The Raspberry Pi Compute Module 4 and 5 (hereafter CM4 and CM5) can also be a file server that can be accessed from both Windows and macOS using the Samba service.
It functions as a server, allowing multiple client PCs to access files at the same time.
The Samba service alone is practical for quick file sharing within the home, as well as for internal use.
File permission settings may seem a bit complicated, but we have tried to make them as easy to understand as possible based on actual examples.
If you run the code in the order of the article, it will work, so please try it.
Environment of this time
The prerequisite for installing Samba is that the Raspberry Pi OS has already been booted and the initial setup wizard has been completed.
- Raspberry Pi CM4 (eMMC32GB, 8GB RAM) Raspberry Pi OS bookworm
Raspberry Pi CM5 (eMMC64GB, 8GB RAM) Ubuntu 24.04LTS - Connect to router with wired LAN cable
- Connect keyboard and monitor
The folders to be shared were set to the following conditions
- Shared folders are created directly under /home in eMMC
It is an environment that is accessed by a defined user authentication.
This time it is not in a drive that needs to be mounted, such as an external HDD, so you can test the operation immediately after installing the OS.
Network connection is recommended for wired LAN, as it only requires a LAN cable to be connected.
For Wi-Fi, please preconfigure your home (in-house) router to participate.
The easiest way is to physically provide a keyboard, mouse, and monitor and have them connected to the network via a wired LAN.
It is also possible to use the Raspberry Pi OS lite and work with just a Wi-Fi environment and SSH connection. However, there are many modules and libraries that are missing from the lite version, so the same as in the article will not work. Please be careful.
The article content is explained with CM4+Raspberry Pi OS.
It was additionally tested on CM5+Ubuntu24.04LTS.
In part, the authorization of the shared files was different in Ubuntu, but the rest of the operation was the same as in the article content. Just execute the commands in order to build it. Please try it.
Install Samba
First, install Samba on the command line.
If you have a desktop environment, work in a terminal application; the same goes for a CUI environment (command line only) or an SSH connection.
apt updateis the only thing you need to do first. It is important to keep the installation source up-to-date to avoid unwanted errors.
In this case, we will also run full-upgradebefore installing the Samba package.
sudo apt update
sudo apt full-upgrade
sudo apt install samba samba-common-bin smbclient cifs-utilsAlthough the Samba installation itself requires only apt install samba, it is convenient to install it as a set as described above.
The version of Samba confirmed this time is Series 4.
samba --version
Version 4.17.12-DebianCreate a dedicated shared directory
Raspberry Pi OS installed on CM4/5 internal eMMC. I will share files in this.
Create a shared directory (folder) so that it can be viewed and edited from other machines.
I named it “share” for clarity.
Here, it is created directly under /home at the same level as the home directory.
In this case, /home/shareis used for clarity on the Raspberry Pi, but it is more appropriate to use /srv/samba/share.
sudo mkdir /home/shareThe owner and group are initially root, but will be changed later.
We will create the users and groups to be used with Samba first, and then change the ownership to grant permissions with increased security.
Creating users and setting passwords
If the shared folder configured in smb.conf appears in the network list of other machines, it is accessible.
You can let them access as guests, but this time we will create a new user who needs to be authenticated.
To my frequent confusion, Samba is often described with the same login name as the Raspberry Pi OS (e.g., pi), which can be very confusing.
The same user can be used as the user on the Raspberry Pi OS, but it is preferable to create a separate user specifically for Samba and have the user access the system with that user name and password.
However, this user must be created on the Raspberry Pi OS side first.
Add users to the system side
New user registration other than the user logged in on the OS side is performed before smbpasswd.
Create a new user as a dedicated user for use with Samba.
Since it is dedicated, it does not need to be able to log in to the Raspberry Pi OS, so I created it with options (no home directory, no login option).
sudo adduser --system --group --no-create-home ユーザー名When executed, it will look like this.
sudo adduser --system --group --no-create-home cm4smb
システムユーザ `cm4smb' (UID 111) を追加しています...
新しいグループ `cm4smb' (GID 123) を追加しています...
新しいユーザ `cm4smb' (UID 111) をグループ `cm4smb' に追加しています...
Not creating `/nonexistent'.It is possible to make the logged-in user (e.g., pi) a Samba user, but this would make things complicated when you want to separate permissions or view logs. Naturally, this is also unsuitable for security purposes.
If it is used only within a closed household by one person at all, it is easy and I used it a lot in the beginning.
Although it is troublesome only at first, it is not recommended to make the logged-in user a Samba user, because it is easier to understand the opposite if the users are separated.
