Article

How to Setup Samba With Block Storage on Debian 9

Published on: Fri, Aug 25, 2017 at 12:49 pm EST
Debian Linux Guides System Admin

Samba is an open source solution that allows users to setup fast and secure file and print shares. In this article, I will be covering how to setup Samba with Vultr's block storage on Debian 9. This includes optional quotas, authentication and instructions on accessing this via your home connection.

This article will work on any tier of Vultr's instance line.

Part 1: Preparing your server

It's important that we first install the dependencies of Samba, as well as getting the block storage up and running. If you don't know what Vultr's block storage is, it's a highly available, SSD-based scalable storage solution that mounts onto a Vultr VPS. More information on block storage is available in this doc.

The first thing you'll need to do is log in via SSH to your Vultr VPS, or via KVM. Using SSH is recommended, because using PuTTY or a command line version of SSH allows you to copy and paste commands.

Once you've logged in, if you're not using the root user, escalate to root.

su -

If your block storage is already mounted and prepared, skip to section B.

Please note: Vultr's current block storage article does not cover turning quotas on. If this is something you'd like to do, head to section A.1.

Section A: Preparing your block storage

Now, let's prepare your block storage. In this article, only basic instructions are provided on setting this up, so if you'd like additional details, please use the link written earlier in part 1.

First, let's create the necessary partitions with fdisk.

fdisk /dev/vdb

Within fdisk, enter:

n (enter)
p (enter)
1 (enter)
(enter)
(enter)
w (enter)
q (enter)

Now, format it as EXT4:

mkfs.ext4 /dev/vdb1

Our drive is now ready to be mounted. In the following step, create a directory in the location of your choice. This article will use the example directory /var/blockstorage, but you're free to change this location.

mkdir -p /var/blockstorage
mount /dev/vdb1 /var/blockstorage

Before we add the line in /etc/fstab, please execute the following command:

cat /etc/fstab | grep "UUID="

If the drive name ever changes (e.g /dev/vdb is renamed to /dev/sdb), the UUID will ensure that we're mounting the correct drive.

Copy the part after the = to the space before the slash. It should look like `8db639c7-d77d-49a3-a4b0-c9d2916ba873'.

Then, list out your drives by UUID and save it into a variable for later:

CURRENT_UUID='UUID_YOU_COPIED'
NEW_UUID=`ls /dev/disks/by-uuid/ | grep -v "$CURRENT_UUID"`

Finally, let's add the entry in /etc/fstab to ensure that it persists through power cycles.

echo "UUID=$NEW_UUID  /var/blockstorage ext4 defaults,usrquota,grpquota,noatime 0 0" >> /etc/fstab

That's it for the block storage setup! Head over to part 2.

Section A.1: Enabling quotas for previously configured block storage

This is relatively straightforward, so open your favorite text editor to /etc/fstab. It should look like this:

Go to the line with /dev/vdb1, and add usrquota,grpquota after defaults,. Your file should now look like this:

Save, and exit. To apply your changes, we'll need to remount the drive.

mount -o remount /dev/vdb1

Now, let's continue on to section B..

Section B: Installing Samba

The first thing you'll want to do is update your package sources.

apt-get update -y

Give it a few moments, and when it's done, proceed to the next command. Now, let's install Samba and any dependencies.

apt-get install samba quota firewalld -y

That's it for installing Samba. Good job so far, you're doing great! Let's head over to part 2, where we'll configure Samba according to your needs.

Part 2: Configuring Samba

This is probably the most difficult step, so hang tight! Currently, this article supports three different configuration options. They are as follows: a public share any user can access (A.1); a private share with user permissions (A.2); a private share with user permissions and quotas (A.3).

Before you jump to the appropriate section, there's a few things we need to change in /etc/samba/smb.conf that pertain to each section.

Open up your favorite text editor, and find the line with # wins support = no. Uncomment the line (remove the # symbol) and change "no" to "yes". Save the file.

At this point, you may head over to the appropriate section.

Section A.1: Public Samba share

This sub-section will cover how a public Samba share is setup. This is relatively easy, as we don't need to apply any special permissions or configuration options.

Append the following to your /etc/samba/smb.conf configuration file:

[Public Share]
comment = Publicly accessible share that allows ANY user to access it
path = /var/blockstorage
read only = no
guest ok = yes

Please note: This share is accessible by ANYONE who can connect to your Samba server. It is possible to secure this, by creating a single user that you'll share with anyone who needs access to the share. The steps for this are available in section A.2.

Then, restart Samba:

systemctl restart smbd

Section A.2: Private share with permissions

Samba has a plethora of options in terms of authentication, Because Samba recognizes the home prefix, it'll automatically authenticate against your system and with its own authentication system. Also, it is not necessary to specify a path, because Samba will read this from the user's /etc/passwd entry.

Append the following to your /etc/samba/smb.conf configuration file.

[homes]
browsable = no
writable = yes
read only = no

To setup a user, we'll need to first create a separate Linux account for them. The following command will create a user, without shell or SFTP access:

NEW_USER="Username of the user you'd like to create"
useradd -d /var/blockstorage/$NEW_USER -s /usr/sbin/nologin $NEW_USER

Then, set a password for it:

passwd $NEW_USER

Lastly, we need to activate the user in Samba. Enter the same password as you did earlier after you enter the first smbpasswd command. The second command will enable the user.

smbpasswd -a $NEW_USER 
smbpasswd -e $NEW_USER

Repeat this section to create new users as necessary.

Section A.3: Private share with permissions and quotas

The steps are the same as A.2, so please complete those steps and then come back here. Setting up quotas with Samba is similar to how you'd setup quotas for the standard Linux user.

We haven't initialized our mounted directory for quotas yet, so let's do that now.

quotacheck -cug /var/blockstorage

That should be it for turning quotas on. Assuming you've already created some users, we can now give them disk limits.

We need to calculate how much disk space to allocate, but since quotas are measured in blocks, here's the equation to convert MB to blocks:

mb to allocate * 1024 = number of blocks
Example: 1024MB * 1024 = 1048576 blocks

Now that you have an idea of the amount of blocks you want to allocate, let's set the limit.

edquota $NEW_USER

It will look like this:

Go to the first hard past the blocks portion, and move to the number (probably 0) under it. Change this to the number of blocks you calculated earlier.

Save and exit.

That should be it for setting up quotas; feel free to repeat this section as needed.

Section B: Allowing external connections from your connection

Obviously, at the moment, the Samba share cannot be accessed via the Internet at the moment because the firewall is blocking the ports it uses.

As we installed FirewallD earlier, opening ports is very simple. Simply run the following set of commands to open Samba.

firewall-cmd --permanent --add-port=139/tcp
firewall-cmd --permanent --add-port=445/tcp
firewall-cmd --permanent --add-port=137/udp
firewall-cmd --permanent --add-port=138/udp
systemctl restart firewalld

There we go. You are now able to access your Samba share from anywhere.

Conclusion

In this article, we covered how to configure Samba with Vultr's block storage on Debian 9. It's a reliable, and quick solution and you can easily expand the size of your block storage at any time (you will need to reboot, though!) It's perfect for sharing photos and media with your family, friends and among other things, and it's easy to maintain.

Happy hacking!

Want to contribute ?

You could earn up to $300 by adding new articles