#title Securing Samba

= Introduction =

This article was started to give some general advice on security considerations and is not an exhaustive review of samba security.

=== /etc/samba/smb.conf ===

 * Networking Section - use "hosts allow" and "hosts deny"
{{{
# hosts allow = 127.0.0.1 192.168.1.0/24
hosts allow = 127.0.0.1 192.168.1.1 192.168.1.2
hosts deny = 0.0.0.0/0
}}}

   hosts deny 0.0.0.0/0 = all others.

 * Shares
  * When defining a share, consider the following options :

   1. browseable = no ~ Shares will not show up when browsing your network.
   1. users = user1 user2 ~ List of users able to access the share
When setting up a Samba share, you can limit the users who have access to your share

{{{
[private]
        comment = Private Share
        path = /path/to/share/point
        browseable = no
        read only = no
        valid users = user1 user2 user3
}}}

Now only samba users user1, user2, and user3 will have access to the share "private".


=== Firewall ===

Configure your firewall (iptables) to limit access to your server. Samba uses ports
 * UDP ports 137 and 138
 * TCP ports 139 and 445