Controlling Samba shares remotely Andrew Mallett | September 2013

This article shows how to change Samba shares from read-only to writable and back again, using shell-scripts. This task can be performed directly at the console or using remote ssh from another system.

My own file server is accessible from wired and wireless devices around the house and I like to keep my music as read-only to avoid accidental deletion. However I need to make the share writable to upload new files and this can be made to happen from a Windows workstation as described below.

The Samba file server is running FreeBSD unix using the configuration described in Installing SAMBA 3.0

In this example I have two shares, music and arch on the Unix server, as illustrated in the Samba config file, smb.conf..

; Andys SMB Configuration File

   log level = 1
   log file = /var/log/samba/samba.log
   encrypt passwords = yes
   security = share
   workgroup = dungeon
   share modes = yes

   comment = Home Directories
   browseable = no
   read only = yes
   create mode = 0750

   comment = Music
   path = /music
   public = yes
   writable = no
   browseable = yes
   write list = @andym

   comment = Archives 
   path = /arch 
   public = yes
   writable = yes 
   browseable = yes
   write list = @andym

Note that the Archives share is writable (= yes) while the Music share is not. The trick to making Music writable involves stopping the Samba daemon, swapping smb.conf for a similar config file in which [music] is writable and then restarting the Samba daemon.

To create the config files, copy smb.conf to smb.read and also to smb.write.

Edit the smb.write [music] section to writable = yes and save the file..

   comment = Music
   path = /music
   public = yes
   writable = yes
   browseable = yes

The following script smbmusicwrite.sh will make the Samba music share writable..

cp /usr/local/samba/lib/smb.write /usr/local/samba/lib/smb.conf
rm /music/READ-ONLY
touch /music/WRITABLE

kill -9 `ps -aux | grep samba | cut -c 8-12`

/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/nmbd -D

In the first line the contents of the current smb.conf file are replaced with those of smb.write, which is the main purpose of the script.

Using the touch command, I also like to add an empty file to /music which indicates the state of the share and is visible on the mapped drive.

Next the process id numbers of smbd and nmbd are grepped and cut and killed and finally the Samba daemons are restarted, incorporating the new config file.

A reverse script, smbmusicread.sh changes the music share back to read-only..

cp /usr/local/samba/lib/smb.read /usr/local/samba/lib/smb.conf
rm /music/WRITABLE
touch /music/READ-ONLY

kill -9 `ps -aux | grep samba | cut -c 8-12`

/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/nmbd -D

Note that for any directory to be shared as writable, the directory itself needs to have full access file permissions..

chmod 777 /music

Additionally the username which is used to map (mount) the share needs to have ownsership of the shared directory tree. This is most easily achieved with the following command..

chown -R andym /music

Controlling Samba shares from Windows

To run these ssh commands using Plink, firstly refer to Running shell scripts from Windows.

The batch file musicwrite.bat looks like this..

f:\progs\plink -ssh andym@goth -pw mypassword -m f:\progs\musicwrite.txt

The associated text file musicwrite.txt looks like this..

sudo /sc/smbmusicwrite.sh

So the batch file does the ssh login using plink and then calls the text file, which runs the shell script as sudo on the file server.

The switch from read-only to writable and back again happens so quickly that I have found I can have the share open on another computer without incident, although playback of a media file will be interrupted by the switch.



Comments (2)

How is make samba logto one file please?
#1 - AminaD - 02/06/2015 - 10:53
I just log in and change the smb.conf and restart the service.
#2 - Echo364 - 04/04/2015 - 22:29
E-mail (Will not appear online)
;-) :-) :-D :-( :-o :-O B-) :oops: :-[] :-P
To prevent automated Bots form spamming, please enter the text you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
This comment form is powered by GentleSource Comment Script. It can be included in PHP or HTML files and allows visitors to leave comments on the website.

Disposable Email   Throwaway Email   Disposable Email