Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] (well, mostly) Unable to share an ext4 drive
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
usualMortal
n00b
n00b


Joined: 02 Feb 2016
Posts: 15

PostPosted: Tue Feb 02, 2016 6:04 am    Post subject: [SOLVED] (well, mostly) Unable to share an ext4 drive Reply with quote

Good day, everyone. I would appreciate some advice about samba sharing.
Thing is, I have an external SATA ext4 hdd that is used via USB dock station. I would like to share this drive in my network like I always did, but I'm unable to: this is a new installation of Gentoo on same machine, and things that worked before are no longer complying.
I used this links to get some guidance:
http://goodies.xfce.org/projects/thunar-plugins/thunar-shares-plugin
http://askubuntu.com/questions/214396/file-sharing-with-ext4-partition
So, thunar-shares-plugin works; I'm able to share some of my folders, and other can access them, but hard drive in question is still unreachable, 'windows can't get access to this device' and stuff. Same story with writing in second link: share is created, but windows can't access it.
Looking forward to your opinion.


Last edited by usualMortal on Wed Feb 24, 2016 2:53 pm; edited 1 time in total
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 553
Location: France

PostPosted: Tue Feb 02, 2016 1:29 pm    Post subject: Reply with quote

Are the perms OK on the directories you want to share ? If the Windows user tries to mount the share as "nobody" user, ensure "nobody" is able to read/execute/write all you want to share.
Back to top
View user's profile Send private message
usualMortal
n00b
n00b


Joined: 02 Feb 2016
Posts: 15

PostPosted: Tue Feb 02, 2016 6:42 pm    Post subject: Reply with quote

What perms count as ok? I've decided to set 777 permissions to every file on the device, and it worked the las time I did it.
How to check is 'nobody' user able to r/w/x my data?
upd: I've edited /etc/group and added 'nobody' to my user's group. Nothing has changed, still no access.
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 553
Location: France

PostPosted: Thu Feb 04, 2016 3:32 pm    Post subject: Reply with quote

I mentionned "nobody" as an example. Be sure it the right account to consider before doing anything (have a look on smb logs). For practical reasons, I'll continue below, but note that the "nobody" account is commonly used by default, by programs, to give to themselves or to users as few rights as possible. Giving it more rights by inserting it to more groups isn't recommended. Consider "nobody" like "guest" on Windows. :wink:

That said, you have two choices :
1/ change the owner or the group of the files you want to share, and adjust the rights according to your choice,
2/ set ACLs to permit nobody to read and (if you want) to write on files.

The second possibility is a little more harder to set. I think you'll prefer the first one.

Setting 777 perms is evil. Never, ever, do it, or your family will be damned for seven generations. :twisted:
In general, try to avoid setting any permission to "other". Especially writing one.
Back to top
View user's profile Send private message
usualMortal
n00b
n00b


Joined: 02 Feb 2016
Posts: 15

PostPosted: Fri Feb 05, 2016 5:24 pm    Post subject: Reply with quote

Thx for the advices.
About the first one, all the files on the ext4 drive belong to me. I mean, my user. I did run
$chown -R %user_name% %path_to_drive%
sj I see no issue here. Perhaps I'm wrong though.
The second advice I fail to understand a little. Could you explain which documentation should I study, please?
And the last thing that troubles me is that everything worked last time. The same gentoo distro, the same hard drive, same consolekit + xfce4 + samba. It worked last time, but it is not now. Why so, I wonder.
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 553
Location: France

PostPosted: Mon Feb 08, 2016 3:39 pm    Post subject: Reply with quote

Quote:
And the last thing that troubles me is that everything worked last time. The same gentoo distro, the same hard drive, same consolekit + xfce4 + samba. It worked last time, but it is not now. Why so, I wonder.

Perhaps because "security = share" is deprecated now ? Then you have to set "security = user", which is a little less permissive by default.
You said above that it isn't the same Gentoo install. The versions of the apps, so their behaviour, are probably different.

You can run "testparm" (and "man testparm", of course :wink: ) to know how your samba server is really configured. These options may be especially interesting :
- "guest account" is the user who needs permissons on your files (and directories, obviously), if the clients don't authenticate (i.e. if you don't have to put a login and a password when you mount the shares on your Windows clients) ;
- "guest ok", in this case, should be set to yes ;
- "valid users" and "invalid users", if set, do what you think they do ;
- "force user" and "force group" shouldn't be used. They're a useless additional layer, in your case ;
- "create mask" and "directory mask" are used for newly created files and directories only. They don't overwrite the permissions on the already existing files ;

If your files belongs to "you", and if you don't want to change that, then you can change the group (use the real nobody's one), and set, for example, 0770 perms for dirs, and 0660 for other files :
Code:
# chown -R you:$(id -gn nobody) <path>
or
# chgrp -R $(id -gn nobody) <path>

# chmod -R 0660 <path>
# find <path> -type d -exec chmod 0770 {} \;
Back to top
View user's profile Send private message
usualMortal
n00b
n00b


Joined: 02 Feb 2016
Posts: 15

PostPosted: Tue Feb 09, 2016 12:12 am    Post subject: Reply with quote

It seems that thunar-shares-plugin is unable to share my folders unless it's rwx for others which is undesirable.

