows shell output was obtained in the Linux console using a utility to interact with the Windows command shell.

This utility works quite simply: it waits for a connection to a specific port of a computer running Windows OS, and executes the command shell binary file cmd.exe after receiving the connection. The netcat utility is similar to the cat utility in the sense that, like the cat utility, it does nothing other than transfer data, but the netcat utility is designed to transfer data over a network.

To create the conditions necessary to establish the described connection, you should run the following command on a computer running Windows OS (after downloading the Windows version of the netcat utility).

nc -l -p 23 -t -e cmd.exe

After this, you can establish a connection to this machine using the netcat utility from any computer running Linux. This will display the cmd.exe shell greeting in your Linux shell.

paul@laika:~$ nc 192.168.1.38 23 Microsoft Windows (C) Copyright 1985-2003 Microsoft Corp.

Setting up a corporate file server on Debian Linux

C:\> net use k: /delete net use k: /delete k: was deleted successfully.

11.6. Practice: Setting up a file server with read-only access

11.7. The correct procedure for completing a practical task: setting up a file server with read-only access

1. Create a directory to allow each client on the network to have read-only access to its files in a suitable file system directory (following the standard FHS file system hierarchy).

Select one of the following options:

The directory must not be used!

The directory should not be used either!

The directory is also not suitable!

2. Make sure that you have set the correct owner ID for the created directory and that the files in it are public.

chown root:root /srv/samba/readonly chmod 755 /srv/samba/readonly

3. Place the text file in the created directory.

echo Hello World > hello.txt

4. Provide all clients with access to the created directory over the network using the Samba server.

Your Samba server configuration file smb.conf.readonly might look like this:

Workgroup = WORKGROUP server string = Read Only File Server netbios name = STUDENTx security = share path = /srv/samba/readonly comment = read only file share read only = yes guest ok = yes

Test its correctness using the testparm utility before use!

5. Check from your computer and a separate computer (using the smbclient, net use, commands) the readability of files from the shared directory.

If using Linux:

If using Windows Explorer: Go to the My Network Neighborhood directory.

If you are using the Windows command shell

6. Create a backup copy of your smb.conf server configuration file named smb.conf.ReadOnlyFileServer.

cp smb.conf smb.conf.ReadOnlyFileServer

If you liked the article, share it with your friends:

Samba- a program that allows you to access network drives on various operating systems using the SMB/CIFS protocol. It has client and server parts. It is free software, released under the GPL license.

Samba runs on most Unix-like systems such as GNU/Linux, POSIX-compliant Solaris and Mac X Server, various BSD variants, /2, Windows. Samba included in almost all GNU/Linux distributions, including, of course, Ubuntu.

To make a shared folder in Ubuntu Desktop, just right-click on the folder and select the “Publish Folder” menu item. There is no need to edit any configuration files. Everything described below applies only to manual configuration, for example, in the case of creating a file server.

To install, just open a terminal and enter:

sudo apt-get install samba

The application will be automatically downloaded and installed.

Using the terminal, we will make a backup copy of the initial configuration file:

sudo cp /etc/samba/smb.conf(,.bak)

Now you can edit the settings file /etc/samba/smb.conf; to do this, open it in any text editor with superuser rights. For example, like this:

sudo nano /etc/samba/smb.conf

— what is written below is generally speaking just one specific scenario for using Samba, and in a huge number of cases everything is configured absolutely wrong. The article needs to be corrected, focusing on the capabilities of Samba, and not just on the use of this program as a file storage with local authorization. It is better to include the example with file storage in a separate detailed article.

An example of setting up Samba as a standalone file server with authorization:

; Global server settings; General server settings; Computer name that will be displayed in the network environment netbios name = main-server server string = ; Client workgroup workgroup = WORKGROUP announce version = 5.0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 passdb backend = tdbsam security = user null passwords = true ; File for user name aliases username map = /etc/samba/smbusers name resolve order = hosts wins bcast ; wins support is set to yes if your nmbd(8) in Samba is a WINS server. Do not set this parameter to yes unless you have multiple subnets and do not want your nmbd to act as a WINS server. Never set this parameter to yes on more than one machine within the same subnet. wins support = no ; Printer support printing = CUPS printcap name = CUPS ; Logs log file = /var/log/samba/log.%m syslog = 0 syslog only = no ; Configuring binding to which interfaces to listen on, if listens on all interfaces are not specified; interfaces = lo, eth0 ; bind interfaces only = true ; ; ; path = /var/lib/samba/printers ; browseable = yes ; guest ok = yes ; read only = yes ; write list = root ; create mask = 0664 ; directory mask = 0775 ; ; ; path = /tmp ; printable = yes ; guest ok = yes ; browseable = no ; ; ;path = /media/cdrom ;browseable = yes ;read only = yes ;guest ok = yes ; Hard drive ball; The name of the balls is visible from clients; Path to the shared disk path = /media/sda1 ; Is it possible to browse browseable = yes read only = no guest ok = no create mask = 0644 directory mask = 0755 ; Binding to a specific user name or group, names separated by a space; force user = user1 user2 ; force group = group1 group2 ; Another hard drive, similar to the one above path = /media/sde1 browseable = yes read only = no guest ok = no create mask = 0644 directory mask = 0755

