Introduction
This article was started to give some general advice on security considerations and is not an exhaustive review of samba security.
/etc/samba/smb.conf
- Networking Section - use "hosts allow" and "hosts deny"
# hosts allow = 127.0.0.1 192.168.1.0/24 hosts allow = 127.0.0.1 192.168.1.1 192.168.1.2 hosts deny = 0.0.0.0/0
- hosts deny 0.0.0.0/0 = all others.
- Shares
- When defining a share, consider the following options :
- browseable = no ~ Shares will not show up when browsing your network.
- users = user1 user2 ~ List of users able to access the share
- When defining a share, consider the following options :
When setting up a Samba share, you can limit the users who have access to your share
[private]
comment = Private Share
path = /path/to/share/point
browseable = no
read only = no
valid users = user1 user2 user3Now only samba users user1, user2, and user3 will have access to the share "private".
Firewall
Configure your firewall (iptables) to limit access to your server. Samba uses ports
- UDP ports 137 and 138
- TCP ports 139 and 445