# [SOLVED] (well, mostly) Unable to share an ext4 drive

## usualMortal

Good day, everyone. I would appreciate some advice about samba sharing.

Thing is, I have an external SATA ext4 hdd that is used via USB dock station. I would like to share this drive in my network like I always did, but I'm unable to: this is a new installation of Gentoo on same machine, and things that worked before are no longer complying.

I used this links to get some guidance:

http://goodies.xfce.org/projects/thunar-plugins/thunar-shares-plugin

http://askubuntu.com/questions/214396/file-sharing-with-ext4-partition

So, thunar-shares-plugin works; I'm able to share some of my folders, and other can access them, but hard drive in question is still unreachable, 'windows can't get access to this device' and stuff. Same story with writing in second link: share is created, but windows can't access it.

Looking forward to your opinion.Last edited by usualMortal on Wed Feb 24, 2016 2:53 pm; edited 1 time in total

----------

## Syl20

Are the perms OK on the directories you want to share ? If the Windows user tries to mount the share as "nobody" user, ensure "nobody" is able to read/execute/write all you want to share.

----------

## usualMortal

What perms count as ok? I've decided to set 777 permissions to every file on the device, and it worked the las time I did it.

How to check  is 'nobody' user able to r/w/x my data?

upd: I've edited /etc/group and added 'nobody' to my user's group. Nothing has changed, still no access.

----------

## Syl20

I mentionned "nobody" as an example. Be sure it the right account to consider before doing anything (have a look on smb logs). For practical reasons, I'll continue below, but note that the "nobody" account is commonly used by default, by programs, to give to themselves or to users as few rights as possible. Giving it more rights by inserting it to more groups isn't recommended. Consider "nobody" like "guest" on Windows.  :Wink: 

That said, you have two choices :

1/ change the owner or the group of the files you want to share, and adjust the rights according to your choice,

2/ set ACLs to permit nobody to read and (if you want) to write on files.

The second possibility is a little more harder to set. I think you'll prefer the first one.

Setting 777 perms is evil. Never, ever, do it, or your family will be damned for seven generations.  :Twisted Evil: 

In general, try to avoid setting any permission to "other". Especially writing one.

----------

## usualMortal

Thx for the advices.

About the first one, all the files on the ext4 drive belong to me. I mean, my user. I did run 

$chown -R %user_name% %path_to_drive%

sj I see no issue here. Perhaps I'm wrong though.

The second advice I fail to understand a little. Could you explain which documentation should I study, please?

And the last thing that troubles me is that everything worked last time. The same gentoo distro, the same hard drive, same consolekit + xfce4 + samba. It worked last time, but it is not now. Why so, I wonder.

----------

## Syl20

 *Quote:*   

> And the last thing that troubles me is that everything worked last time. The same gentoo distro, the same hard drive, same consolekit + xfce4 + samba. It worked last time, but it is not now. Why so, I wonder.

 

Perhaps because "security = share" is deprecated now ? Then you have to set "security = user", which is a little less permissive by default.

You said above that it isn't the same Gentoo install. The versions of the apps, so their behaviour, are probably different.

You can run "testparm" (and "man testparm", of course  :Wink:  ) to know how your samba server is really configured. These options may be especially interesting :

- "guest account" is the user who needs permissons on your files (and directories, obviously), if the clients don't authenticate (i.e. if you don't have to put a login and a password when you mount the shares on your Windows clients) ;

- "guest ok", in this case, should be set to yes ;

- "valid users" and "invalid users", if set, do what you think they do ;

- "force user" and "force group" shouldn't be used. They're a useless additional layer, in your case ;

- "create mask" and "directory mask" are used for newly created files and directories only. They don't overwrite the permissions on the already existing files ;

If your files belongs to "you", and if you don't want to change that, then you can change the group (use the real nobody's one), and set, for example, 0770 perms for dirs, and 0660 for other files :

```
# chown -R you:$(id -gn nobody) <path>

or

# chgrp -R $(id -gn nobody) <path>

# chmod -R 0660 <path>

# find <path> -type d -exec chmod 0770 {} \;
```

----------

## usualMortal

It seems that thunar-shares-plugin is unable to share my folders unless it's rwx for others which is undesirable.

Things you have kindly mentioned do not work either for my external drive or my /home/* folders.

Let's see. With that kind of configuration windows client can't access my PC at all, it requires authentication and no password works:

```

# testparm

Load smb config files from /etc/samba/smb.conf

rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)

Processing section "[homes]"

Processing section "[printers]"

Processing section "[downloads]"

Global parameter guest account found in service section!

Loaded services file OK.

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

[global]

   server string = Samba Server

   log file = /var/log/samba/log.%m

   max log size = 50

   dns proxy = No

   usershare allow guests = Yes

   usershare max shares = 100

   idmap config * : backend = tdb

[homes]

   comment = Home Directories

   read only = No

   browseable = No

[printers]

   comment = All Printers

   path = /var/spool/samba

   printable = Yes

   print ok = Yes

   browseable = No

[downloads]

   path = /home/myuser/Downloads

   read only = No

   create mask = 0660

   directory mask = 0770

   guest ok = Yes
```

Authentication problem is solved via adding to [global] section:

```
map to guest = Bad User
```

Permissions and ownership are set as you mentioned:

```

# ls -l 

drwxrwx--- 4 myuser nobody       4096 Feb  8 02:21 Downloads

# ls -l Downloads/

drwxrwx--- 2 myuser nobody     4096 Feb  2 16:34 fds

-rw-rw---- 1 myuser nobody 13555595 Feb  4 21:58 GS42-GettingStartedLO.pdf

-rw-rw---- 1 myuser nobody     1083 Feb  9 04:42 list

-rw-rw---- 1 myuser nobody 12459711 Feb  4 21:58 WG42-WriterGuideLO.pdf

```

But windows client can't access 'downloads' share.

Sharing folder with thunar-shares-plugin results in this:

```
# testparm /var/lib/samba/usershares/notebookstorage 

Load smb config files from /var/lib/samba/usershares/notebookstorage

rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)

Unknown parameter encountered: "usershare_acl"

Ignoring unknown parameter "usershare_acl"

Unknown parameter encountered: "guest_ok"

Ignoring unknown parameter "guest_ok"

Unknown parameter encountered: "sharename"

Ignoring unknown parameter "sharename"

Loaded services file OK.

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

[global]

   idmap config * : backend = tdb

   path = /home/myuser/notebookStorage

```

Permissions are set 777 for direcroty /home/myuser/notebookStorage and the directory itself is accessible, but not the files within. Access to files requires setting 777 permissions with -R.

If I'm to return to main topic then I should mention that 

```
#chmod 777 -R <path_to_drive_mount_point>  
```

and sharing with thunar-shares-plugin doesn't solve the problem, share is unaccessible still.

P.S. Isn't there a spoiler tag? I find long config files bothersome, you don't need to see them every time you open the thread.

----------

## szatox

 *Quote:*   

> It seems that thunar-shares-plugin is unable to share my folders unless it's rwx for others which is undesirable. 

 

Why undesirable? You just said you wanted to share it. This means "others" should at least be able to enter directories and read the files. This means 5 on directories and 4 on files, and for read/write 7 on directories and 6 on files.

What's the problem?

----------

## usualMortal

It is undesirable because 

 *Quote:*   

> Setting 777 perms is evil. Never, ever, do it, or your family will be damned for seven generations. 

 

The problem is that setting 777 permissions on the external ext4 hard drive in question and sharing with thunar-shares-plugin doesn't work, share is still unaccessible.

----------

## Syl20

 *usualMortal wrote:*   

> Authentication problem is solved via adding to [global] section:
> 
> ```
> map to guest = Bad User
> ```
> ...

 

OK.  :Smile: 

 *Quote:*   

> Permissions and ownership are set as you mentioned:
> 
> (...)
> 
> But windows client can't access 'downloads' share. 

 

Perms are OK. Is Windows happy if you set (temporarly) "force user = nobody" and/or "admin users = nobody" ?

 *Quote:*   

> Sharing folder with thunar-shares-plugin results in this:
> 
> ```
> # testparm /var/lib/samba/usershares/notebookstorage 
> 
> ...