Set up users and passwords for Samba
Now that we have added a new user (in this case cm4smb) to the OS side, we can now add it to Samba.
sudo smbpasswd -a cm4smbAfter execution, you will be asked to set a password.
It is a good idea to set a new password separate from the user who is logging in.
New SMB password:
Retype new SMB password:
Added user cm4smb.Continue to activate the user you have created.
sudo smbpasswd -e cm4smbAdd to group sambashare
Add the local user (in this case raspida) and the user you created (in this case cm4smb) to the sambasharegroup.
sambashare is present from the beginning in this installation. If you do not have it, create it. ( sudo addgroup sambashare)
sudo usermod -aG sambashare raspida
# 現セッションを変更して反映
newgrp sambashare
# もしくはログオフ、再起動This way, a user logged in with the Raspberry Pi OS (raspida in this case) will be able to access the directory locally, even if the directory has permission 0770, because he belongs to the same group.
Granting permissions to the created directory
The permissions (permissions) of the directory /home/sharethat you just created should be 0770.
If you are in a completely local environment, the full permissions of 0777 may not affect you, but we will proceed with 0770, which does not give you permissions only for the others.
If you set up a sambashare group later at smb.conf, you will have full access as the owner group’s permissions.
The authority is 0770, the owner is the newly created user, and the owning group is sambashare.
sudo chmod 0770 /home/share
sudo chown cm4smb:sambashare /home/shareNow we have done the preliminary work.
Next, let’s edit the configuration file ( smb.conf).
Add to Samba configuration file (.conf)
The Samba configuration is to be described at smb.conf. There is usually no graphical interface.
Back up the default conf file that exists from the beginning.
If you make a mistake and lose track of it later, you can undo it in one shot.
Backup of conf files
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf_backupDescription in smb.conf
We will describe how we want the shared folder to be accessed at smb.conf.
sudo nano /etc/samba/smb.confSet the following conditions
/home/share → I want to be able to connect and read/write with the added user and password
Add the following configuration to the last line of the opened conf file.
[share]
comment = Share
path = /home/share
browseable = Yes
read only = No
valid users = cm4smb
force group = sambashare
create mask = 0666
; force create mode = 0666
directory mask = 0777The share directory is set to valid users = cm4smbbecause we want to set it to allow connections only to the user who created it (cm4smb).
However, since it is also in the sambashare group ( force group = sambashare), local users (raspida in this case) will also be able to access it, and no other users on Samba will be able to access it.
I will explain in order from the top.
This time, since the folder was set to SHARE, the section name was also set to the same [share].
| setting (of a computer or file, etc.) | Description. |
|---|---|
comment= | A comment that is displayed when the file is viewed in the file browser. It can be omitted. |
path = | The created SHARE folder is specified by absolute path. |
browsable = | Set to Yes to display (browse) in the file browser. If you do not want to display the file, set to No. |
read only = | It becomes readable and writable with no, which is equivalent to writable = yes. read onlyThe basic setting is to set it with |
valid users = | Authentication is required for the specified user. |
force group = | Local users who are put in the same group can also access the system. |
create mask = | Since it is a mask, it has a slightly different meaning than the actual file permissions. This is the maximum value that can be granted after the authority is calculated. |
directory mask = | This is a directory-side setting that has the same meaning as create mask. |
;force create mode = | Set this if you want to force the requested permission (e.g., 0666). |
*A semicolon (;) in smb.conf comments out a setting. Sharp (#) is commenting out a string.
force group = sambashareto sambashare. This makes it accessible to local users who are put in the same group.
create mask = 0666and directory mask = 0777are masks, so their meaning is slightly different from the actual file permissions.
If you want to force the requested permissions (e.g. 0666), you must additionally write force create mode = 0666.
It is commented out with a semicolon, but you can remove it to enable it if necessary.
I won’t go into details about mask, but I specified it because the default value is 0744 and 0755 in Raspberry Pi OS and Ubuntu’s Samba.
The create mask must also be changed according to the permissions of the created shared folder and the permission rules you wish to grant.
*A semicolon (;) in smb.conf comments out a setting. Sharp (#) is commenting out a string.
Check conf file
Check the smb.conffile you appended for errors. testparmThe command is a very simple conf file checking program.
testparmLoaded services file OK.If you get an error message, it is OK.
If there are errors, please fix them. You will probably find double spaces, misspellings, etc. The purpose of this is to find errors.
This completes the entire setup.
Restart Samba Service
Now that everything is set up, restart only the service, not the system. It is OK to restart the system.
sudo systemctl restart smbd nmbdAccess it from another PC/Mac to see if it works.
Try accessing from another machine
Specify the address of the Raspberry Pi with Samba installed in the address field of Windows Explorer.
If you are on macOS, use the command key (⌘) + K in the Finder to enter the address field for connecting to the server.
Windows: ¥¥192.168.1.12
macOS:smb://192.168.1.12
Alternatively, you can use a host name instead of an IP address.
Windows: ¥¥rpicm4.local
macOS:smb://rpicm4.local
smb.confIf you have set browsable = noat , you can connect by directly specifying the corresponding Path (path). ( ¥¥rpicm4.local¥share)
Try to write a file
I copied each of the appropriate files from my PC/Mac.
As for the permissions and owners, the files are now owned by cm4smb:sambashareas configured, and the file permissions are 666.
The directory is 777.
The directory created by the local user (raspida) has an owner and group of raspidaand permissions of 755.
Try browsing in your local environment as well.browsable = YesThen you should be able to view and read the contents.
If you are unable to access the shared folder with an error, it is likely that the settings are not sufficiently detailed or that the permissions on the shared folder you created are different.
Please check again.
On CM5 + Ubuntu 24.04, the file permissions were 664 even with the same settings, and although you can read and write with group permissions both on Samba and locally, the results were a bit different.
Summary of file permissions (rwx)
File permissions (file permissions), which are often found in Mac and Linux systems, are difficult.
For example, rw-rw-rw-in this case is 666 in numeric representation. It is a state in which anyone can read and write.
Please refer to the following brief summary.
Meaning of permission symbols
| symbol | meaning | In case of file | In the case of a directory |
|---|---|---|---|
| radius | read | Readable (contents displayed) | Can display a list of files in the |
| LOL | write | Writable (change and delete) | Possible to create and delete files inside |
| an unknown | execute | Executable (e.g., programs) | Can run programs Can “enter” directories |
Authority subject and ls -l display
| subject (of taxation, etc.) | Description. | ls -l Display example |
|---|---|---|
| Owner(user) | File creator/owner | rwx------ First 3 characters of |
| Group | Group member to which the owner belongs | ---rwx--- The middle three letters of |
| Other | All other users | ------rwx Last 3 characters of |
Numeric expression (used by chmod command, etc.)
| symbol | numerical value | meaning |
|---|---|---|
| radius | 4 | reading (e.g. by a scanner) |
| LOL | 2 | entry (e.g. to a form) |
| an unknown | 1 | execution (e.g. program) |
Numbers can be summed and expressed as 3-digit numbers
e.g. rwx = 4+2+1 = 7
e.g. rw-rw-rw-= 666
Examples of Numeric Expressions
| Numerical example | meaning | Command Example |
|---|---|---|
| 755 | Owner: All, Groups & Others: Read + Execute | chmod 755 ファイル名 |
| 644 | Owner: read/write, others: read only | chmod 644 ファイル名 |
| 700 | All privileges for owner only | chmod 700 sample.txt |
Reason for 0770 in /home/share.
In this case, /home/share has been authorized as 0770, so the owner and group have all permissions, and the others have no permissions.
This is on the OS side, again different from that of Samba. This is where it gets complicated.
0770, so originally other user rights are 0, so it is not possible to read or write, but this time Samba forced it to the sambashare group.
When the file was written, it was overwritten to the sambashare group and the group privileges (rwx=7) in 770 were available for reading and writing, so even the local user (raspida in this case) could read and write.
If the permissions are set to 0777, anyone can have full control permissions and it is not troublesome, but it is still not recommended from a security standpoint. We would like to keep the permissions on the local side (OS side) as non-0777 as possible.
In this case, the shared directory at 0770, where no other user has permission, was also added to the sambashare group with a local user, so that on Samba, only cm4smb, which requires authentication, can access the directory, but on the local side, even logged-in users can edit its contents. On the local side, even a logged-in user can edit the contents of the directory.
There are many possible patterns around this permission, depending on how it is used. If you do not need any permissions on the local side, the concept is comparatively easier since you only need to consider the Samba side.
If you change smb.conf, you will need to restart the service to apply the changes each time.
Garbled Characters
Finally, if your Samba files are garbled on Windows or macOS, add the following to the [global]section.
There is no problem with the description, so we recommend that you add it.
#[global]の下に2行を追加。Unix系、Win系用の文字化け対策
unix charset = UTF-8
dos charset = CP932If you want a file sharing server on your Raspberry Pi, just installing Samba is practical enough.
Considering file access privileges, the Samba service file sharing was a bit in depth.
Reference: https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
Article contributed by Raspida
Raspberry Pi information site that even non-engineers can enjoy using raspida.com a Raspberry Pi information site that even non-engineers can enjoy and handle. He also contributes technical blog articles to the PiLink site on the Raspberry Pi for industrial use.