So, I thought it’s time to write an article on how to create some Samba shares on a Linux machine, so that we can access it from a Windows network.
Also, it would be nice if this machine can also be used to download torrents (like Ubuntu: https://releases.ubuntu.com/21.04/ubuntu-21.04-desktop-amd64.iso.torrent).
OK, so let’s start with setting up our samba share:
1 2 |
$ sudo apt install tasksel $ sudo tasksel install samba-server |
Then we make a copy of an existing configuration file and create a new /etc/samba/smb.conf configuration file:
1 2 |
$ sudo cp /etc/samba/smb.conf /etc/samba/smb.conf_backup $ sudo bash -c 'grep -v -E "^#|^;" /etc/samba/smb.conf_backup | grep . > /etc/samba/smb.conf' |
Samba has its own user management system. However, any user existing on the samba user list must also exist within /etc/passwd file. If your system user does not exist yet, hence cannot be located within /etc/passwd file, first create a new user using the useradd command before creating any new Samba user.
Once your new system user eg. andrei exits, use the smbpasswd command to create a new Samba user:
1 2 3 4 |
$ sudo smbpasswd -a andrei New SMB password: Retype new SMB password: Added user andrei. |
The next step is to add the home directory share. Use Nano to edit our new /etc/samba/smb.conf samba configuration file and add the following lines to the end of the file:
1 2 3 4 5 6 7 |
[homes] comment = Home Directories browseable = yes read only = no create mask = 0700 directory mask = 0700 valid users = %S |
Optionally, add a new publicly available read-write Samba share accessible by anonymous/guest users. First, create a directory you wish to share and change its access permission:
1 2 |
$ sudo mkdir /var/samba $ sudo chmod 777 /var/samba/ |
Once ready, once again open the /etc/samba/smb.conf samba configuration file and add the following lines to the end of the file:
1 2 3 4 5 6 7 8 |
[public] comment = public anonymous access path = /var/samba/ browsable =yes create mask = 0660 directory mask = 0771 writable = yes guest ok = yes |
Our basic Samba server configuration is done. Remember to always restart your samba server, after any change has been done to /etc/samba/smb.conf configuration file:
1 |
$ sudo systemctl restart smbd |
Note: you can create some test files. Once you access the Samba shares, the file should be visible in the shares.
1 2 |
$ touch /var/samba/public-share $ touch /home/linuxconfig/home-share |
Now let’s install our Torrents server – in this case Transmission
1 |
sudo apt install transmission-cli transmission-common transmission-daemon |
Then start/stop the service:
1 2 |
service transmission-daemon start service transmission-daemon stop |
And let’s edit Transmission’s configuration:
1 |
sudo nano /var/lib/transmission-daemon/info/settings.json |
Find “rpc-password”: and change the text in quotes next to it to your desired password.
It’s also a good idea to change the default username from transmission to something else. Find rpc-username and change “transmission” to another username. Be sure not to erase the quotes.
Lastly, use the usermod tool to add your user to the Transmission group. It’s a good idea to do this so that any files downloaded with Transmission can be accessible by your user.
Add your user to the group with the following command. Be sure to change “owner” to the default username on the server.
1 |
sudo usermod -a -G debian-transmission owner |
Whitelisting:
Transmission is now configured correctly. When it starts up, users will be able to access it via the web. Unfortunately, if any user on LAN tries to access it, they’ll get a 403 error. This is because of the rpc-whitelist security feature. It disables access to the service if specific IP addresses are not listed. To get around this, users usually disable it. In this guide, we won’t disable the rpc-whitelist feature, as it’s a great tool. Instead, we’ll set up a whitelist so that every user connected to LAN can access Transmission.
To edit the whitelist, open up the Transmission Daemon settings file.
1 |
sudo nano /var/lib/transmission-daemon/info/settings.json |
Scroll down and look for “rpc-whitelist”.
After 127.0.0.1 add:
1 |
,192.168.*.*,10.0.*.*" |
When everything is written out, the whitelist should look like the example below.
1 |
"rpc-whitelist": "127.0.0.1,192.168.*.*,10.0.*.*", |
Blocklist
Lots of people that download torrent files online use what’s known as a block list. Lists like these deny malicious IP addresses (like known virus/malware addresses, etc) from connecting over torrent. To enable this blacklist, open up the settings file and find “blocklist-url”:.
Change https://www.example.com/blocklist in the quotes to a link to a real blocklist. We can use this one.
When all modifications to the Transmission app are complete, use the systemctl or service commands to start it back up again.
1 |
service transmission-daemon start |
To use Transmission, just go to: http://ipofyourserver:9091 and login with the credentials supplied in the JSON file.
Note: if you use some subfolders in the Samba share for the Transmission storage (e.g Downloads or Incomplete), be sure to chmod 777 for these folders (e.g chmod 777 /var/samba).
Enjoy!