File sharing for AWS cloud VMs/VDIs

06 Mar 2026

My old work cloud-based VM used VMWare Horizon, which had built-in support for accessing the client machine’s files from the VM. Recently, I had to switch to an AWS VM instead, and the Linux client/viewer app doesn’t support file- sharing, so I had to roll my own solution. Here’s how.

The Feature I Lost

If you use VMWare’s Horizon client application to connect to and view a VMWare VM/VDI, it will/can automatically create a network drive on the VM which allows access to the user’s $HOME directory on the client machine. This makes it extremely easy to transfer files between the client machine and VM using regular Windows GUI tools like File Explorer.

Other techniques like ssh certainly exist, and have their place. However, there’s nothing as simple as “File -> Save As” or “Attach a File” in e.g. Outlook being able to directly read/write your client machine’s $HOME without any other steps.

Samba To The Rescue

The core technology is Samba, a piece of server that turns a Linux system into a Windows file server. We just need a plus a few network configuration steps, and a simple Samba configuration file.

Network Connectivity & Client Hostname

There is one critical assumption: That there is an IP network path from the VM back to the client system. Typically, the client application connects to the VM, and any file-sharing network traffic is tunneled within this connection. With the setup described in this post, the Windows machine must contact the client machine using the standard Windows file sharing protocol (SMB). This requires

A network path from the VM back to the client. I.e any intermediate router, firewall, or VPN doesn’t block this. My company VPN does allow this, at least for some connectivity paths.
The client must have a consistent (known a-priori) hostname or IP address that can be used to set up the network drive mapping on the VM.

Client System Hostname

My company runs an internal dynamic DNS system, which allows end-user systems to register internal names like your-pc-name.dynamic.company.com. These can be updated automatically whenever a VPN connection is complete. This gives a well-known name that may be used to contact your client system, whatever IP address it has, and whether it’s connected to the company LAN or VPN.

Firewall Configuration

Exposing any Windows file server to arbitrary networks isn’t a good idea, simply in terms of reducing attack surface. It’s best to configure a firewall on the client machine that only allows SMB connections from the specific IP address (or subnet) of the relevant VM(s). If your file server software has a security vulnerability, this prevents anyone from attacking you!

Assuming your VM’s IP is 10.1.2.3, run the following command to allow access from it:

sudo ufw allow from 10.1.2.3/32 to any app Samba

It is assumed that the default state of the firewall is to disallow all forms of inbound traffic.

Samba Configuration

Samba needs very little active configuration; the default configuration file (at least on Ubuntu) already contains most of what you need. Here’s the file I ended up with. I believe I edited the values for fields workgroup and netbios name, and uncommented the whole homes section and perhaps edited some/all of its field values.

To install Samba:

sudo apt update
sudo apt -y install samba

Now create or edit /etc/samba/smb.conf:

[global]
   workgroup = COMPANY.COM
   netbios name = choose-a-name
   server string = %h server (Samba, Ubuntu)
   log file = /var/log/samba/log.%m
   max log size = 1000
   logging = file
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = no
[homes]
   comment = Home Directories
   browseable = no
   valid users = %S

Samba requires authentication, at least for shared with valid users configured. You will need to log in using a username that exists in the Linux user list (typically your own regular user ID, so that your own home directory is shared), and a Samba-specific password. To set the password:

smbpasswd -a your_linux_username

… and enter your desired Samba password.

Now configure which Samba processes should start, and restart them so they use the latest configuration file:

servicectl disable nmdb
servicectl enable smdb
service smbd restart

Windows Configuration

In Windows File Explorer, you should be able to type \\your-pc-name.dynamic.company.com\username into the URL bar. When prompted for authentication, user your username, and the password you set above.

Once this is working, you can map a network drive, such as Z: to that path, so that it provides a simple path that is available whenever the VM reboots.