Linux, Samba and NTFS
Documenting how to handle NTFS formatted devices shared using Samba
This example defines a share that is accessible without authentication. Guest shares can be a security problem. For example on a laptop that is connected to different networks, such as home, school, and work networks. Use guest shares with care and never use a guest share with authenticated users.
– Setting up Samba as a Standalone Server - SambaWiki
The following is highly insecure as it allows any and all devices on the network - including ransomware - to access and write/rewrite your data - so be warned.
Mounting NTFS formatted devices
On a designated server - open a terminal and switch to root context
su -l root
Create the following folders
mkdir -p /srv/samba/ntfs /srv/samba/public
Using the long listing format - list the content of /srv/samba - pay attention to the folder permissions
# ls -l /srv/samba
drwxr-xr-x 2 root root 4096 Feb 4 07:14 ntfs
drwxr-xr-x 2 root root 4096 Feb 5 07:55 public
Create a mount unit - mounting your ntfs formatted device in /srv/samba/ntfs (this is a documenthere so simply copy and paste into the terminal and press enter - use the nice copy button to right of the textbox)
You must modify the first line to use the correct path for your device
MYDEVICE_UUID=$(lsblk -no uuid /dev/sda1)
cat << EOF > /etc/systemd/system/srv-samba-ntfs.mount
[Unit]
Description=Old Win Device
[Mount]
What=/dev/disk/by-uuid/$MYDEVICE_UUID
Where=/srv/samba/ntfs
Type=ntfs
Options=defaults,rw,noatime
[Install]
WantedBy=multi-user.target
EOF
Start and enable the unit
systemctl enable --now srv-samba-ntfs.mount
Once again - using the long listing format - list the content of /srv/samba - pay attention to the ntfs folder permissions
# ls -l /srv/samba
total 8
drwxrwxrwx 1 root root 4096 Feb 4 08:18 ntfs
drwxr-xr-x 2 root root 4096 Feb 5 07:55 public
What we learned from this little exercise it that ntfs - just like vfat, exfat, fat32 et al. is a permissionless filesystem and when mounted any and all users on the system may write to the device with no regard whatsoever to the ownership and permissison on the mountpoint.
Samba and NTFS
On the designated server - install samba and avahi packages
pacman -Syu samba avahi --needed
Create the samba configuration file as follows (this is a documenthere so simply copy and paste into the terminal and press enter - use the nice copy button to right of the textbox).
cat << EOF > /etc/samba/smb.conf
[global]
workgroup = MANJARO
server string = Manjaro Samba Service
server role = standalone server
log file = /var/log/samba/log.%m
max log size = 50
guest account = nobody
map to guest = Bad Password
min protocol = SMB2
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
[public]
path = /srv/samba/public
public = yes
writable = yes
printable = no
[ntfs]
path = /srv/samba/ntfs
public = yes
writable = yes
printable = no
EOF
Then enable and start the services
systemctl enable --now smb avahi-daemon
Client access to Samba server
On your client install the packages smbclient and avahi
sudo pacman -Syu smbclient avahi --needed
Start the avahi service
sudo systemctl enable --now avahi-daemon
Open your file manager → Open the path navigator using Ctrl+L and input the address of your samba service.
smb://ip.x.y.z
Open the ntfs folder and create a new document
That’s all folks
You didn’t think it could be that simple did you?
The above is highly insecure as it allows any and all devices on the network - including ransomware - to access and write/rewrite your data - so be warned.
This a tutorial - questions may be asked in a new thread - include a reference link.
If you spot an error - spelling or otherwise - leave a comment - thank you.