Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Sharing an existing folder using Samba

Wed Mar 13, 2019 3:16 pm

Hello fellow Pi folk,

I was wondering if an Uber Noob could get some help here?

I recently purchased a 3b+ to act as a family file server. I am a unix admin from decades ago and have pretty much forgotten everything when it comes to any variant of Unix.

I was able to install Stretch, Samba and Webmin. Hooray!

The thing I am having trouble with is sharing an existing folder using Samba.

I have a HD connected to the Pi through a usb port. The partitions on the drive are formatted as ext4. There are existing folders and files on these partitions.

How to I go about sharing one of these existing folders using Samba? Everything I try just seems to create an empty directory (home directory?) that is shared. Nothing in it.

Sincere apologies if I am posting this in the wrong place.

Thanks!

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23083
Joined: Sat Jul 30, 2011 7:41 pm

Re: Sharing an existing folder using Samba

Wed Mar 13, 2019 4:28 pm

Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

hortimech
Posts: 295
Joined: Wed Apr 08, 2015 5:52 pm

Re: Sharing an existing folder using Samba

Wed Mar 13, 2019 10:27 pm

Probably not, for the following reasons:

It shows this as a share:

Code: Select all

[share]
    path = /home/pi/shared
    available = yes
    valid users = pi
    read only = no
    browsable = yes
    public = yes
    writable = yes

Lets examine that.

'available = yes' and 'browsable = yes' are default settings, so do not need to be set.

'public = yes' is a synonym for 'guest ok = yes'

'read only = no' is a synonym for 'writable = yes', so you do not need both.

Now we come to the big one, there is this: 'valid users = pi'
This means that the only user that can connect is 'pi', but there is also supposed to be 'guest' access, this will never work

So, if you want only named users to connect, you need something like this:

Code: Select all

[share]
    path = /home/pi/shared
    valid users = pi
    read only = no
 
If you want only authenticated users to connect, you need to something like this:

Code: Select all

[share]
    path = /home/pi/shared
    read only = no

If you want Authenticated users and guest access, you need something like this:

Code: Select all

[share]
    path = /home/pi/shared
    read only = no
    guest ok = yes

You cannot have guest access AND only allow named users access.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23083
Joined: Sat Jul 30, 2011 7:41 pm

Re: Sharing an existing folder using Samba

Thu Mar 14, 2019 9:46 am

hortimech wrote:
Wed Mar 13, 2019 10:27 pm
Probably not, for the following reasons:

It shows this as a share:

Code: Select all

[share]
    path = /home/pi/shared
    available = yes
    valid users = pi
    read only = no
    browsable = yes
    public = yes
    writable = yes

Lets examine that.

'available = yes' and 'browsable = yes' are default settings, so do not need to be set.

'public = yes' is a synonym for 'guest ok = yes'

'read only = no' is a synonym for 'writable = yes', so you do not need both.

Now we come to the big one, there is this: 'valid users = pi'
This means that the only user that can connect is 'pi', but there is also supposed to be 'guest' access, this will never work

So, if you want only named users to connect, you need something like this:

Code: Select all

[share]
    path = /home/pi/shared
    valid users = pi
    read only = no
 
If you want only authenticated users to connect, you need to something like this:

Code: Select all

[share]
    path = /home/pi/shared
    read only = no

If you want Authenticated users and guest access, you need something like this:

Code: Select all

[share]
    path = /home/pi/shared
    read only = no
    guest ok = yes

You cannot have guest access AND only allow named users access.
I'd be happy to accept a pull request on changes to the docs in this area.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Re: Sharing an existing folder using Samba

Fri Mar 15, 2019 3:29 pm

Thanks for your replies, they were very helpful. I am almost there. I have the shares mounted at /media/pi/USBDiskName.

There is one final issue. When I try to connect to the share from my mac (Connect to server then smb://xxx.xxx.xxx.xxx) I can connect with no problem as pi. But when I connect as the user I created (my name) the pi refuses the connection unless I connect to my home account. I can see the shared disks I want to connect o but it won't let me connect.

I assume this is a permission problem of some sort but I can't figure out what the issue is.

Help!

Thanks :)

hortimech
Posts: 295
Joined: Wed Apr 08, 2015 5:52 pm

Re: Sharing an existing folder using Samba

Fri Mar 15, 2019 4:13 pm

jamesh wrote:
Thu Mar 14, 2019 9:46 am

I'd be happy to accept a pull request on changes to the docs in this area.
And I would be quite willing to totally rewrite your Samba page, just not on git-hub, we left there and went to git-lab.

Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Re: Sharing an existing folder using Samba

Fri Mar 15, 2019 4:34 pm

Jamesh and Hortimech, I have no idea what you guys are talking about? :?

hortimech
Posts: 295
Joined: Wed Apr 08, 2015 5:52 pm

Re: Sharing an existing folder using Samba

Fri Mar 15, 2019 5:47 pm

Thoughtfission wrote:
Fri Mar 15, 2019 4:34 pm
Jamesh and Hortimech, I have no idea what you guys are talking about? :?
Hi Thoughtfisssion, I am a member of the Samba team and I have been trying, for some time, to point out to the Rpi team that their Samba page isn't correct and all I get is 'use git-hub'. I will not use git-hub, well not after Microsoft bought it.

If anybody has any problems with Samba, can I suggest that they read the Samba wiki, instead of the Rpi Samba wiki page:

https://wiki.samba.org/index.php/Main_Page

I can and do edit that

Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Re: Sharing an existing folder using Samba

Fri Mar 15, 2019 5:58 pm

Hi Hortimech. Thanks, now I understand.

Did you happen to see my post above? I still can't access the share as anyone other than "pi"

hortimech
Posts: 295
Joined: Wed Apr 08, 2015 5:52 pm

Re: Sharing an existing folder using Samba

Sat Mar 16, 2019 8:52 am

OK, lets start by you posting your smb.conf
But before you post it, remove all lines that start with a '#' or ';'

Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Re: Sharing an existing folder using Samba

Sat Mar 16, 2019 9:57 pm

Great, thank you. I've changed the names of the users to Z1 and Z3 and the corresponding share and disk names for privacy.

[global]
encrypt passwords = yes
username map = /etc/samba/user.map
syslog = 0
map to guest = bad user
max log size = 1000
workgroup = WORKGROUP
writeable = yes
usershare allow guests = yes
passwd program = /usr/bin/passwd %u
pam password change = yes
obey pam restrictions = yes
panic action = /usr/share/samba/panic-action %d
dns proxy = no
unix password sync = yes
security = user
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passdb backend = tdbsam
server role = standalone server
log file = /var/log/samba/log.%m




[homes]
comment = Home Directories
browseable = no
read only = no

read only = yes

create mask = 0755

directory mask = 0755

valid users = %S


[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700


[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no

[public]
comment = public storage
path = /home/shares/public
valid users = @users
force group = users
create mask = 0660
directory mask = 0771
read only = no

[share]
path = /home/pi/Desktop/share
available = yes
valid users = pi
read only = no
browsable = yes
public = yes

[Z1_Share]
path = /media/pi/Z1_Disk
available = yes
valid users = pi, Z1
read only = no

[Z2_Share]
path = /media/pi/Z2_Disk
available = yes
valid users = pi, Z1, Z3
read only = no

[Z3_Share]
path = /media/pi/Z3_Disk
available = yes
valid users = pi, Z1, Z3
read only = no

hortimech
Posts: 295
Joined: Wed Apr 08, 2015 5:52 pm

Re: Sharing an existing folder using Samba

Sun Mar 17, 2019 9:32 am

This is the smb.conf with all the default settings removed (note it is interspaced with comments)

[global]
workgroup = WORKGROUP
security = user
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
usershare allow guests = yes
passwd program = /usr/bin/passwd %u
pam password change = yes
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
panic action = /usr/share/samba/panic-action %d
dns proxy = no
unix password sync = yes
map to guest = bad user

username map = /etc/samba/user.map

Why have you got a user.map ?
It is only really useful on a domain member.

obey pam restrictions = yes

You should remove the line above, it has been found to alter the umask.

[homes]
comment = Home Directories
browseable = no
read only = no
read only = yes

Why have both of the lines above ?
They are exact opposites and the last one wins. If you want to allow writing to the share, remove the last one, if you don't, remove both.

create mask = 0755
valid users = %S

[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
create mask = 0700

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers

[public]
comment = public storage
path = /home/shares/public
valid users = @users
force group = users
create mask = 0660
directory mask = 0771
read only = no

Interesting, a share called 'public' that isn't. To connect the user must be authenticated and a member of the 'users' group

[share]
path = /home/pi/Desktop/share
valid users = pi
read only = no
guest ok = yes

The 'guest ok = yes' is superfluous, only the user 'pi' can connect, if you want anybody to connect (authenticated or guest), remove the 'valid users' line, if you really want the user 'pi' to be the only user allowed, remove the 'guest ok' line (note: you had the old synonym 'public')

[Z1_Share]
path = /media/pi/Z1_Disk
valid users = pi, Z1
read only = no

Only the users 'pi' and 'Z1' can connect

[Z2_Share]
path = /media/pi/Z2_Disk
valid users = pi, Z1, Z3
read only = no

Only the users 'pi', 'Z1' and 'Z3' can connect

[Z3_Share]
path = /media/pi/Z3_Disk
valid users = pi, Z1, Z3
read only = no

Only the users 'pi', 'Z1' and 'Z3' can connect

I note that you are sharing mounted drives, depending on what filesystem they are formatted as and if the required software is installed will affect the way Samba interacts with the shares.

Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Re: Sharing an existing folder using Samba

Sun Mar 17, 2019 2:54 pm

Hi Hortimech,

Thanks for taking the time to do this.

Why have you got a user.map ?
It is only really useful on a domain member.


No idea, I didn’t add this. Will delete.


[share]
path = /home/pi/Desktop/share
valid users = pi
read only = no
guest ok = yes

The 'guest ok = yes' is superfluous, only the user 'pi' can connect, if you want anybody to connect (authenticated or guest), remove the 'valid users' line, if you really want the user 'pi' to be the only user allowed, remove the 'guest ok' line (note: you had the old synonym 'public')


I think this is a cut and paste error on my part. It doesn’t exist in the file.

I note that you are sharing mounted drives, depending on what filesystem they are formatted as and if the required software is installed will affect the way Samba interacts with the shares.

The drives mounted are etx4 Do you think this will cause problems?

Unfortunately, after making the changes above as per your instructions, I can't connect with any account.

Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Re: Sharing an existing folder using Samba

Sun Mar 17, 2019 5:03 pm

[global]
unix password sync = yes
usershare allow guests = yes
writeable = yes
pam password change = yes
dns proxy = no
passwd program = /usr/bin/passwd %u
server role = standalone server
syslog = 0
workgroup = WORKGROUP
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = yes
passdb backend = tdbsam
log file = /var/log/samba/log.%m
map to guest = bad user
max log size = 1000

[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no


[public]
comment = public storage
path = /home/shares/public
valid users = @users
force group = users
create mask = 0660
directory mask = 0771
read only = no

[share]
path = /home/pi/Desktop/share
available = yes
valid users = pi, Z3, Z1
read only = no
browsable = yes
public = yes

[Z1_Share]
path = /media/pi/Grant_Disk
available = yes
valid users = pi, Z1
read only = no

[Global_Share]
path = /media/pi/Share_Disk
available = yes
valid users = pi, Z1, Z3
read only = no

[Z3_Share]
path = /media/pi/Mary_Disk
available = yes
valid users = pi, Z1, Z3
read only = no

Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Re: Sharing an existing folder using Samba

Sun Mar 17, 2019 5:05 pm

[homes]
comment = Home Directories
browseable = no
read only = no

Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Re: Sharing an existing folder using Samba

Sun Mar 17, 2019 5:11 pm

create mask = 0755

directory mask = 0755

valid users = %S

hortimech
Posts: 295
Joined: Wed Apr 08, 2015 5:52 pm

Re: Sharing an existing folder using Samba

Sun Mar 17, 2019 6:40 pm

What are the permissions on the folders you are sharing ?

what do these commands output:

ls -lad /home/shares/public

ls -lad /home/pi/Desktop/share

ls -lad /media/pi/Z1_Disk

ls -lad /media/pi/Z2_Disk

ls -lad /media/pi/Z3_Disk

Does the user you are trying to connect to the share (which share ?) exist in /etc/passwd ?
and is it also a Samba user ?

Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Re: Sharing an existing folder using Samba

Tue Mar 19, 2019 10:16 am

Hi,

Sorry for the delay in responding. Yesterday was crazy busy.

Here are the answers to your questions (hopefully):

what do these commands output:

ls -lad /home/shares/public

drwxrwxr-x 2 root users 4096 Mar 11 13:45 /home/shares/public

ls -lad /home/pi/Desktop/share

drwxr-xr-x 2 pi pi 4096 Mar 11 14:06 /home/pi/Desktop/share

ls -lad /media/pi/Z1_Disk

drwxrwxrwx 4 root root 4096 Mar 14 09:19 /media/pi/Z1_Disk

ls -lad /media/pi/Z2_Disk

drwxr-xr-x 4 root root 4096 Mar 1 14:33 /media/pi/Z2_Disk

ls -lad /media/pi/Z3_Disk

drwxrwxrwx 3 root root 4096 Mar 15 14:55 /media/pi/Z3_Disk

Does the user you are trying to connect to the share (which share ?) exist in /etc/passwd ?
and is it also a Samba user ?

/etc/passwd entries for the users in question (Z1 is the priority right now)

Z1:x:1001:0:Z1:/media/pi/Z1_Disk:/bin/sh

Z3:x:1002:100:Z3:/home/Z3:/bin/sh

Z1 is a Samba user. Will add Z3 once Z1 is working properly.

hortimech
Posts: 295
Joined: Wed Apr 08, 2015 5:52 pm

Re: Sharing an existing folder using Samba

Tue Mar 19, 2019 2:02 pm

OK, if we examine one of those permission lines we find this:

drwxrwxrwx 3 root root 4096 Mar 15 14:55 /media/pi/Z3_Disk

The first block 'drwxrwxrwx' are the permissions
The third and fourth are the owner & group
The last is the path to the directory

Breaking the permissions down, it becomes this:
d rwx rwx rwx

The first letter tells you that they are from a directory.

The first block of 'rwx's is for the owners permissions, the second is for the groups permissions and the last is for everybody else, referred to as 'others'

The three blocks of 'rwx's can be broken down further:

r w x

'r' is for read
'w' is for write
'x' is for (in this case) enter, but, if it was a file, it would be execute.

An absence of a letter i.e. 'r-x' means that permission isn't given, in this case 'write' isn't allowed.

So from that, you will find:

Z1 has full permissions on: /media/pi/Z1_Disk but only through 'others'
Z1 has full permissions on: /media/pi/Z3_Disk but only through 'others'
Z1 can enter and read: /home/shares/public /home/pi/Desktop/share /media/pi/Z2_Disk
Z1 may be able to write to /home/shares/public, but only if 'Z1' is a member of the 'users' group

Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Re: Sharing an existing folder using Samba

Tue Mar 19, 2019 3:18 pm

Hi Hortimech,

Thanks for your answers. The permission thing, rwx and groups/users, I was ok with. Probably one of the few things I remember from my UNIX days. But what I can't understand is why I get message telling me I don't have access to the server when I try to connect the share, Z1_Disk, to my mac (smb://192.168.xxx.xxx)? If I do it as "pi" I have no issues at all. If I do it as user Z1, it just refuses the connection.

