Paranoid Penguin - Samba Security, Part II

The last task we've got space for this month is setting up our user accounts, and there are four steps:

Step one is to use whatever method you usually use to create user accounts on your system—either by using your system administration GUI of choice (such as GNOME's Users and Groups applet) or via the commands useradd, userdel and so forth.

For example, to create Pepe's account, I could use the following command. Note the sudo, necessary for Ubuntu. On other distributions, su to root before executing these commands, and omit the sudo that each begins with here:

bash-$ sudo useradd -c "Pepe" -m -g users pepe

This creates the user account pepe with the comment Pepe, automatically creates a home directory (/home/pepe) and assigns it to the group users. To be extra paranoid, you could insert the string -s /bin/false after -g users, which will disable normal Linux logins for Pepe's account, making it useless for anything other than Samba access.

Step two is to set each user's Linux password, like this:

bash-$ sudo passwd pepe

Obviously, you need to communicate whatever password you set here to Pepe in a secure fashion, and Pepe will need to change this password to something you don't know. (But that part happens in step four.)

Step three is to use the smbpasswd command to create each user's Samba password database entry, like so:

bash-$ sudo smbpasswd -a pepe

You'll be prompted to set and confirm Pepe's Samba password, after which the new account will be added. It's probably a good idea to use the same initial password here that you used in step two.

Finally, you'll want Pepe to log in to the system (assuming you didn't set his shell to /bin/false) and issue the following command:

pepe@casademick$ smbpasswd

Pepe will be prompted for his old password, his new password and confirmation of his new password. Assuming all three of those are good, Samba will change both Pepe's Samba password and his Linux password accordingly. Note that this synchronization does not occur when you create a new Samba password entry as root, using the -a flag.

If Pepe has an invalid shell, such as /bin/false, you'll have to let him sit at your console while you type the command sudo smbpasswd pepe, and then turn your back while he changes his password. You'll then need to do the same thing with the command sudo passwd pepe, because Samba does not synchronize Linux/UNIX passwords if you execute smbpasswd as root.

We've specified our usage scenario, set up some basic global settings using Swat and started adding users. Next month, we'll create the actual shares, but if you can't wait until then, you'll have no problem figuring out how using Swat's ample documentation. The “Official Samba 3.2.x HOWTO and Reference Guide” (see Resources) also may help. Have fun, and be safe!