How to Build a Debian NAS • Ares Innovations LLC

A Debian-first guide to building a secure and practical network-attached storage (NAS). This guide focuses on real-world usability, proper permissions, and safe defaults.

What this is

A NAS (Network Attached Storage) is a centralized storage system that allows multiple devices to access the same files over a network.

In this guide, you will build a NAS using Debian and Samba so it works across:

• Windows

• Linux

• macOS

Why build a NAS?

• Central storage for all devices

• Backup location

• Integrates with your personal cloud

• Full control over your data

Important

Real-world storage note

In a real NAS setup, your storage directory should be on a separate drive.

Why: This protects your data if the OS drive fails and allows easier expansion later.

Free Build

Build a secure NAS with Samba

Step 1: Update the system

sudo apt update
sudo apt full-upgrade -y

What this does:
Updates package lists and installs upgrades.

Why this matters:
Prevents building on outdated software.

Step 2: Install Samba

sudo apt install -y samba

What this does:
Installs the Samba file-sharing service.

Why this matters:
Samba allows file sharing across different operating systems.

Step 3: Create storage directory

sudo mkdir -p /srv/nas

What this does:
Creates the main shared storage directory.

Why this matters:
Keeps storage separate from system files.

What to expect:
No output means success.

Step 4: Create a dedicated NAS user

sudo adduser nasuser

What this does:
Creates a system user for NAS access.

Why this matters:
Avoids using shared or anonymous accounts.

Step 5: Set ownership and permissions

sudo chown -R nasuser:nasuser /srv/nas
sudo chmod 750 /srv/nas

What this does:
Assigns ownership and restricts access.

Why this matters:
Prevents unauthorized access.

Step 6: Add Samba password

sudo smbpasswd -a nasuser

What this does:
Adds the user to Samba authentication.

Why this matters:
Samba uses its own password system.

Step 7: Configure Samba

sudo nano /etc/samba/smb.conf

Add:

[NAS]
path = /srv/nas
browseable = yes
read only = no
guest ok = no
valid users = nasuser

What this does:
Creates a secure shared folder.

Step 8: Restrict network access

interfaces = 127.0.0.1 192.168.1.0/24
bind interfaces only = yes

Why this matters:
Limits access to your local network.

Step 9: Restart and enable Samba

sudo systemctl restart smbd
sudo systemctl enable smbd

Step 10: Configure firewall

sudo ufw allow samba

Step 11: Verify service

sudo systemctl status smbd

Step 12: Access the NAS

From another device:

\\SERVER-IP\NAS

Hardening

Minimum security practices

• Do not expose Samba to the internet

• Use authenticated users only

• Keep system updated

• Restrict access to local network

Testing

• Create file

• Delete file

• Reboot system

• Confirm access still works

Upgrade Path

• Add RAID

• Add backups

• Connect to Nextcloud

• Add remote access