Configuration of a Samba share on Fedora CoreOS based systems to allow public and browseable shares

| 2 min read (424 words)
#linux  #home server  #desktop  #samba  #fedora-coreos  #silverblue  #kinoite  #hack-the-way 

Configuring samba on a Fedora CoreOS based system like Fedora Kinoite or Fedora Silverblue is not so different from the traditional, non-atomic, OS configurations, including Fedora Workstation. The main package to install is samba, that you can achieve with the following command:

# rpm-ostree install samba
# systemctl enable smb nmb --now

If you are using CoreOS-native layering, you might want to add this package and enable the unit in your Containerfile.

Setting the user samaba password

The first thing to do is to set the password for the user samba:

# smbpasswd -a <sambauser>

Configuration of /etc/samba/smb.conf

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
#
# Note:
# SMB1 is disabled by default. This means clients without support for SMB2 or
# SMB3 are no longer able to connect to smbd (by default).

[global]
        workgroup = SAMBA
        security = user

        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw

        map to guest = Bad User
        hosts allow = 192.168.1.0/24
        idmap config * : backend = tdb

        # Install samba-usershares package for support
        include = /etc/samba/usershares.conf

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @printadmin root
        force group = @printadmin
        create mask = 0664
        directory mask = 0775

## Below is the public share configuration, browseable, readable, but writable only by the user aleskandro

[share]
    comment = Public
    path = /var/home/aleskandro/Public
    writeable = yes
    browseable = yes
    public = yes
    create mask = 0644
    directory mask = 0755
    write list = aleskandro

SELinux

1. Change the File Context

If the files being shared are in a user’s home directory, update the SELinux context to samba_share_t, which is appropriate for files shared by Samba.

sudo chcon -R -t samba_share_t /path/to/shared_directory

For a persistent change, use:

sudo semanage fcontext -a -t samba_share_t "/path/to/shared_directory(/.*)?"
sudo restorecon -R /path/to/shared_directory

2. Enable Samba to Access Home Directories

If you intend to share files directly from user home directories, you can enable the samba_enable_home_dirs SELinux boolean to allow access:

sudo setsebool -P samba_enable_home_dirs on

3. Verify the Configuration and Test

After making these changes, restart Samba to apply any configuration updates:

sudo systemctl restart smb nmb