As I have previously mentioned, IPFire supports addons by way of package manager, Pakfire.

One of the many addons you can get, is Samba. Now since I’ve got my media drive working in the new setup, I needed a way of sharing the data across my network (all windows based machines).

So after I installed samba, you get a new entry “Samba” on the side-bar of the Pakfire page, not sure why they put it there but whatever.

After much research and tinkering I found the best settings were essentially what you are given as the default but with a few tweaks.

I set “Security” to User and Map to Guest to “Bad User”. Also, as the router is essentially the server, I enabled Local Master and Preferred Master; hopefully that means that Samba will take charge of resolving Netbios names and means (I guess) less traffic.

And these are the setting for the share:

[media]
path = /mnt/media
comment = Media Drive
browseable = yes
writeable = yes
create mask = 0777
directory mask = 0777
public = yes
read only = no

Now this will allow for essentially anyone to read/write the share, which is a mega security risk normally, but considering this is a home network, it’s function over security and I’m not too worried about hackers watching my Harry Potter rips =D.

On top of this share, I also have another share I need to make for backups.

For this one, I made a new samba user. Now you could either do it the long way in the shell (useradd [user] -p [pass], then smbpasswd -a [user]), or just use the great little web interface they give you.

So I made up a new user ‘backups’ and gave it a password.

Then I used the following settings for the share

[backups]
path = /var/backups
browseable = yes
writeable = yes
create mask = 700 – ensures the files created are owned by its’ owner (backups)
directory mask = 0700 – ensures the directories created are owned by its’ owner (backups )
force user = backups ensures all files/folders created will be owned by ‘backups’
valid users = backups – finally, locks the share to only one account

Now i’m sure I don’t need all of those options, for example, it seems rather redundant to limit the share to the backups user when only backups can read/write anyway, but until I can see a reason why not to, I will err on the side of caution.

Note: the unix permissions will first need to be set on the target folder (/var/backups/ in this case). For example I did chgrp -R backups /var/backups to assign the folder to the backups group. And also you will want to change the file permissions to ensure no one else can access the folder, so chmod -R 700 /var/backups will give you read/write permissions only for the backups user.

When it comes to Samba, remember that it cannot override UNIX permissions, so its best to sort them out first. Oh and btw the user backups is a member of the samba user group, so if you give group permissions, I’m pretty sure that you would be essentially giving samba rights to deal with permissions on it’s own terms. Not a good thing imo.