Take Back the Darknet (Part 6)

Part 6 – Installing Samba Server

We need a way to gain access to the files on the Raspberry Pi so we can update your new website. Samba allows sharing across Windows, OS X and Linux. Very useful. An alternative is FTP but isn’t covered in this guide.

Install Samba by running the following.
sudo apt-get install samba -y

We now need to stop the Samba service so we can edit the configuration file.
sudo /etc/init.d/samba stop

Remove the existing configuration file to start from scratch.
sudo rm /etc/samba/smb.conf

Create and edit your new configuration file.
sudo nano /etc/samba/smb.conf

Copy and paste the following into your terminal window. Change the “write list” and “valid users” to your current username.
[global]
server string = %h server
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Entersnews*spassword:* %nn
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb

[Website]
comment = Website
path = "/var/www/"
read only = yes
write list = tim
valid users = tim
locking = no
guest ok = no
force user = www-data
force group = www-data
browseable = yes
writeable = no
only guest = no

That big block of text will allow us to log in and edit files through Windows / OS X or Linux.
Replace the line about with – “passwd chat = *Entersnews*spassword:* %nn” – the backslashes were lost in formatting… I’m working on it!

Next, we need to set a password for your user under Samba. It can be different to your Raspberry Pi account or the same for the sake of simplicity. Make sure it matches the “write list” and “valid user” you picked for the above. Enter a new password when prompted.
sudo smbpasswd -a tim

Restart the Samba service to make the changes active.
sudo /etc/init.d/samba restart

Next up we are going to lock down the website location (/var/www/) by changing ownership and groups.
sudo chown -R www-data /var/www/
sudo chgrp -R www-data /var/www/

Which will lead us on to hardening some more things in the next step.

Advance onward to part 7 or head back to the table of contents on page 1.

Leave a Reply

Your email address will not be published. Required fields are marked *