samba

The permission for shares involves a combination of linux file system permission and samba permission.

Step1: It is important to ensure that Canonical UIDs/GIDs are established on the server.

id aniruth
id prabu
id aadhirai
getent group smbusers

Step2: Match to it by adjusting UIDs/GIDs on Client Machines (PC1, PC2,etc.):

sudo usermod -u 1000 prabu
sudo groupmod -g 1000 prabu

Step2a: Update File Ownership:

After changing a UID/GID, any files or directories previously owned by the old numerical ID will now appear to be owned by a different user/group (or no one). You must change their ownership to the new UID/GID.

sudo chown -R prabu:prabu /home/prabu

Step3: Ensure Samba Users Match Linux Users as follows:

sudo smbpasswd -a aniruth

or doas mount -t cifs /192.168.1.3/prabu ~/pi_home -o user=prabu,uid=\((id -u),gid=\)(id -g),vers=3.0,iocharset=utf8 doas mount -t cifs //192.168.1.3/prabu ~/pi_home -o credentials=/home/prabu.smbcredentials,uid=\((id -u),gid=\)(id -g),vers=3.0,iocharset=utf8

Samba Configuration

sudo mkdir -p /mnt/NAS_HDD
sudo nano /etc/fstab
UUID=your-btrfs-uuid-here /mnt/NAS_HDD btrfs defaults,noatime,compress=zstd,space_cache=v2 0 0
UUID=your-btrfs-uuid-here /mnt/NAS_HDD btrfs defaults,noatime,compress=zstd,space_cache=v2,noauto 0 0
apt install samba samba-common
sudo nano /etc/samba/smb.conf
sudo groupadd smbgroup

Add existing users

sudo usermod -a -G smbgroup pi
sudo smbpasswd -a pi
sudo chown -R pi:smbgroup /mnt/NAS_HDD
sudo chmod -R 775 /mnt/NAS_HDD
sudo systemctl restart smbd nmbd

Modified the password storage location in /etc/samba/smb.conf file passdb backend = tdbsam:/etc/samba/private/passdb.tdb

OpenRC configuration

The file /etc/init.d/mount_nas_hdd as follows:


#!/sbin/openrc-run

name="Mount NAS HDD"
description="Attempts to mount the Btrfs NAS HDD at /mnt/NAS_HDD"

# Depend on localmount (local filesystems are mounted)
# and net (if you need network for anything related, though not for local USB drive)
depend() {
    # Ensure local filesystems are mounted first
    after localmount
    # You might also want after net if you have network-dependent setup later
}

start() {
    ebegin "Mounting NAS HDD..."
    # Try to mount the device by its mount point from fstab
    # The -o nofail is often respected by mount itself, even if not systemd
    # but the main safeguard is our noauto in fstab + this script
    # which can handle failure gracefully.
    mount /mnt/NAS_HDD
    # Check the exit status of the mount command
    if [ $? -eq 0 ]; then
        eend 0 "NAS HDD mounted successfully."
    else
        eend 1 "Failed to mount NAS HDD (it might not be connected). Continuing boot."
        # We exit with 0 (success) here for OpenRC, even if mount failed,
        # because the service's purpose is to *attempt* the mount, not
        # to halt the system if it fails.
        return 0
    fi
}

stop() {
    ebegin "Unmounting NAS HDD..."
    umount /mnt/NAS_HDD
    if [ $? -eq 0 ]; then
        eend 0 "NAS HDD unmounted successfully."
    else
        eend 1 "Failed to unmount NAS HDD. It might not be mounted or busy."
        return 1 # Indicate failure if unmount fails (optional, depends on desired behavior)
    fi
}

# You can also add a status command if you like
# status() {
#     rc-service "${RC_SVCNAME}" status
# }

sudo rc-update add mount_nas_hdd default

Client side Configuration

on the client sudo mount -t cifs //192.168.1.100/MySharedFolder /mnt/windows_share -o username=JohnDoe

sudo nano etc/cifs-credentials # Or ~.smbcredentials for user-specific mount Add the following two lines (replace with your actual credentials):

username=YourWindowsShareUsername password=YourWindowsSharePassword sudo chmod 600 /etc/cifs-credentials

Add the following to etc/fstab /[Windows_Server_IP_or_Hostname]/[Share_Name] /mnt/windows_share cifs credentials=/etc/cifs-credentials,uid=your_local_linux_user,gid=your_local_linux_group,iocharset=utf8,file_mode=0775,dir_mode=0775,vers=3.0,_netdev 0 0 //192.168.1.3/shared /mnt/smb cifs credentials=/etc/cifs-credentials,uid=your_linux_user,gid=your_linux_group,iocharset=utf8,file_mode=0664,dir_mode=0775,vers=3.0,noserverino,_netdev 0 0

Samba Configuration Snippets

Permission flow overview

Samba access = [Linux FS permissions] ∩ [Samba config]

Samba does not override file system permissions β€” it adds another layer. For a user to successfully read or write a file:

They must have both:

Access via Samba config (e.g., writable = yes, valid users, etc.)

Linux-level permission (i.e., chmod, chown, group, ACLs, etc.)

Overlapping Share Rules: Which One Applies?

Samba permissions are per share.

Accessing @audio via [audio] uses [audio] share settings.

Accessing the same path via [shared] uses [shared] settings.

So even if two shares point to the same location, access permissions may differ depending on which share is used.

Samba Share Configuration Strategy

homes special built-in per-user private Optional if home sharing is enabled docs_common /mnt/NAS/@docs/common r+w for group You can move common folders here aniruth /mnt/NAS/@docs/aniruth r+w for user Private home folder

Here’s the current configuration for /etc/samba/smb.conf:

[global]
   workgroup = WORKGROUP
   security = user
   map to guest = never
#   create mask = 0660
#   directory mask = 0770
#   force group = smbusers
#   valid users = @smbusers

[homes]
   comment = Home Directories
   browsable = no
   writable = yes
   path = /mnt/NAS/@myhome/%U
   valid users = %U

[docs]
path=/mnt/NAS/@docs
browseable = yes
writeable=Yes
create mask=0777
directory mask=0777
public=no
valid users = @smbusers
#force group = @smbusers

[music]
path=/mnt/NAS/@audio
browseable = yes
guest ok = yes

Linux Permissions

chown -R root:smbusers /mnt/NAS/@docs/common chmod -R 2770 /mnt/NAS/@docs/common # Setgid to preserve group

chown -R aniruth:users /mnt/NAS/@docs/aniruth chmod -R 700 /mnt/NAS/@docs/aniruth

chown -R root:smbusers /mnt/NAS/@photos /mnt/NAS/@videos /mnt/NAS/@audio chmod -R 2770 /mnt/NAS/@photos /mnt/NAS/@videos /mnt/NAS/@audio

To move the user folders to /mnt/NAS/@home while preserving all original ownership, permissions, and timestamps, use the rsync command with appropriate flags.

rsync -aAXv mnt/NAS/@docs/{aniruth,prabu,aadhirai} /mnt/NAS/@home

Β© Prabu Anand K 2020-2026