# SMB

- [SMB](#smb)
  - [Install SMB](#install-smb)
  - [Create SMB User](#create-smb-user)
  - [Create a SMB Share](#create-a-smb-share)
  - [Create a SMB Share with Many Users](#create-a-smb-share-with-many-users)
  - [Mount SMB Share at Boot](#mount-smb-share-at-boot)

## Install SMB

```bash
sudo dnf install samba
sudo systemctl enable smb --now
firewall-cmd --get-active-zones
sudo firewall-cmd --permanent --zone=FedoraServer --add-service=samba
sudo firewall-cmd --reload
```

## Create SMB User

```bash
# Add a linux user
sudo adduser --no-create-home --disabled-password --disabled-login sambauser

# Add the samba user with password
sudo smbpasswd -a sambauser
```

## Create a SMB Share

```bash
# Create share
mkdir /srv/smb/sambauser

# Set proper selinux labels for samba
sudo semanage fcontext --add --type "samba_share_t" "/srv/smb(/.*)?"

# Run restorecon at the root of the btrfs subvolume
sudo restorecon -FRv /srv
```

Edit /etc/samba/smb.conf

```conf
[smb_sambauser]
        comment = My Share
        path = /srv/smb/sambauser
        writeable = yes
        browseable = yes
        public = no
        create mask = 0644
        directory mask = 0755
        write list = user
```

Then restart SMB

```bash
sudo systemctl restart smb
```

## Create a SMB Share with Many Users

```bash
sudo groupadd myfamily
sudo useradd -G myfamily jack
sudo useradd -G myfamily maria

sudo smbpasswd -a jack
sudo smbpasswd -a maria

sudo mkdir /home/share
sudo chgrp myfamily /home/share
sudo chmod 770 /home/share
sudo semanage fcontext --add --type "samba_share_t" "/home/share(/.*)?"
sudo restorecon -R /home/share
```

```conf
[family]
        comment = Family Share
        path = /home/share
        writeable = yes
        browseable = yes
        public = yes
        valid users = @myfamily
        create mask = 0660
        directory mask = 0770
        force group = +myfamily
```

- valid users: only users of the group family have access rights. The @ denotes a group name.
- force group = +myfamily: files and directories are created with this group, instead of the user group.
- create mask = 0660: files in the share are created with permissions to allow all group users to read and write files created by other users.
- directory mask = 0770: as before, but for directories.

Don't forget to restart smb

```bash
systemctl restart smb
```

## Mount SMB Share at Boot

Make sure your install cifs-utils: `dnf install cifs-utils`

Create a password file at `/etc/samba/credentials` with contents like

```text
username=USERNAME
password=PASSWORD
```

Then edit `/etc/fstab` to mount the share

```conf
# With login
//server_name/share_name /local_mount_point cifs _netdev,nofail,uid=1001,gid=1001,credentials=/etc/samba/credentials 0 0

# As guest
//server_name/share_name /local_mount_point cifs _netdev,nofail,guest 0 0
```