#!/bin/bash USERNAME=smb DIR="/home/${USERNAME}/share" LAN="10.8.0.0/24" # connection will be allowed from this network only user=$(whoami) if [ $user != root ]; then echo "You are using a non-privileged account" exit 1 fi if test -d $DIR; then echo "Script is meant to be run only once and it seems to have already been executed" exit 1 fi apt update apt install -y samba useradd $USERNAME \ --shell /bin/false \ --create-home \ --user-group \ --comment 'SMB user' \ --system passwd -d $USERNAME mkdir $DIR chown $USERNAME:$USERNAME $DIR cp /etc/samba/smb.conf "/home/${USERNAME}/smb.conf" cat <> /etc/samba/smb.conf [share] comment = SMB share hosts allow = ${LAN} 127.0.0.1 valid users = ${USERNAME} path = ${DIR} browseable = yes read only = yes EOF smbpasswd -a $USERNAME service smbd restart testparm # set rsync port ufw allow from $LAN to any port 873 # set up Samba ports ufw allow from $LAN proto udp to any port 137,138 ufw allow from $LAN proto tcp to any port 139,445 ufw status verbose