How to add a public share to Samba on F40?

Hi,

I’ve searched here, I’ve followed the pages I’ve found on the net, I’ve used /etc/samba/smb.conf.example as a template, I’ve asked ChatGPT, all to no avail:

  • I can set up a Samba share with a user+password (been working a long time).
  • I cannot set up a Samba public share that does not require user name/password credentials.

How do I modify /etc/samba/smb.conf to create a credential-less share? I had a sneaking feeling that setting security = user in the [global] section might be a problem since I basically want share-level security with no creds (old-fashioned Microsoft SMB server nomenclature, perhaps) but setting e.g. security = share produces an error.

I’ve added the following section to smb.conf and tried all the various options without success; the “public” directory is /public, currently owned by root, but I’ve also tried making it owned by the account associated with a user-level share and that doesn’t work either, even if I use the credentials belonging to that account:

[public]
    browseable = yes
    comment = Public Share
#   create mask = 0777
#   directory mask = 0777
#   force create mode = 0666
#   force directory mode = 0777
#   force group = <user>
#   force user = <user>
#
guest ok = yes
#   guest only = yes
    path = /public
    public = yes
#
read only = no                                                                                                                          
#    writable = yes

I’ve tried adding usershare allow guests to the [global] section but that made no difference.

I’ve restarted the samba service after every edit of smb.conf but no joy. I can see the public share from the current and other (F40, and macOS, can’t see anything from Windows currently) machines, but cannot access it - I am prompted for credentials every time. I’ve tried known creds to no avail (as expected).

Is there any specific SMB- or SE- specific step I’m missing?

Thanks for any info!

1 Like

Thanks, there’s some good information in there. However, I already have a share set up which requires a user name and password, and has been working well for some time.

I’m trying to set up a share that does not require and does not prompt for user credentials - e.g. a “guest” or public level share that anyone can read or write, again without having to provide credentials. I can do this on Windows, so I presume I can also do it on Linux, but I may be wrong.

If I have to use a user name:password every time then that’s what I’ll do, but I would prefer the credential-less alternative. (BTW, ChatGPT gave me the impression that it knew how to do it, but of course the result still required credentials, and I think there were SELinux steps missing also!)

Maybe the problem is that SELinux (or the password safety system (I’ve forgot the terminology)) won’t let me have an account with an empty password. I imagine there’s a way around that too.

create directory, set permission for u,g, and o to w:

sudo mkdir /home/share
sudo chmod -R ugo+w /home/share

your smb.conf could look like this:

[public]
path = /home/share
public = yes
guest only = yes
writable = yes
force create mode = 0666
force directory mode = 0777
browseable = yes

Then restart sambda: sudo systemctl restart smb.service

btw the service name is smb not smbd. It changed backed in 2018. I was running into the service not found error trying this.

Thanks for the hint, I am going to edit and fix my previous post.

I think Samba always named it smb but for example Debian and thus Ubuntu called the daemon smbd. Looks like they have now aliased it so that the upstream name works as well, introduce upstream-like aliases for debian .service names, add rationale (d1007520) · Commits · Debian Samba Team / samba · GitLab

I tested in a F39 server VM, added “guest ok” to the [public] section. Did only work with “setenforce=0” on the server, but found no AVC messages. Probably something is missing on the server derived from network install. The user is mapped by default to “nobody”.

smbclient -N //192.168.2.7/Public
Anonymous login successful
Try "help" to get a list of possible commands.
smb: \>

Anonymous logon from MATE desktop worked too.

Correction: something logged
try: setsebool -P samba_export_all_rw=true

For some reason, create mask and directory mask have to be specified to, I took 0666 and 0777. May be better to define a special guest user instead of default nobody.

Addition:
If I create a subdir on the share, it’s owned by nobody, but I cannot put files into it.
After creating a “sambaguest” user and setting “guest account=sambaguest”, a mkdir on the share still creates a nobody owned directory. Adding “force user=sambaguest” to the share definition, it works as desired.
May be nobody has more limitations as any other users, but I do not understand completely what’s going on.

Thanks, however, it’s still not working. The directory was already rw for ugo, however I did seem to get a step further when trying to access the share from a MacBook: I wasn’t immediately prompted for credentials. Not sure why I got further with your smb.conf as I thought I’d tried all the same settings; presumably I missed a permutation?

However, soon as I tried to copy something to the share I was prompted for creds, none of which I tried were accepted. On my F40 system I got various SE alerts in the GUI which disappeared too quickly but eventually I trapped one which was complaining about an AVC denial.

Aha! Seems that the magic step is setsebool samba_export_all_rw=1 per @hmmsjan

Now it appears my share with creds works as it did previously, and now the credential-less public share works as expected also.

Thanks for the help!

1 Like