-
Notifications
You must be signed in to change notification settings - Fork 1
/
samba-server-public.sh
124 lines (96 loc) · 3.12 KB
/
samba-server-public.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/usr/bin/env bash
# Script that install publicly accessible Samba share on current system.
SHARE_DIR='/share/public'
SHARE_WRITABLE=1
RUN_FIREWALL_RULES=0
# You need root permissions to run this script.
if [[ "${UID}" != '0' ]]; then
echo '> You need to become root to run this script.'
echo '> Aborting.'
exit 1
fi
# Function that checks if required binary exists and installs it if necessary.
ENSURE_PACKAGE () {
REQUIRED_BINARY=$(basename "${1}")
REPO_PACKAGES="${*:2}"
if [[ "${REQUIRED_BINARY}" != '-' ]]; then
[[ -n "${REPO_PACKAGES}" ]] || REPO_PACKAGES="${REQUIRED_BINARY}"
if command -v "${REQUIRED_BINARY}" 1> /dev/null; then
REPO_PACKAGES=''
fi
fi
[[ -n "${REPO_PACKAGES}" ]] || return
if [[ "${REPO_REFRESHED}" == '0' ]]; then
echo '> Refreshing package repository.'
yum check-update 1> /dev/null
REPO_REFRESHED=1
fi
for REPO_PACKAGE in ${REPO_PACKAGES}
do
yum install -y "${REPO_PACKAGE}"
done
}
# Variable that keeps track if repository is already refreshed.
REPO_REFRESHED=0
# Get name of the share from directory path.
SHARE_NAME=$(basename "${SHARE_DIR}")
# Translate ${SHARE_WRITABLE} value to keywords.
if [[ "${SHARE_WRITABLE}" == '1' ]] || [[ "${SHARE_WRITABLE}" == 'Yes' ]]; then
SHARE_WRITABLE='Yes'
else
SHARE_WRITABLE='No'
fi
# Check if SELinux is enabled on system.
SELINUX_ENABLED=0
if command -v selinuxenabled 1> /dev/null 2>&1; then
if selinuxenabled 1> /dev/null; then
SELINUX_ENABLED=1
fi
fi
# Install packages.
ENSURE_PACKAGE 'grep'
ENSURE_PACKAGE 'smbd' 'samba'
# Make sure that share directory exists.
[[ -d "${SHARE_DIR}" ]] || mkdir -p "${SHARE_DIR}"
# Set ownership and permissions for share directory.
chown -R nobody:nobody "${SHARE_DIR}"
chmod 775 "${SHARE_DIR}"
chmod g+s "${SHARE_DIR}"
# Apply SELinux rules if necessary.
if [[ "${SELINUX_ENABLED}" == '1' ]]; then
setsebool -P samba_export_all_ro on
setsebool -P samba_export_all_rw on
# Install SELinux utils if necessary.
ENSURE_PACKAGE 'semanage' 'policycoreutils-python-utils'
semanage fcontext -at public_content_rw_t "${SHARE_DIR}(/.*)?"
restorecon "${SHARE_DIR}"
fi
# Add entry about share to /etc/samba/smb.conf file.
if ! grep -Fq "[${SHARE_NAME}]" /etc/samba/smb.conf; then
cat >> '/etc/samba/smb.conf' <<EOL
[${SHARE_NAME}]
comment = Public Samba Share
path = ${SHARE_DIR}
writable = ${SHARE_WRITABLE}
public = Yes
EOL
fi
# Active firewall rules.
if [[ "${RUN_FIREWALL_RULES}" == '1' ]]; then
# Make sure firewalld is installed.
ENSURE_PACKAGE 'firewall-cmd' 'firewalld'
# Enable Firewalld service.
systemctl enable firewalld
systemctl restart firewalld
firewall-cmd --add-service=samba
firewall-cmd --runtime-to-permanent
else
echo '> In order to complete installation you have to apply firewall rules:'
echo 'firewall-cmd --add-service=samba'
echo 'firewall-cmd --runtime-to-permanent'
fi
# Enable Samba service.
systemctl enable smb
systemctl restart smb
# Let user know that script has finished its job.
echo '> Finished.'