Samba password protected shares

I’m trying to create a password protected samba share via SSH but some commands are missing in coreelec like groupadd, useradd.
How can I do that?

Do it from settings…

I need to do this via ssh

You can’t add user into coreelec. But you can edit samba.conf file with terminal :wink:
Why don’t you use coreelec settings ?

No way! :man_facepalming:

Care explaining why not?

That was a joke. He’s kind of guy who suggests you to open the hood when you asked about how to fix the engine…

In order to create a password protected samba share I need to create a samba group&user for it.
That’s the problem.
Use coreelec settings is not an option because the box is used as a tvheadend server and accessible only via SSH.

Ok that makes more sense now.

This and this should do the trick I believe.

CoreELEC:~ # ls -al /opt/etc/passwd
-rw-r--r--    1 root     root           336 Dec 20 23:33 /opt/etc/passwd
CoreELEC:~ # smbpasswd -a smbuser
New SMB password:
Retype new SMB password:
Failed to add entry for user smbuser.


Samba is not used from entware but it is part of CE and it uses file /etc/passwd which is readonly.

Can I disable the built-in samba and install another from entware?

Disable samba in CoreELEC settings addon under services.

I’m not using Kodi. The box serves as a tvheadend server on the LAN.
Should I disable it from systemd?

Finally solved. Writing here the steps in case someone else needs it.
source: shared folders - password protected samba share - Unix & Linux Stack Exchange

  1. First stop the built-in samba server
    # systemctl stop smbd

  2. install samba4 from entware
    # opkg update && opkg install samba4-server

  3. modify /storage/.config/system.d/smbd.service like below (modify required paths to /storage/.opt/ only)

Description=Samba SMB Daemon nmbd.service nmbd.service

ExecStart=/storage/.opt/sbin/smbd --configfile=/storage/.config/samba.conf
ExecReload=/bin/kill -HUP $MAINPID

  1. edit /storage/.config/samba.conf and create a share
[Private Share]

path=[give here the path to the folder to be shared]
force user = smbuser
force group = smbgroup
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
writable = yes
  1. Create a system group. I chose smbgroup
    # addgroup --system smbgroup

  2. create a user smbuser, in smbgroup but do not create a home directory, and also deny the ability to log in to the system
    # adduser -S -H -G smbgroup -s /bin/false smbuser

  3. Change the ownership of folder to be shared.
    # chown -R smbuser:smbuser [folder path]

  4. Give write access
    # chmod -R g+w [folder path]

  5. Add samba password to smbuser.

# smbpasswd -a smbuser
New SMB password:[password]
Retype new SMB password:[password]
  1. Now restart smbd.
    # systemctl restart smbd

Other factors need to be considered for using samba on entware, especially for long term usage.
The most prominent one I found so far is entware has independent setting for folders like /var and /tmp, and if you use them by default they write to your TF card (if CE is running on TF) or internal emmc (if installed internally). Just make a system script and point those folders to CE’s tmpfs instead to reduce wearing.

   ln -s /tmp/temp /storage/.kodi/
   ln -s /tmp/ /storage/.opt/
   ln -s /var/ /storage/.opt/

Doesn’t samba sever in entware has own start scripts? And you should disable samba completely

systemctl mask smbd

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.