Things you have kindly mentioned do not work either for my external drive or my /home/* folders.
Let's see. With that kind of configuration windows client can't access my PC at all, it requires authentication and no password works:

Code:

# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[downloads]"
Global parameter guest account found in service section!
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
   server string = Samba Server
   log file = /var/log/samba/log.%m
   max log size = 50
   dns proxy = No
   usershare allow guests = Yes
   usershare max shares = 100
   idmap config * : backend = tdb

[homes]
   comment = Home Directories
   read only = No
   browseable = No

[printers]
   comment = All Printers
   path = /var/spool/samba
   printable = Yes
   print ok = Yes
   browseable = No

[downloads]
   path = /home/myuser/Downloads
   read only = No
   create mask = 0660
   directory mask = 0770
   guest ok = Yes


Authentication problem is solved via adding to [global] section:
Code:
map to guest = Bad User


Permissions and ownership are set as you mentioned:

Code:

# ls -l
drwxrwx--- 4 myuser nobody       4096 Feb  8 02:21 Downloads

# ls -l Downloads/

drwxrwx--- 2 myuser nobody     4096 Feb  2 16:34 fds
-rw-rw---- 1 myuser nobody 13555595 Feb  4 21:58 GS42-GettingStartedLO.pdf
-rw-rw---- 1 myuser nobody     1083 Feb  9 04:42 list
-rw-rw---- 1 myuser nobody 12459711 Feb  4 21:58 WG42-WriterGuideLO.pdf


But windows client can't access 'downloads' share.

Sharing folder with thunar-shares-plugin results in this:
Code:
# testparm /var/lib/samba/usershares/notebookstorage
Load smb config files from /var/lib/samba/usershares/notebookstorage
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Unknown parameter encountered: "usershare_acl"
Ignoring unknown parameter "usershare_acl"
Unknown parameter encountered: "guest_ok"
Ignoring unknown parameter "guest_ok"
Unknown parameter encountered: "sharename"
Ignoring unknown parameter "sharename"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
   idmap config * : backend = tdb
   path = /home/myuser/notebookStorage


Permissions are set 777 for direcroty /home/myuser/notebookStorage and the directory itself is accessible, but not the files within. Access to files requires setting 777 permissions with -R.

If I'm to return to main topic then I should mention that
Code:
#chmod 777 -R <path_to_drive_mount_point> 

and sharing with thunar-shares-plugin doesn't solve the problem, share is unaccessible still.

P.S. Isn't there a spoiler tag? I find long config files bothersome, you don't need to see them every time you open the thread.
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1717

PostPosted: Tue Feb 09, 2016 4:57 pm    Post subject: Reply with quote

Quote:
It seems that thunar-shares-plugin is unable to share my folders unless it's rwx for others which is undesirable.

Why undesirable? You just said you wanted to share it. This means "others" should at least be able to enter directories and read the files. This means 5 on directories and 4 on files, and for read/write 7 on directories and 6 on files.

What's the problem?
Back to top
View user's profile Send private message
usualMortal
n00b
n00b


Joined: 02 Feb 2016
Posts: 15

PostPosted: Wed Feb 10, 2016 1:11 am    Post subject: Reply with quote

It is undesirable because
Quote:
Setting 777 perms is evil. Never, ever, do it, or your family will be damned for seven generations. :twisted:


The problem is that setting 777 permissions on the external ext4 hard drive in question and sharing with thunar-shares-plugin doesn't work, share is still unaccessible.
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 553
Location: France

PostPosted: Wed Feb 10, 2016 10:58 am    Post subject: Reply with quote

usualMortal wrote:
Authentication problem is solved via adding to [global] section:
Code:
map to guest = Bad User

OK. :)

Quote:
Permissions and ownership are set as you mentioned:
(...)
But windows client can't access 'downloads' share.

Perms are OK. Is Windows happy if you set (temporarly) "force user = nobody" and/or "admin users = nobody" ?

Quote:
Sharing folder with thunar-shares-plugin results in this:
Code:
# testparm /var/lib/samba/usershares/notebookstorage
Load smb config files from /var/lib/samba/usershares/notebookstorage
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Unknown parameter encountered: "usershare_acl"
Ignoring unknown parameter "usershare_acl"
Unknown parameter encountered: "guest_ok"
Ignoring unknown parameter "guest_ok"
Unknown parameter encountered: "sharename"
Ignoring unknown parameter "sharename"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
   idmap config * : backend = tdb
   path = /home/myuser/notebookStorage

So either thunar-shares-plugin makes crap, or it doesn't write a samba-style config file. The best thing to do is stopping using it.

Quote:
P.S. Isn't there a spoiler tag? I find long config files bothersome, you don't need to see them every time you open the thread.

You can wgetpaste your config and/or your log files. :wink:
Back to top
View user's profile Send private message
usualMortal
n00b
n00b


Joined: 02 Feb 2016
Posts: 15

PostPosted: Wed Feb 10, 2016 10:18 pm    Post subject: Reply with quote

Adding
Quote:
force user = nobody

was sufficient to share my notebook's drive data. But it was not enough for my external hard drive shares. In that case, only
Quote:
admin users = nobody

did the trick.
thunar-shares-plugin is no more, it's time to clean up smb.conf, if you don't mind:

Code:


# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[data]"
Processing section "[notebookstorage]"
Processing section "[downloads]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
   server string = Samba Server
   map to guest = Bad User
   log file = /var/log/samba/log.%m
   max log size = 50
   dns proxy = No
   idmap config * : backend = tdb
   force user = nobody

[homes]
   comment = Home Directories
   read only = No
   browseable = No

[printers]
   comment = All Printers
   path = /var/spool/samba
   printable = Yes
   print ok = Yes
   browseable = No

[data]
   path = /run/media/myuser/data
   admin users = nobody
   read only = No
   create mask = 0660
   directory mask = 0770
   guest ok = Yes

[notebookstorage]
   path = /home/myuser/notebookStorage
   read only = No
   create mask = 0660
   directory mask = 0770
   guest ok = Yes

[downloads]
   path = /home/myuser/Downloads
   read only = No
   create mask = 0660
   directory mask = 0770
   guest ok = Yes



What should I add/remove in the conf file? And the main question is — what have just happened? : - ) I would like to know more if this doesn't include studying all the samba manuals 'cause that's a little bit too much for my needs.
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 553
Location: France

PostPosted: Thu Feb 11, 2016 10:28 am    Post subject: Reply with quote

usualMortal wrote:
In that case, only
Quote:
admin users = nobody

did the trick.

That's strange. This option just tells samba "nobody acts as root". So nobody can just override the files permissions.
But the file permissions are correct, so "admin users" should be useless.

How is the external disk mounted ? Plese post the result of the
Code:
# mount

command.
What are the /run/media/myuser/data perms ?

Quote:
thunar-shares-plugin is no more,

Good news.

Quote:
it's time to clean up smb.conf, if you don't mind:

No problem.

If you don't use homes share (most of the time, home users don't. If you don't know, it means you don't use), you can safely remove all the [homes] section.
If you don't share printers, you can remove all the [printers] section. Better, you can add this to the [global] section :
Code:
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
Back to top
View user's profile Send private message
usualMortal
n00b
n00b


Joined: 02 Feb 2016
Posts: 15

PostPosted: Fri Feb 12, 2016 12:02 am    Post subject: Reply with quote

Code:
$ mount
/dev/sdb1 on /run/media/myuser/data type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)


Mounting is done by consolekit.

Permissions for data:
Code:
drwxrwx--- 12 myuser nobody 4096 Feb 11 08:44 data

That's the same as before, 0660 for files, 0770 for directories.

Thanks for the help with smb.conf, that stopped spam in log.smbd.
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 553
Location: France

PostPosted: Fri Feb 12, 2016 11:42 am    Post subject: Reply with quote

Ok, maybe (certainly) polkit restricts the permissions on /run/media/myuser. Can you try to mount your external disk manually, on /mnt/<some dir>, or on /media/<some dir> (not /run/media), and modify the related samba share configuration ?
Back to top
View user's profile Send private message
usualMortal
n00b
n00b


Joined: 02 Feb 2016
Posts: 15

PostPosted: Fri Feb 12, 2016 2:55 pm    Post subject: Reply with quote

That's true.
I've mounted my hard drive manually, so

Code:
# mount
/dev/sdb1 on /mnt/data type ext4 (rw,relatime,data=ordered)


and I've changed smb.conf accordingly (new path, no "admin users = nobody"). Share has become accessible from windows client.

UPD: This is it, then? Consolekit's behavior stays the same, so in order to share my data without adding "admin users = nobody" I'm to mount hard drive manually?

UPD2: And another question arises: what to do in case of new files/folders appearing?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum