Backup system using Samba

It is well known that Windows owns the desktop/laptop market in personal computing. Despite I don’t have anything against Windows, this situation is not precisely to my liking because it would be easier to manage a network of workstations if they would be running Linux instead of Windows.

I don’t want to get any deeper with my operating systems preferences because it would probably lead into some sort of awkward post explaining my point of view or the philosophical reason of my preference to Linux so, we should probably just stick with the code :D.

The problem I’m facing looks like this:

1. There is a network of Windows computers.
2. There is a Linux machine serving as Internet gateway and some other services.
3. They needed a backup system which stores data outside they workstations.
4. They needed to have privacy (password protected).
5. They demanded it to be quick (“I want it know”).

If the computers were running Linux it would have taken me about 5 minutes to configure sshfs (user space filesystem) but since Windows is in scene I needed an easy way to integrate a backup system that seamlessly attach itself to the Windows user interface and, what’s better than SMB/CIFS file sharing for this case?.

To achieve this I used SAMBA following the steps below (supposing that you already installed Samba).

1. Determine how many users will be using the backup system and create a Linux user for every single one of them if they don’t exists.

[bash]
# useradd lorena -m -c “Lorena Algo”
[/bash]

2. Create Samba users/passwords for the users you just created. In this case, the password changing program will also create the user if the option “-a” is specified.

[bash]
# smbpasswd -a lorena
[/bash]

3. Configure smb.conf file to share the user’s home directory or another directory you want. In my case, there is three users configured: Lorena, Eve and Ada.

[bash]
[global]
workgroup = WORKGROUP
passdb backend = tdbsam
security = user

[lorena]
path = /home/lorena
guest ok = No
valid users = lorena
read only = No

[eve]
path = /home/eve/
guest ok = No
valid users = eve
read only = No

[ada]
path = /home/ada/
guest ok = No
valid users = ada
read only = No
[/bash]

4. Start or restart smbd deamon.

[bash]
# /etc/init.d/smb restart
[/bash]

Give it a try. If everything were configured correctly, every user will only have access to their home directory and nowhere else. It is simple to do but there is a serious problem: what if the user wants to change the password of its account?, there is no way to do it with this method.

A PHP web script is a good approach to change passwords from a web page but since web pages are served by Apache normally with a non-root account there would be a problem calling smbpasswd program from the script. Sudo is the answer for this and with exactly one line we found the solution.

[bash]
# visudo
[/bash]

and append this line (wwwrun is the Apache user, you should change it with the one you are using):

[bash]
wwwrun ALL=NOPASSWD:/usr/bin/smbpasswd
[/bash]

The front-end is a (horrible) HTML page with just a web form.

[html]

Username:
Current :

New Password:

Re-type Password:

[/html]

I know, it looks absolutely ugly but it makes my point :D.

And finally, the password logic changing is implemented here:
[php]
/usr/bin/smbclient -L localhost -U “$username%$password” 2>&1;

return !(preg_match(‘/NT_STATUS_LOGON_FAILURE/’, $output));
}

function change_password($username, $newpassword)
{
$output = (echo $newpassword; echo $newpassword) | /usr/bin/sudo /usr/bin/smbpasswd -U $username -s 2>&1;

return !trim($output);
}

?>
[/php]

Aaaand that’s it. I hope it could be useful for you as it was for me.

Thank you for reading 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *