samba
The permission for shares involves a combination of linux file system permission and samba permission.
Step1: It is important to ensure that Canonical UIDs/GIDs are established on the server.
id aniruth
id prabu
id aadhirai
getent group smbusers
Step2: Match to it by adjusting UIDs/GIDs on Client Machines (PC1, PC2,etc.):
sudo usermod -u 1000 prabu
sudo groupmod -g 1000 prabu
Step2a: Update File Ownership:
After changing a UID/GID, any files or directories previously owned by the old numerical ID will now appear to be owned by a different user/group (or no one). You must change their ownership to the new UID/GID.
sudo chown -R prabu:prabu /home/prabu
Step3: Ensure Samba Users Match Linux Users as follows:
sudo smbpasswd -a aniruth
or doas mount -t cifs /192.168.1.3/prabu ~/pi_home -o user=prabu,uid=\((id -u),gid=\)(id -g),vers=3.0,iocharset=utf8 doas mount -t cifs //192.168.1.3/prabu ~/pi_home -o credentials=/home/prabu.smbcredentials,uid=\((id -u),gid=\)(id -g),vers=3.0,iocharset=utf8
Samba Configuration
sudo mkdir -p /mnt/NAS_HDD
sudo nano /etc/fstab
UUID=your-btrfs-uuid-here /mnt/NAS_HDD btrfs defaults,noatime,compress=zstd,space_cache=v2 0 0
UUID=your-btrfs-uuid-here /mnt/NAS_HDD btrfs defaults,noatime,compress=zstd,space_cache=v2,noauto 0 0
apt install samba samba-common
sudo nano /etc/samba/smb.conf
sudo groupadd smbgroup
Add existing users
sudo usermod -a -G smbgroup pi
sudo smbpasswd -a pi
sudo chown -R pi:smbgroup /mnt/NAS_HDD
sudo chmod -R 775 /mnt/NAS_HDD
sudo systemctl restart smbd nmbd
Modified the password storage location in /etc/samba/smb.conf file passdb backend = tdbsam:/etc/samba/private/passdb.tdb
OpenRC configuration
The file /etc/init.d/mount_nas_hdd as follows:
#!/sbin/openrc-run
name="Mount NAS HDD"
description="Attempts to mount the Btrfs NAS HDD at /mnt/NAS_HDD"
# Depend on localmount (local filesystems are mounted)
# and net (if you need network for anything related, though not for local USB drive)
depend() {
# Ensure local filesystems are mounted first
after localmount
# You might also want after net if you have network-dependent setup later
}
start() {
ebegin "Mounting NAS HDD..."
# Try to mount the device by its mount point from fstab
# The -o nofail is often respected by mount itself, even if not systemd
# but the main safeguard is our noauto in fstab + this script
# which can handle failure gracefully.
mount /mnt/NAS_HDD
# Check the exit status of the mount command
if [ $? -eq 0 ]; then
eend 0 "NAS HDD mounted successfully."
else
eend 1 "Failed to mount NAS HDD (it might not be connected). Continuing boot."
# We exit with 0 (success) here for OpenRC, even if mount failed,
# because the service's purpose is to *attempt* the mount, not
# to halt the system if it fails.
return 0
fi
}
stop() {
ebegin "Unmounting NAS HDD..."
umount /mnt/NAS_HDD
if [ $? -eq 0 ]; then
eend 0 "NAS HDD unmounted successfully."
else
eend 1 "Failed to unmount NAS HDD. It might not be mounted or busy."
return 1 # Indicate failure if unmount fails (optional, depends on desired behavior)
fi
}
# You can also add a status command if you like
# status() {
# rc-service "${RC_SVCNAME}" status
# }
sudo rc-update add mount_nas_hdd default
Client side Configuration
on the client sudo mount -t cifs //192.168.1.100/MySharedFolder /mnt/windows_share -o username=JohnDoe
sudo nano etc/cifs-credentials # Or ~.smbcredentials for user-specific mount Add the following two lines (replace with your actual credentials):
username=YourWindowsShareUsername password=YourWindowsSharePassword sudo chmod 600 /etc/cifs-credentials
Add the following to etc/fstab /[Windows_Server_IP_or_Hostname]/[Share_Name] /mnt/windows_share cifs credentials=/etc/cifs-credentials,uid=your_local_linux_user,gid=your_local_linux_group,iocharset=utf8,file_mode=0775,dir_mode=0775,vers=3.0,_netdev 0 0 //192.168.1.3/shared /mnt/smb cifs credentials=/etc/cifs-credentials,uid=your_linux_user,gid=your_linux_group,iocharset=utf8,file_mode=0664,dir_mode=0775,vers=3.0,noserverino,_netdev 0 0
Samba Configuration Snippets
Permission flow overview
Samba access = [Linux FS permissions] ∩ [Samba config]
Samba does not override file system permissions — it adds another layer. For a user to successfully read or write a file:
They must have both:
Access via Samba config (e.g., writable = yes, valid users, etc.)
Linux-level permission (i.e., chmod, chown, group, ACLs, etc.)
Overlapping Share Rules: Which One Applies?
Samba permissions are per share.
Accessing @audio via [audio] uses [audio] share settings.
Accessing the same path via [shared] uses [shared] settings.
So even if two shares point to the same location, access permissions may differ depending on which share is used.
Samba Share Configuration Strategy
homes special built-in per-user private Optional if home sharing is enabled docs_common /mnt/NAS/@docs/common r+w for group You can move common folders here aniruth /mnt/NAS/@docs/aniruth r+w for user Private home folder
Here’s the current configuration for /etc/samba/smb.conf:
[global]
workgroup = WORKGROUP
security = user
map to guest = never
# create mask = 0660
# directory mask = 0770
# force group = smbusers
# valid users = @smbusers
[homes]
comment = Home Directories
browsable = no
writable = yes
path = /mnt/NAS/@myhome/%U
valid users = %U
[docs]
path=/mnt/NAS/@docs
browseable = yes
writeable=Yes
create mask=0777
directory mask=0777
public=no
valid users = @smbusers
#force group = @smbusers
[music]
path=/mnt/NAS/@audio
browseable = yes
guest ok = yes
Linux Permissions
chown -R root:smbusers /mnt/NAS/@docs/common chmod -R 2770 /mnt/NAS/@docs/common # Setgid to preserve group
chown -R aniruth:users /mnt/NAS/@docs/aniruth chmod -R 700 /mnt/NAS/@docs/aniruth
chown -R root:smbusers /mnt/NAS/@photos /mnt/NAS/@videos /mnt/NAS/@audio chmod -R 2770 /mnt/NAS/@photos /mnt/NAS/@videos /mnt/NAS/@audio
To move the user folders to /mnt/NAS/@home while preserving all original ownership, permissions, and timestamps, use the rsync command with appropriate flags.
rsync -aAXv mnt/NAS/@docs/{aniruth,prabu,aadhirai} /mnt/NAS/@home
© Prabu Anand K 2020-2026