Now we need to deal with the users.

Samba uses users that are already in the system, let’s take the name user as an example, let’s say that it is already in the system, we need to add it to the SMB database and assign a password to access shared resources, we’ll do this with the command:

smbpasswd -a user

You will be prompted to enter a password, the user will be added to the database, now you need to enable this user.

smbpasswd -e user

Next, let's create an alias for the username user to make it easier for us to access from a Windows machine on which we have, for example, a user named Admin. To do this, we'll create and edit the file /etc/samba/smbusers:

sudo touch /etc/samba/smbusers sudo gedit /etc/samba/smbusers

Write a couple of lines into the file

# Unix_name = SMB_name1 SMB_name2 user = Admin

This completes the setup, restart Samba.

For Ubuntu 10.04 version use the command:

sudo service smbd restart

For earlier versions use:

sudo /etc/init.d/samba restart

Now you can use shared resources.

Setting up a Samba server on Ubuntu

Customization apps

There are also applications that allow you to configure Samba through a graphical interface (see GUI applications for working with Samba).

You can install the simplest one for Samba with the command:

sudo apt-get install system-config-samba

It is launched with the command:

sudo system-config-samba

It writes all changes to the samba configuration file.

For remote administration of Samba, webmin is perfect as a web interface for Samba.

File server for Windows network

Very often Samba is used to create a file server on a Windows network. A separate article is devoted to a description of this use case:

Articles about Samba

Links

Opening Windows to a Wider World. (slogan on www.samba.org)

Samba - implementation of network protocols Server Message Block (SMB) And Common Internet File System (CIFS). The main purpose is to share files and printers between Linux and Windows systems.

Samba consists of several daemons that run in the background and provide services and a number of command line tools for interacting with Windows services:

  • smbd- a daemon that is an SMB server for file services and print services;
  • nmbd- a daemon that provides NetBIOS naming services;
  • smblient— the utility provides command line access to SMB resources. It also allows you to get lists of shared resources on remote servers and view your network environment;
  • smb.conf— a configuration file containing settings for all Samba tools;

List of ports used by Samba

An introductory article about the basic principles of sharing files and printers.

Server installation and configuration

# under Arch Linux, server yaourt -S samba # under Arch Linux, client yaourt -S smbclient # under Ubuntu, server sudo apt-get install samba samba-common system-config-samba

Copy the settings file smb.conf

sudo cp /etc/samba/smb.conf.default /etc/samba/smb.conf

By default they are created resources for user home directories (section homes V smb.conf) and printers (section printers).

Access to the resource can be password-based or anonymous. For the first method there are a couple of points:

  1. the user must exist in the system (created using the command and set a password);
  2. the user must be added as a Samba user (using the command);

View users

sudo pdbedit -L -v

It is necessary that the computers belong to the same workgroup, in Windows this is the default WORKGROUP, so we will use it.

Below is an example of a simple file smb.conf with settings for anonymous access to the directory /srv/samba/public.

sudo mkdir -p /srv/samba/public sudo chmod -R 0777 /srv/samba/public

Parameter names are not case sensitive. There are synonyms for some common parameters, and antonyms for others. For example, writable And writeable are synonyms, and read only– an antonym for them, i.e. option read only = yes is equivalent to option writable = no.

Workgroup = WORKGROUP server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 security = user map to guest = Bad User dns proxy = no # follow symlinks unix extensions = no wide links = yes follow symlinks = yes # utf encoding dos charset = cp866 unix charset = UTF8 # disable printers load printers = no show add printer wizard = no printcap name = /dev/null disable spoolss = yes # hosts allow = 127. 192.168.24 . # by default, all files starting with a dot will have the “hidden” attribute hide dot files = yes comment = public folder path = /home/proft/public read only = no locking = no browsable = yes # allow guest access guest ok = yes force user = nobody force group = nobody # guest only = yes # create mode = 0777 # directory mode = 0777 # allow access only user1, user2 # valid users = user1, user2

Let's check the correctness of the settings using the command

The option specifies to also display default values.