 

So either thunar-shares-plugin makes crap, or it doesn't write a samba-style config file. The best thing to do is stopping using it.

 *Quote:*   

> P.S. Isn't there a spoiler tag? I find long config files bothersome, you don't need to see them every time you open the thread.

 

You can wgetpaste your config and/or your log files.  :Wink: 

----------

## usualMortal

Adding

 *Quote:*   

> force user = nobody

 

was sufficient to share my notebook's drive data. But it was not enough for my external hard drive shares. In that case, only 

 *Quote:*   

> admin users = nobody

 

did the trick.

thunar-shares-plugin is no more, it's time to clean up smb.conf, if you don't mind:

```

# testparm 

Load smb config files from /etc/samba/smb.conf

rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)

Processing section "[homes]"

Processing section "[printers]"

Processing section "[data]"

Processing section "[notebookstorage]"

Processing section "[downloads]"

Loaded services file OK.

WARNING: You have some share names that are longer than 12 characters.

These may not be accessible to some older clients.

(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

[global]

   server string = Samba Server

   map to guest = Bad User

   log file = /var/log/samba/log.%m

   max log size = 50

   dns proxy = No

   idmap config * : backend = tdb

   force user = nobody

[homes]

   comment = Home Directories

   read only = No

   browseable = No

[printers]

   comment = All Printers

   path = /var/spool/samba

   printable = Yes

   print ok = Yes

   browseable = No

[data]

   path = /run/media/myuser/data

   admin users = nobody

   read only = No

   create mask = 0660

   directory mask = 0770

   guest ok = Yes

[notebookstorage]

   path = /home/myuser/notebookStorage

   read only = No

   create mask = 0660

   directory mask = 0770

   guest ok = Yes

[downloads]

   path = /home/myuser/Downloads

   read only = No

   create mask = 0660

   directory mask = 0770

   guest ok = Yes

```

What should I add/remove in the conf file? And the main question is  —  what have just happened? : - ) I would like to know more if this doesn't include studying all the samba manuals 'cause that's a little bit too much for my needs.

----------

## Syl20

 *usualMortal wrote:*   

> In that case, only 
> 
>  *Quote:*   admin users = nobody 
> 
> did the trick.

 

That's strange. This option just tells samba "nobody acts as root". So nobody can just override the files permissions.

But the file permissions are correct, so "admin users" should be useless.

How is the external disk mounted ? Plese post the result of the

```
# mount
```

command.

What are the /run/media/myuser/data perms ?

 *Quote:*   

> thunar-shares-plugin is no more,

 

Good news.

 *Quote:*   

>  it's time to clean up smb.conf, if you don't mind:

 

No problem.

If you don't use homes share (most of the time, home users don't. If you don't know, it means you don't use), you can safely remove all the [homes] section.

If you don't share printers, you can remove all the [printers] section. Better, you can add this to the [global] section :

```
load printers = no

printing = bsd

printcap name = /dev/null

disable spoolss = yes
```

----------

## usualMortal

```
$ mount

/dev/sdb1 on /run/media/myuser/data type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)

```

Mounting is done by consolekit.

Permissions for data:

```
drwxrwx--- 12 myuser nobody 4096 Feb 11 08:44 data
```

That's the same as before, 0660 for files, 0770 for directories. 

Thanks for the help with smb.conf, that stopped spam in log.smbd.

----------

## Syl20

Ok, maybe (certainly) polkit restricts the permissions on /run/media/myuser. Can you try to mount your external disk manually, on /mnt/<some dir>, or on /media/<some dir> (not /run/media), and modify the related samba share configuration ?

----------

## usualMortal

That's true. 

I've mounted my hard drive manually, so 

```
# mount

/dev/sdb1 on /mnt/data type ext4 (rw,relatime,data=ordered)

```

and I've changed smb.conf accordingly (new path, no "admin users = nobody"). Share has become accessible from windows client.

UPD: This is it, then? Consolekit's behavior stays the same, so in order to share my data without adding "admin users = nobody" I'm to mount hard drive manually?

UPD2: And another question arises: what to do in case of new files/folders appearing?

----------

