| View previous topic :: View next topic |
| Author |
Message |
usualMortal
n00b
Joined: 02 Feb 2016
Posts: 18
|
 Posted: Tue Feb 02, 2016 6:04 am Post subject: [SOLVED] (well, mostly) Unable to share an ext4 drive |
 |
|
Good day, everyone. I would appreciate some advice about samba sharing.
Thing is, I have an external SATA ext4 hdd that is used via USB dock station. I would like to share this drive in my network like I always did, but I'm unable to: this is a new installation of Gentoo on same machine, and things that worked before are no longer complying.
I used this links to get some guidance:
http://goodies.xfce.org/projects/thunar-plugins/thunar-shares-plugin
http://askubuntu.com/questions/214396/file-sharing-with-ext4-partition
So, thunar-shares-plugin works; I'm able to share some of my folders, and other can access them, but hard drive in question is still unreachable, 'windows can't get access to this device' and stuff. Same story with writing in second link: share is created, but windows can't access it.
Looking forward to your opinion.
Last edited by usualMortal on Wed Feb 24, 2016 2:53 pm; edited 1 time in total |
|
| Back to top |
|
 |
Syl20
l33t
Joined: 04 Aug 2005
Posts: 619
Location: France
|
| Posted: Tue Feb 02, 2016 1:29 pm Post subject: |
|
|
| Are the perms OK on the directories you want to share ? If the Windows user tries to mount the share as "nobody" user, ensure "nobody" is able to read/execute/write all you want to share. |
|
| Back to top |
|
|
usualMortal
n00b
Joined: 02 Feb 2016
Posts: 18
|
| Posted: Tue Feb 02, 2016 6:42 pm Post subject: |
|
|
What perms count as ok? I've decided to set 777 permissions to every file on the device, and it worked the las time I did it.
How to check is 'nobody' user able to r/w/x my data?
upd: I've edited /etc/group and added 'nobody' to my user's group. Nothing has changed, still no access. |
|
| Back to top |
|
|
Syl20
l33t
Joined: 04 Aug 2005
Posts: 619
Location: France
|
| Posted: Thu Feb 04, 2016 3:32 pm Post subject: |
|
|
I mentionned "nobody" as an example. Be sure it the right account to consider before doing anything (have a look on smb logs). For practical reasons, I'll continue below, but note that the "nobody" account is commonly used by default, by programs, to give to themselves or to users as few rights as possible. Giving it more rights by inserting it to more groups isn't recommended. Consider "nobody" like "guest" on Windows. 
That said, you have two choices :
1/ change the owner or the group of the files you want to share, and adjust the rights according to your choice,
2/ set ACLs to permit nobody to read and (if you want) to write on files.
The second possibility is a little more harder to set. I think you'll prefer the first one.
Setting 777 perms is evil. Never, ever, do it, or your family will be damned for seven generations. 
In general, try to avoid setting any permission to "other". Especially writing one. |
|
| Back to top |
|
|
usualMortal
n00b
Joined: 02 Feb 2016
Posts: 18
|
| Posted: Fri Feb 05, 2016 5:24 pm Post subject: |
|
|
Thx for the advices.
About the first one, all the files on the ext4 drive belong to me. I mean, my user. I did run
$chown -R %user_name% %path_to_drive%
sj I see no issue here. Perhaps I'm wrong though.
The second advice I fail to understand a little. Could you explain which documentation should I study, please?
And the last thing that troubles me is that everything worked last time. The same gentoo distro, the same hard drive, same consolekit + xfce4 + samba. It worked last time, but it is not now. Why so, I wonder. |
|
| Back to top |
|
|
Syl20
l33t
Joined: 04 Aug 2005
Posts: 619
Location: France
|
| Posted: Mon Feb 08, 2016 3:39 pm Post subject: |
|
|
| Quote: | | And the last thing that troubles me is that everything worked last time. The same gentoo distro, the same hard drive, same consolekit + xfce4 + samba. It worked last time, but it is not now. Why so, I wonder. |
Perhaps because "security = share" is deprecated now ? Then you have to set "security = user", which is a little less permissive by default.
You said above that it isn't the same Gentoo install. The versions of the apps, so their behaviour, are probably different.
You can run "testparm" (and "man testparm", of course ) to know how your samba server is really configured. These options may be especially interesting :
- "guest account" is the user who needs permissons on your files (and directories, obviously), if the clients don't authenticate (i.e. if you don't have to put a login and a password when you mount the shares on your Windows clients) ;
- "guest ok", in this case, should be set to yes ;
- "valid users" and "invalid users", if set, do what you think they do ;
- "force user" and "force group" shouldn't be used. They're a useless additional layer, in your case ;
- "create mask" and "directory mask" are used for newly created files and directories only. They don't overwrite the permissions on the already existing files ;
If your files belongs to "you", and if you don't want to change that, then you can change the group (use the real nobody's one), and set, for example, 0770 perms for dirs, and 0660 for other files :
| Code: | # chown -R you:$(id -gn nobody) <path>
or
# chgrp -R $(id -gn nobody) <path>
# chmod -R 0660 <path>
# find <path> -type d -exec chmod 0770 {} \; |
|
|
| Back to top |
|
|
usualMortal
n00b
Joined: 02 Feb 2016
Posts: 18
|
| Posted: Tue Feb 09, 2016 12:12 am Post subject: |
|
|
It seems that thunar-shares-plugin is unable to share my folders unless it's rwx for others which is undesirable.
Things you have kindly mentioned do not work either for my external drive or my /home/* folders.
Let's see. With that kind of configuration windows client can't access my PC at all, it requires authentication and no password works:
| Code: |
# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[downloads]"
Global parameter guest account found in service section!
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
server string = Samba Server
log file = /var/log/samba/log.%m
max log size = 50
dns proxy = No
usershare allow guests = Yes
usershare max shares = 100
idmap config * : backend = tdb
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
[downloads]
path = /home/myuser/Downloads
read only = No
create mask = 0660
directory mask = 0770
guest ok = Yes |
Authentication problem is solved via adding to [global] section:
| Code: | | map to guest = Bad User |
Permissions and ownership are set as you mentioned:
| Code: |
# ls -l
drwxrwx--- 4 myuser nobody 4096 Feb 8 02:21 Downloads
# ls -l Downloads/
drwxrwx--- 2 myuser nobody 4096 Feb 2 16:34 fds
-rw-rw---- 1 myuser nobody 13555595 Feb 4 21:58 GS42-GettingStartedLO.pdf
-rw-rw---- 1 myuser nobody 1083 Feb 9 04:42 list
-rw-rw---- 1 myuser nobody 12459711 Feb 4 21:58 WG42-WriterGuideLO.pdf
|
But windows client can't access 'downloads' share.
Sharing folder with thunar-shares-plugin results in this:
| Code: | # testparm /var/lib/samba/usershares/notebookstorage
Load smb config files from /var/lib/samba/usershares/notebookstorage
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Unknown parameter encountered: "usershare_acl"
Ignoring unknown parameter "usershare_acl"
Unknown parameter encountered: "guest_ok"
Ignoring unknown parameter "guest_ok"
Unknown parameter encountered: "sharename"
Ignoring unknown parameter "sharename"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
idmap config * : backend = tdb
path = /home/myuser/notebookStorage
|
Permissions are set 777 for direcroty /home/myuser/notebookStorage and the directory itself is accessible, but not the files within. Access to files requires setting 777 permissions with -R.
If I'm to return to main topic then I should mention that
| Code: | | #chmod 777 -R <path_to_drive_mount_point> |
and sharing with thunar-shares-plugin doesn't solve the problem, share is unaccessible still.
P.S. Isn't there a spoiler tag? I find long config files bothersome, you don't need to see them every time you open the thread. |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3135
|
| Posted: Tue Feb 09, 2016 4:57 pm Post subject: |
|
|
| Quote: | | It seems that thunar-shares-plugin is unable to share my folders unless it's rwx for others which is undesirable. |
Why undesirable? You just said you wanted to share it. This means "others" should at least be able to enter directories and read the files. This means 5 on directories and 4 on files, and for read/write 7 on directories and 6 on files.
What's the problem? |
|
| Back to top |
|
|
usualMortal
n00b
Joined: 02 Feb 2016
Posts: 18
|
| Posted: Wed Feb 10, 2016 1:11 am Post subject: |
|
|
It is undesirable because
| Quote: | | Setting 777 perms is evil. Never, ever, do it, or your family will be damned for seven generations. |
The problem is that setting 777 permissions on the external ext4 hard drive in question and sharing with thunar-shares-plugin doesn't work, share is still unaccessible. |
|
| Back to top |
|
|
Syl20
l33t
Joined: 04 Aug 2005
Posts: 619
Location: France
|
| Posted: Wed Feb 10, 2016 10:58 am Post subject: |
|
|
| usualMortal wrote: | Authentication problem is solved via adding to [global] section:
| Code: | | map to guest = Bad User |
|
OK. 
| Quote: | Permissions and ownership are set as you mentioned:
(...)
But windows client can't access 'downloads' share. |
Perms are OK. Is Windows happy if you set (temporarly) "force user = nobody" and/or "admin users = nobody" ?
| Quote: | Sharing folder with thunar-shares-plugin results in this:
| Code: | # testparm /var/lib/samba/usershares/notebookstorage
Load smb config files from /var/lib/samba/usershares/notebookstorage
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Unknown parameter encountered: "usershare_acl"
Ignoring unknown parameter "usershare_acl"
Unknown parameter encountered: "guest_ok"
Ignoring unknown parameter "guest_ok"
Unknown parameter encountered: "sharename"
Ignoring unknown parameter "sharename"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
idmap config * : backend = tdb
path = /home/myuser/notebookStorage
|
|
So either thunar-shares-plugin makes crap, or it doesn't write a samba-style config file. The best thing to do is stopping using it.
| Quote: | | P.S. Isn't there a spoiler tag? I find long config files bothersome, you don't need to see them every time you open the thread. |
You can wgetpaste your config and/or your log files. |
|
| Back to top |
|
|
usualMortal
n00b
Joined: 02 Feb 2016
Posts: 18
|
| Posted: Wed Feb 10, 2016 10:18 pm Post subject: |
|
|
Adding
| Quote: | | force user = nobody |
was sufficient to share my notebook's drive data. But it was not enough for my external hard drive shares. In that case, only
| Quote: | | admin users = nobody |
did the trick.
thunar-shares-plugin is no more, it's time to clean up smb.conf, if you don't mind:
| Code: |
# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[data]"
Processing section "[notebookstorage]"
Processing section "[downloads]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
server string = Samba Server
map to guest = Bad User
log file = /var/log/samba/log.%m
max log size = 50
dns proxy = No
idmap config * : backend = tdb
force user = nobody
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
[data]
path = /run/media/myuser/data
admin users = nobody
read only = No
create mask = 0660
directory mask = 0770
guest ok = Yes
[notebookstorage]
path = /home/myuser/notebookStorage
read only = No
create mask = 0660
directory mask = 0770
guest ok = Yes
[downloads]
path = /home/myuser/Downloads
read only = No
create mask = 0660
directory mask = 0770
guest ok = Yes
|
What should I add/remove in the conf file? And the main question is — what have just happened? : - ) I would like to know more if this doesn't include studying all the samba manuals 'cause that's a little bit too much for my needs. |
|
| Back to top |
|
|
Syl20
l33t
Joined: 04 Aug 2005
Posts: 619
Location: France
|
| Posted: Thu Feb 11, 2016 10:28 am Post subject: |
|
|
| usualMortal wrote: | In that case, only
| Quote: | | admin users = nobody |
did the trick. |
That's strange. This option just tells samba "nobody acts as root". So nobody can just override the files permissions.
But the file permissions are correct, so "admin users" should be useless.
How is the external disk mounted ? Plese post the result of the
command.
What are the /run/media/myuser/data perms ?
| Quote: | | thunar-shares-plugin is no more, |
Good news.
| Quote: | | it's time to clean up smb.conf, if you don't mind: |
No problem.
If you don't use homes share (most of the time, home users don't. If you don't know, it means you don't use), you can safely remove all the [homes] section.
If you don't share printers, you can remove all the [printers] section. Better, you can add this to the [global] section :
| Code: | load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes |
|
|
| Back to top |
|
|
usualMortal
n00b
Joined: 02 Feb 2016
Posts: 18
|
| Posted: Fri Feb 12, 2016 12:02 am Post subject: |
|
|
| Code: | $ mount
/dev/sdb1 on /run/media/myuser/data type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
|
Mounting is done by consolekit.
Permissions for data:
| Code: | | drwxrwx--- 12 myuser nobody 4096 Feb 11 08:44 data |
That's the same as before, 0660 for files, 0770 for directories.
Thanks for the help with smb.conf, that stopped spam in log.smbd. |
|
| Back to top |
|
|
Syl20
l33t
Joined: 04 Aug 2005
Posts: 619
Location: France
|
| Posted: Fri Feb 12, 2016 11:42 am Post subject: |
|
|
| Ok, maybe (certainly) polkit restricts the permissions on /run/media/myuser. Can you try to mount your external disk manually, on /mnt/<some dir>, or on /media/<some dir> (not /run/media), and modify the related samba share configuration ? |
|
| Back to top |
|
|
usualMortal
n00b
Joined: 02 Feb 2016
Posts: 18
|
| Posted: Fri Feb 12, 2016 2:55 pm Post subject: |
|
|
That's true.
I've mounted my hard drive manually, so
| Code: | # mount
/dev/sdb1 on /mnt/data type ext4 (rw,relatime,data=ordered)
|
and I've changed smb.conf accordingly (new path, no "admin users = nobody"). Share has become accessible from windows client.
UPD: This is it, then? Consolekit's behavior stays the same, so in order to share my data without adding "admin users = nobody" I'm to mount hard drive manually?
UPD2: And another question arises: what to do in case of new files/folders appearing? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