Let's start the Samba server

# under Arch Linux sudo systemctl start smbd # under Ubuntu, server sudo service start smbd

Let's check the connection to Samba per port 139 by using

telnet 192.168.24.100 139

Samba has a number of options related to user authentication. The most important of them is the parameter security, which can take five different values

One of the most standard ways to communicate over a network between Ubuntu and Windows computers is to set up Samba as a file server. This chapter explains how to set up a Samba server to share files with Windows clients.

The server will be configured to allow any client on the network to access files without requiring a password. If your environment requires more stringent access control, see Securing Samba Servers.

Installation

Settings

The main Samba configuration file is /etc/samba/smb.conf. The initial configuration file has a significant number of comments to document the various configuration directives.

Not all possible options are included in the default settings file. See manual man smb.conf or Samba FAQ for more details.

1. First change the following key/value pairs in the section file /etc/samba/smb.conf:

Workgroup = EXAMPLE ... security = user

Parameter security is located much lower in the section and is commented out by default. Also replace EXAMPLE to something more appropriate to your surroundings.

2. Create a new section at the end of the file or uncomment one of the examples for the directory that you want to share:

Comment = Ubuntu File Server Share path = /srv/samba/share browsable = yes guest ok = yes read only = no create mask = 0755

    comment: A short description of the shared resource. Used for your convenience.

    path: path to the shared directory.

    This example uses /srv/samba/sharename because, according to the File System Hierarchy Standard (FHS), the /srv directory is where all data related to a given site should reside. Technically, a Samba share can be placed anywhere on the file system where file access restrictions allow, but following standards is recommended.

    browsable: Allows Windows clients to view the contents of a shared directory using Windows Explorer.

    guest ok: Allows clients to connect to the shared resource without providing a password.

    read only: Determines whether the resource is accessible with read-only or write privileges. Write privileges are only available when you specify no, as shown in this example. If the value yes, then access to the resource will be read-only.

    create mask: Defines what access rights will be set for new files created.

3. Now that Samba is configured, you need to create a directory and set permissions on it. Enter in terminal:

Sudo mkdir -p /srv/samba/share sudo chown nobody.nogroup /srv/samba/share/

parameter -p tells mkdir to create a complete directory tree if it doesn't exist.

4. Finally, restart samba services to apply the new settings:

Sudo restart smbd sudo restart nmbd

Again: This configuration allows full access to any client on the local network. For a more secure setup, see the section Securing Samba Servers.

You can now search the Ubuntu file server using the Windows client and browse its shared directories. If your client does not show your shares automatically, try accessing your server by its IP address, for example, \\192.168.1.1, from a Windows Explorer window. To check that everything works, try creating a directory inside your share from Windows.

To create additional shares, create a new section in /etc/samba/smb.conf and restart Samba. Just make sure the shared directory is created and has the correct permissions.

Shared resource «» and the way /srv/samba/share- these are just examples. Set the resource name and directory name according to your environment. It is a good idea to use the name of the resource's directory on the file system as the name of the resource. In other words, the resource can be specified for the /srv/samba/qa directory.

To create a terminal, file (FTP) or mail server on Linux, you must be able to work in this operating system. Otherwise it will be difficult to figure it out. The OS doesn't need a powerful computer. Because it does not waste extra resources on graphic design. Linux distributions can be deployed even on an old PC. Therefore, Linux or Ubuntu Server is often used to create various servers.

A lot of different literature has been written about this. Some books about Linux are a thousand pages long. You will have to work through the terminal and enter all commands manually. But you can still make a small Linux server with your own hands, which will include file storage, Web services and a mail protocol.

Ubuntu Server is based on the Linux operating system. It does not require a modern processor, a good video card or a large amount of RAM to work. With Linux, you can deploy a server even on an old laptop. And it will have all the necessary components: mail, FTP, Web.

You can download a Linux disk image from the Ubuntu.ru website. Choose any version with Server (not Desktop!). The download will take place through a Torrent client. This image must be written to a disc or flash drive (using LiveUSB). You can also use a virtual drive.

Ubuntu has a simplified interface. There are no graphic excesses in it. This OS is perfect for making a DIY Linux server. With it, computer resources will be used for the needs of the domain. After all, she needs very little to work.

Its installation goes like this:

  • Select the language and region you live in.
  • Create an administrator name. It is used to manage the server.
  • Also enter a username in the “Username for your account” field. Under this account you will communicate with Ubuntu technical support.

Specifying the username in Ubuntu

  • Enter password. Confirm it.

Enter your account password

  • Specify the domain if you have one. It will contain all services: file (FTP), email, website hosting, and so on.
  • Wait while the system installs.
  • After that, she will offer additional components.

Here is a list of what is needed for a Linux server and its full operation:

  • Open SSh. Used for remote administration. This will come in handy if you decide to manage the service from another computer. Then on a Linux PC you can disable the monitor and video adapter.
  • LAMP. A set of Linux utilities that includes Apache (Web server). MySQL (database) and PHP (programming language for CMS). These components are needed to create a control interface.
  • Samba file server. Allows you to configure file sharing between computers. If you need an FTP server, select this option.
  • Virtual Machine host. Install if you are going to use virtualization capabilities.
  • Print server. Network printers.
  • DNS server. Domain Name System. With it you can recognize the IP address by the computer name and vice versa.
  • Mail server. Mail server.
  • PostgreSQL database. Object-relational databases.

Select what you need and confirm installation. When you first start, you will need to enter your administrator login and password. The console will open. It is similar to the Windows command line or the MS DOS operating system interface.

Initially, you will need to check for updates. Type the command “Sudo apt-get update” or “Sudo apt-get upgrade” without the quotes. After the update, you can start setting up all server components: FTP, mail, Web.

There is a pseudo-graphical interface for Ubuntu - Midnight Commander. This is an analogue of the Norton Commander shell, which was developed for the MS DOS system. It’s easier to work with such an interface - everything is clearer than in the console.

Launching the Linux Terminal

Modern Linux uses a terminal instead of a console. To enter it:

  1. Open Applications.
  2. Click "Standards".
  3. There will be a "Terminal" there.

You can enter commands into it just like in Ubuntu Server.

  • To install LAMP components (if they do not already exist), you need to sequentially enter the commands “sudo apt-get update”, “sudo apt-get install tasksel” and “sudo tasksel install lamp-server”. After each one, press Enter.
  • To download Open SSh, type "sudo apt-get install openssh-server".
  • To install Samba file server, write “sudo apt-get install samba”.

When installing MySQL from the LAMP package, you will need to set an administrator password for SQL.

Local Web server

To create a Web, the server must have its own dedicated IP. Then, after installing LAMP, the Apache test page will be available at this IP address. This is the future Web. In the future, it will be possible to install FTP, databases, and a mail protocol on it. To configure the Web server:

  • Install phpMyAdmin. To do this, in the terminal or in the console, type one after another, enter “sudo apt-get install phpmyadmin”

  • And then “sudo service apache2 restart”.
  • The component will load. Apache will be restarted. Further actions depend on the version of the operating system.

If you have Ubuntu 13.1 and above, use the commands:

  1. sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
  2. sudo a2enconf phpmyadmin
  3. sudo /etc/init.d/apache2 reload

Enter them sequentially one after another, after each press Enter.

On Ubuntu 16.04, other instructions are needed:

  1. sudo apt-get install php-mbstring php-gettext
  2. sudo phpenmod mcrypt
  3. sudo phpenmod mbstring
  4. sudo systemctl restart apache2

After entering them and automatically restarting the service, the web interface will be available at http:///phpmyadmin.

  • The configuration and data about it are located in the Apache server folder “etc/apache2/”. Apache2.conf - configuration file for the distribution
  • The “mods-available”/“sites-available” and “mods-enabled”/“sites-enabled” directories contain mods and sites.
  • Ports.conf lists the listening ports.
  • If you add the word "Stop" after the command "sudo /etc/init.d/apache2", Apache will pause. If “Start” it will start again. If “Restart” - it will reboot.
  • To independently choose the path for saving sites, sequentially enter “sudo a2enmod rewrite” and “sudo a2enmod userdir” into the terminal.

Each time after making any changes, you must restart the service with the “Restart” command.

Mail server

To create a mail server on Linux, you must already have a domain registered. You also need to have a static IP.

  • Install the Postfix component. To do this, type “sudo apt-get postfix” in the console.
  • When it boots, write the command “sudo /etc/initd/postfix start”. The service will start working.
  • Postfix already contains the parameters that are needed to fully work with the SMTP protocol. But still, a little tweaking wouldn't hurt.
  • Open the /etc/postfix/main.cf file.
  • Find the value “mydomain =” in it. After the “=” sign, write the domain name.
  • Then look for “myhostname =”. And enter the machine name.
  • Now the mail server can send letters to other computers that are on the same network. So that it can send correspondence to other domains on the Internet, in the “main.cf” file, find the line “inet_interfaces =”. Place the word “all” after it.
  • In the “mynetworks =” variable, enter the range of addresses of all computers on your subnet (for example, 127.0.0.0/8).

If the service is configured correctly and all conditions are met (permanent IP address, registered domain), then the Server will be able to receive and send correspondence. If your domain's MX record refers to your host.

To view resource logs, use the command “tail -f /var/log/mail/info”. To receive a message from him, enter "mailq".

File server

You may need a Linux FTP server to exchange documents and upload files. There are several versions of such resources: vsFTPd, Samba, proFTPd.

Let's take a closer look at vsFTPd. It can be installed and launched with one command - “sudo apt-get install vsftpd”. Further settings depend on your preferences and what kind of service you want to make. Administrator rights may be required to change settings.

  1. Immediately after downloading the program, the system creates a new user and adds a folder to the home directory that is intended for working with server storage. Also in the “etc” directory there is a file “ftpusers”. There you can add users who are denied access to files.
  2. After installation, it is better to change the directory in which the files should be located to the “var” folder. To do this, as an administrator, write the command “usermod -d /var/ftp ftp && rmdir /home/ftp”.
  3. Create a new user group. For example, "userftp". Type “addgroup userftp” into the console.
  4. Add a new account to it (for simplicity, we will name the user and group the same). Use the command "useradd -a /var/ftp -g userftp userftp". It also creates a user. To include an existing nickname in the group, instead of “useradd” write “usermod”.
  5. You need to come up with a password for the new user. Enter “passwd userftp” in the terminal.
  6. Type "chmod 555 /var/ftp && chown root:userftp /var/ftp" to give the account access to the file server root folder.
  7. Now create a public directory. Sequentially enter “mkdir /var/ftp/pub” and “chown userftp:userftp /var/ftp/pub”.

Initially, FTP starts in offline mode. She has a script that plays the role of a demon. With this functionality, several commands are available. They are entered after the line “sudo service vsftpd”.

  • Stop and Start. Disable and enable.
  • Restart and Reload. Restart. Needed to apply new settings. The difference between the commands is that in the second the reboot occurs without a complete shutdown.
  • Status. Status information.

Further configuration of the server involves rewriting the configuration file, which is located in etc/vsftpd.conf. It has a simple and understandable structure. It's quite easy to understand. Although this requires certain knowledge. Before changing this file, it makes sense to make a backup copy of it. So that if errors are detected, everything can be restored. Enter the command “cp /etc/vsftpd.conf /etc/vsftpd_old.conf” and the information will be saved.

After this you can start editing.

  • In the “listen=” parameter write “YES”. Then the server will work in independent mode.
  • "Local_enable" allows local users to log in.
  • "Write_enable" gives them access to their home directories.
  • "Anonymous_enable". You can limit the rights of anonymous users by setting “NO”. There is also an option “no_anon_password” - anonymous logins without a password. It can also be banned.

If you want to make a public server, then after the “listen” line you need to add several additional parameters.

  • "Max_clients". Number of simultaneous connections.
  • "Idle_session_timeout" and "data_connection_timeout". Session timeouts.
  • "Ftpd_banner". Welcome message for visitors. You can write, for example, “Hello!”

Terminal server

A Linux terminal server is intended for enterprises and offices, where all computers are connected into one network. It is very convenient when you can access the terminal from any PC (if it has access) of the organization. This opens up great opportunities for remote administration.

LTSP - Linux Terminal Server Project - is suitable for this task. The program is included in the standard Ubuntu package. To install it:

  1. Enter the command "ltsp-server-standalone".
  2. Then write “apt-get update && apt-get install ltsp-server-standalone”.
  3. Wait for everything to download and update.
  4. Now we need to install the client system. Type "ltsp-build-client".
  5. Then "ltsp-build-client -dist trusty -arch i386 -fat-client-desktop lubuntu-desktop".
  6. Use the "debootstrap" command and the distribution will automatically expand to the "opt/ltsp/i386" directory.

Linux Server can run even on weak PCs. Therefore, it is very often used to create servers and remote administration. Mail services, FTP storages, and terminals are made on this operating system.


More on the topic of the article: