Wednesday | 01 APR 2026
previous

2026-04-01
Setting Up Samba Shares

samba, sysadmin

We want to create a set of protected share folders for groups of users.

This requires a few things, we need to create the base directories correctly, set up the samba configuration and create samba users and groups.

This document will cover an example where we are creating a General folder that is available to all users in the staff group.

Base Directories

The first step is to create the base directory with the right permissions.

mkdir General
chmod 755 General
chgrp staff General
chmod g+s General

These commands are doing the following:

  1. Create the directory

  2. Set the default permissions of the directory

  3. Change the group of the directory to staff

  4. Set the gid of the directory so that the group is inherited by files inside

We need to do each step. If the permissions are 777 for General, the gid will not be inherited so files created inside won't get the correct group assigned.

Samba Configuration

Below is a sample configuration for setting up a samba share with a group.

[Production]
    path = /home/uvexport/SambaTest/General
    valid users = @staff
    public = no
    writable = yes
    create mask = 0664
    directory mask = 2775
    force create mode = 0664
    force directory mode = 2775

This sets the default permissions of files created inside the Samba share. This is for the Windows side of Samba and so these will be used when a user creates a file or folder.

Linux will respect the gid and so files exported from UniVerse into this folder will get the group assigned automatically.

Samba Users

Samba does not share credentials with Linux and so we need to maintain parallel users in both Linux and Samba.

We can add a samba user by doing:

sudo smbpasswd -a username

We will then be prompted to enter a password.

Groups

We can create a new group by doing:

groupadd staff

We can modify a user to have the new group:

usermod -aG staff username

Mapping a Samba Share

Open the File Explorer in Windows. We can then right click on This PC and map a network drive:

\\192.168.18.30\General

This should then prompt us for our credentials.

If we run into issues here, it may be that there are incorrect credentials already stored for that server, the credentials are per server and so we may need to clear all mappings to the server and re-add them.

We can have shares that require credentials and shares that allow guest access but it looks like the protected shares need to be set up first.