Control Samba shares remotely


Samba!This article shows how to change Samba shares from read-only to writable and back again, using shell-scripts. This task can be performed directly at the console or using remote ssh from another system.

My own file server is accessible from wired and wireless devices around the house and I like to keep my music as read-only to avoid accidental deletion (i.e. when I'm off my face). However I need to make the share writable to upload new files and this can be made to happen from another system, including a Windows workstation as described below.

The Samba file server is running Raspbian using the configuration described in Installing SAMBA 3.0

In this example I have two shares, music and arch on the Unix server, as illustrated in the Samba config file, smb.conf..


; Andys SMB Configuration File

[global]
   log level = 1
   log file = /var/log/samba/samba.log
   encrypt passwords = yes
   security = share
   workgroup = dungeon
   share modes = yes

[homes]
   comment = Home Directories
   browseable = no
   read only = yes
   create mode = 0750

[music]
   comment = Music
   path = /music
   public = yes
   writable = no
   browseable = yes
   write list = @andym

[arch]
   comment = Archives 
   path = /arch 
   public = yes
   writable = yes 
   browseable = yes
   write list = @andym
Scrollable on small screens..box

Note that the Archives (/arch) share is writable (= yes) while the /music share is not. The trick to making Music writable involves stopping the Samba daemon, swapping smb.conf for a similar config file in which [music] is writable and then restarting the Samba daemon.

To create the config files, copy smb.conf to smb.read and also to smb.write.

Edit the smb.write [music] section to writable = yes and save the file..


[music]
   comment = Music
   path = /music
   public = yes
   writable = yes
   browseable = yes
Scrollable on small screens..box

The following script smbmusicwrite.sh will make the Samba music share writable..


cp /usr/local/samba/lib/smb.write /usr/local/samba/lib/smb.conf
rm /music/READ-ONLY
touch /music/WRITABLE

kill -9 `ps -aux | grep samba | cut -c 8-12`

/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/nmbd -D
Scrollable on small screens..box

In the first line the contents of the current smb.conf file are replaced with those of smb.write, which is the main purpose of the script.

Using the touch command, I also like to add an empty file to /music which appears as a file in the share and simply indicates the state of the share (READ-ONLY or WRITABLE). It is visible on the mapped drive.

Next the process id numbers of smbd and nmbd are grepped and cut and killed and finally the Samba daemons are restarted, incorporating the new config file.

A reverse script, smbmusicread.sh changes the music share back to read-only..


cp /usr/local/samba/lib/smb.read /usr/local/samba/lib/smb.conf
rm /music/WRITABLE
touch /music/READ-ONLY

kill -9 `ps -aux | grep samba | cut -c 8-12`

/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/nmbd -D
Scrollable on small screens..box

Note that for any directory to be shared as writable, the directory itself needs to have full access file permissions. However note that the directory will only be writable from remote systems if Samba allows this..


chmod 777 /music
Scrollable on small screens..box

Additionally the username which is used to map (mount) the share from a remote system, needs to have ownership of the shared directory tree. This is most easily achieved with the following command..


chown -R andym /music
Scrollable on small screens..box

Controlling Samba shares from Windows

To run these ssh commands using Plink, firstly refer to Running shell scripts from Windows.

The batch file musicwrite.bat looks like this..


f:\progs\plink -ssh andym@goth -pw mypassword -m f:\progs\musicwrite.txt
Scrollable on small screens..box

The associated text file musicwrite.txt looks like this..


sudo /sc/smbmusicwrite.sh
Scrollable on small screens..box

So the batch file does the ssh login using plink and then calls the text file, which runs the shell script as sudo on the file server.

The switch from read-only to writable and back again happens so quickly that I have found I can have the share open on another computer without incident, although current playback of a media file will be interrupted by the switch.

AndyM | Updated Jan 2020