Ustvarjanje in konfiguriranje Samba delnic v CentOS 7

Here’s a tutorial that shows you how to enable Samba in [global] 7 and create a file server with different access permissions in a networked environment.For example, if you own [global] server with huge storage space, you can create multiple shares and enable other networked clients to access those share remotely. The clients can be [allaccess], Mac OSX or other Linux machines.

Using Samba software one can provide seamless file and print services to remote clients with the host server acting as a file server. This brief tutorial is going to show you how to do it.

For this tutorial, we’re going create three separate shares with different access levels. One share will allow full access to everyone without [global].

The second share will only allow users who are members of a particular group and the last share will allow only a single user with full permission. Our server is going to be called Srvr1 with [allaccess]



  • Setting up Workgroup

The first step in the whole process is making sure that all systems share the same workgroup. The server and clients should be member of the same workgroup for this to work properly.

Step one, is to determine the workgroup name of your [allaccess] machines. Za to, ope the command prompts and run the commands below.

<zbornik>net config workstationcode>

Centos 7 samba shares


Take notes of the workstation domain shown on the screen. That’s the workgroup of your first Windows machine, which is the default.

Since our first windows machine is a member of the Workgroup workgroup, let’s make all of the other sistem a member of the same Workgroup.

The default Samba workgroup is also going to be called Workgroup.


  • Setting up Network/DNS

If you don’t have a Domain Name System in place, then you may skip this part. Če ne, then let’s create a host record for the server on each machine.

V sistemu Windows, run open the command prompt as administrator and run the commands below.

notepad C:WindowsSystem32driversetchosts

Then enter the hostname and [allaccess] of the server and save the file. (add the vrstica below at the end of the file and save) srvr1


  • Installing Samba in CentOS 7

Naslednji, logon to your CentOS 7 server and namestite Samba and other samba packages. Za to, prost dostop zapoved spodaj.

yum -y install samba samba-client samba-common

After tekmovanje v teku the above commands, go and create a backup of Samba default configuration file. Za to, prost dostop zapoved spodaj.

mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

Then create a new configuration file with the information below.

vi /etc/samba/smb.conf


  • Samba global parameters

In the new smb.conf file, set the global parameters that will allow Samba to share it shares.

workgroup = WORKGROUP
server string = Samba Server %v
netbios name = srvr1
security = user
map to guest = bad user
dns proxy = no


  • First share to allow everyone access

Below the [global] parameters, add the below shares definitions that will allow everyone access to the shared imenik.


path = /samba/allaccess
browsable = yes
writable = yes
guest ok = yes
read only = no


The above share definition gives everyone access without prompting for [global] regardless of their group membership.

The entire file should look like this:


workgroup = WORKGROUP
server string = Samba Server %v
netbios name = srvr1
security = user
map to guest = bad user
dns proxy = no
#============================ Share Definitions ==============================
path = /samba/allaccess
browsable =yes
writable = yes
guest ok = yes
read only = no


Shrani the file and restart Samba services and continue..

Naslednji, run the commands below to create the allaccess folder that you shared above.

mkdir -p /samba/allaccess

Then enable and začetek Samba services z uporabo ukazi, ki so pod

systemctl enable smb.service
systemctl enable nmb.service
systemctl restart smb.service
systemctl restart nmb.service


  • Open the firewall to allow access

By default all incoming ports are denied when you installed CentOS. To allow external access to Samba in CentOS 7, you must open the firewall to allow traffic to Samba. Za to, prost dostop zapoved spodaj.

firewall-cmd --permanent --zone=public --add-service=samba

Then reload the firewall by tekmovanje v teku ukazi, ki so pod.

firewall-cmb --reload

Since the share above is allaccess, which means everyone should have access, let’s change the permission on the folder. Za to, run the commands below to give ownership of it to nobody.

cd /samba
chmod -R 0755 allaccess/
chown -R nobody:nobody allaccess/


Naslednji, we want to allow selinux for the share folder above. Za to, run the commands below from the /samba imenik.

chcon -t samba_share_t allacess/


Now go to Windows machine and select Run then type the folder path to access it.


Creating varno folder with member only access.

The above nastavitev allows everyone to access that folder. To allow only a select member to access the varno folder inside the allaccess folder, you’ll want to create another share like the one below.
path = /samba/secured
valid users = @scuredgroup
guest ok = no
writable = yes
browsable = yes

Create a the new folder by running the commands below

mkdir -p /samba/secured

Then create a group name securedgroup. To create a group in Linux run the commands below.

groupadd securedgroup

Then add the user richard as a member of the group

useradd richard -G securedgroup

Do the same for all the member you want to access the secured folder. Ko ste končali, allow selinux for the secure folder.

chcon -t samba_share_t secured/

Change the permission to that folder to everyone who has access the read and write to it.

cd /samba
chmod -R 0777 secured/

Končno, change the owner ship of the secured group to a user and the securedgroup.

chmod -R richard:securedgroup secured/

Now try to access the secured group.

Končno, add the user to Samba database by running the commands below. Do this for all users who will be accessing the secured folder.

smbpasswd -a richard


If you only want a single user to access a particular share, replace the @securedgroup with the user id, and only that user will access that share.


Pustite Odgovori