Samba on Linux - Secure File Sharing for Mixed Environments
Enable secure, controlled file sharing across Windows and Linux clients using Samba. This guide walks you through a basic setup, which forms the foundation for building a secure, maintainable file server.
🧰 Introduction to Samba
I might be showing my gray hairs here, but Samba was one of the first open source projects I ever heard about—long before I even knew what Linux was.
Back then, I was fresh out of university, working at a small company where the system administrator had set up a Samba server for shared drives across the office. It was one of those “Linux can do that?” moments that stuck with me.
Fast forward to today: even in the age of cloud storage and SaaS platforms, on-premises file shares are still very much alive. Samba remains relevant, shipping by default with many Linux distributions or available via core package repositories. Whether you’re deploying a small home server or maintaining enterprise file services, Samba is still a reliable and versatile solution.
But what exactly is Samba?
📚 Table of Contents
- 🧰 Introduction to Samba
- 📦 What Is Samba?
- 🛠️ Samba Setup: Layers to Watch
- 🖥️ Setup Environment
- 🛠️ Install Samba and Start Services
- 🗂️ Plan and Create Share Structure
- 👥 Set Up Users and Groups
- ⚙️ Configure
smb.conffor Secure Share Access - 🛡️ SELinux Integration
- 🧪 Test Share Access
- ✅ Conclusion
- 🧭 Need a Quick Reference?
📦 What Is Samba?
Originally, Samba was created to centralize file storage when local disk space on workstations was limited and expensive. With a few spare hard drives, a Linux distro, and some patience, admins could spin up a Samba server to share files over a network using Windows-compatible protocols like SMB/CIFS.
Today, Samba is embedded everywhere—even if you don’t realize it:
- It powers home media servers, streaming media to smart TVs, phones, and tablets.
- It serves as centralized file storage for teams, labs, and small businesses.
- It’s the software layer inside many off-the-shelf NAS appliances, quietly enabling Windows-style file sharing.
If you’ve ever accessed \\server\share, there’s a good chance Samba—or its commercial cousin—is behind the scenes.
🛠️ Samba Setup: Layers to Watch
Samba interacts with multiple layers of system security, which means getting a basic share working can be surprisingly complex. Even with a flawless smb.conf, things can still fail due to unrelated system-level issues.
I’ve personally lost hours troubleshooting what I thought was a misconfiguration, only to discover it was a firewall rule, a Linux file permission, or SELinux quietly denying access.
Understanding these layers is key to both troubleshooting and securing Samba:
- 🔥 Firewall: Ensure required ports (
137,138,139,445) are open. - 👤 Linux User Account: Samba users must also exist as system users.
- 🔐 Samba User Account: Users must be added via
smbpasswd. - 🧩 PAM Integration: Some distros use PAM for authentication—be aware of this layer.
- 🛡️ SELinux / AppArmor: Security modules can block Samba from accessing files.
- 📁 Filesystem Permissions: Correct Linux ownership and mode bits are essential.
Planning for these up front can save hours of troubleshooting down the line.
🖥️ Setup Environment
This guide is based on:
- OS: Oracle Linux 9 (RHEL-compatible)
- Services:
smb(Samba server daemon)
🛠️ Install Samba and Start Services
Install Samba and enable the service:
1
2
sudo dnf install samba samba-client samba-common -y
sudo systemctl enable --now smb
Configure the firewall to allow Samba traffic:
1
2
sudo firewall-cmd --permanent --add-service=samba
sudo firewall-cmd --reload
🗂️ Plan and Create Share Structure
We’ll store shared folders in /srv/samba, following a clean, FHS-friendly layout:
1
2
/srv/samba/
└── share/ # Restricted share for authenticated users
Create the directory:
1
sudo mkdir -p /srv/samba/share
👥 Set Up Users and Groups
First, create a Linux user account to access the Samba share. We’ll disable shell login for this account:
1
2
sudo useradd -M -s /sbin/nologin smbuser
sudo smbpasswd -a smbuser
If you want to allow group-based access (e.g. a finance team):
1
2
3
4
5
6
7
# Create group and add users
sudo groupadd finance
sudo usermod -aG finance smbuser
# Set group ownership and permissions
sudo chown :finance /srv/samba/share
sudo chmod 770 /srv/samba/share
⚙️ Configure smb.conf for Secure Share Access
Samba configuration is managed in /etc/samba/smb.conf.
A basic configuration includes:
- A
[global]section for server-wide settings - One or more share sections (e.g.
[SecureShare])
1
2
3
4
5
6
7
8
9
10
[global]
workgroup = WORKGROUP
security = user
map to guest = Bad User
[SecureShare]
path = /srv/samba/share
valid users = @finance
guest ok = no
writable = yes
Apply changes:
1
sudo systemctl restart smb
🛡️ SELinux Integration
By default, SELinux does not allow Samba to access arbitrary directories. To make /srv/samba accessible:
1
2
sudo semanage fcontext -a -t samba_share_t "/srv/samba(/.*)?"
sudo restorecon -Rv /srv/samba
⚠️ Note: Avoid enabling
samba_export_all_rwunless absolutely necessary. Using specific contexts (samba_share_t) is safer and more maintainable.
🧪 Test Share Access
From Linux:
1
2
smbclient -L //<server-ip> -U smbuser
smbclient //192.168.35.42/SecureShare -U smbuser
From Windows:
In the File Explorer address bar:
1
\\<server-ip>\SecureShare
Login using the Samba credentials.
✅ Conclusion
Samba remains a powerful tool for bridging Windows and Linux in mixed environments. In this guide, we covered:
- What Samba is and why it’s still relevant
- How to install and configure Samba on Oracle Linux 9
- How to set up both secure and group-based file shares
- How to navigate common security and system integration layers (like SELinux)
This foundational setup is preproduction-ready for small teams or homelabs. In the next articles, we’ll dive deeper into adding additional security.
🧭 Need a Quick Reference?
If you’re looking for commands, error fixes, or configuration tips while working with Samba:
➡️ Check out the companion article: **🧰 Samba Admin Cheatsheet for Oracle Linux 9
It includes:
- Common error resolutions
- Security best practices
- Test and validation commands
- Handy
systemctlandsmbclientusage
Perfect for troubleshooting and day-to-day Samba admin work!
Need Linux expertise? I help businesses streamline servers, secure infrastructure, and automate workflows. Whether you’re troubleshooting, optimizing, or building from scratch—I’ve got you covered.
📬 Drop a comment or email me to collaborate. For more tutorials, tools, and insights, visit sebostechnology.com.
☕ Did you find this article helpful? Consider supporting more content like this by buying me a coffee: Buy Me A Coffee Your support helps me write more Linux tips, tutorials, and deep dives.