BTW, love your answers. You should consider teaching at university! Very detailed and easy to understand.

hortimech
Posts: 295
Joined: Wed Apr 08, 2015 5:52 pm

Re: Sharing an existing folder using Samba

Wed Mar 20, 2019 4:33 pm

Thoughtfission wrote:
Tue Mar 19, 2019 3:18 pm
Hi Hortimech,

Thanks for your answers. The permission thing, rwx and groups/users, I was ok with. Probably one of the few things I remember from my UNIX days. But what I can't understand is why I get message telling me I don't have access to the server when I try to connect the share, Z1_Disk, to my mac (smb://192.168.xxx.xxx)? If I do it as "pi" I have no issues at all. If I do it as user Z1, it just refuses the connection.
you posted this:

Z1:x:1001:0:Z1:/media/pi/Z1_Disk:/bin/sh

Which shows that the user 'Z1' is known to the OS, has the ID '1001', the users primary group is '0' (root group) , its home directory is /media/pi/Z1_Disk and has the login shell /bin/sh

The permissions on /media/pi/Z1_Disk are 'drwxrwxrwx root root'

So, as I said, Z1 should be able to connect via 'others', it should also be able to connect via 'group', so if it isn't, you need to check various things:

Is the share actually mounted
How is it being mounted ?
Did you make Z1 a Samba user with 'smbpasswd -a Z1' (you would have to run this with root or sudo)
What are the permissions on /media and /media/pi ?

Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Re: Sharing an existing folder using Samba

Thu Mar 21, 2019 10:49 am

Is the share actually mounted

Yes.

How is it being mounted ?

Was mounted automatically when I plugged into the USB port.

Did you make Z1 a Samba user with 'smbpasswd -a Z1' (you would have to run this with root or sudo)

Yes.

What are the permissions on /media and /media/pi ?

drwxr-xr-x 3 root root 4096 Mar 11 11:16 media

drwxr-x---+ 5 root root 4096 Mar 21 10:42 pi

hortimech
Posts: 295
Joined: Wed Apr 08, 2015 5:52 pm

Re: Sharing an existing folder using Samba

Thu Mar 21, 2019 11:12 am

Hmm, you have this:

drwxr-x---+ 5 root root 4096 Mar 21 10:42 pi

This means that only root can read, write and enter the 'pi' directory, members of the root group can read and enter the 'pi' directory, 'others' are denied any access, but this isn't the full picture. If you examine the permissions, you will notice a '+' sign at the end of the permissions, this means that there are extended ACL's set on the share, they are possibly the same as the Unix permissions, but they could be different. To see these extended, you need to use 'getfacl'

getfacl /media/pi

mikerr
Posts: 2770
Joined: Thu Jan 12, 2012 12:46 pm
Location: UK
Contact: Website

Re: Sharing an existing folder using Samba

Thu Mar 21, 2019 11:57 am

jamesh wrote:I'd be happy to accept a pull request on changes to the docs in this area.
hortimech wrote:And I would be quite willing to totally rewrite your Samba page, just not on git-hub, we left there and went to git-lab.

I am a member of the Samba team and I have been trying, for some time, to point out to the Rpi team that their Samba page isn't correct and all I get is 'use git-hub'. I will not use git-hub, well not after Microsoft bought it.
Opposed to github on principle ?
I just submitted a pull request to the Rpi docs to get it fixed, assuming the share was meant to be fully public (guest ok).
Android app - Raspi Card Imager - download and image SD cards - No PC required !

Thoughtfission
Posts: 13
Joined: Wed Mar 13, 2019 3:07 pm

Re: Sharing an existing folder using Samba

Thu Mar 21, 2019 3:07 pm

hortimech wrote:
Thu Mar 21, 2019 11:12 am
Hmm, you have this:

drwxr-x---+ 5 root root 4096 Mar 21 10:42 pi

This means that only root can read, write and enter the 'pi' directory, members of the root group can read and enter the 'pi' directory, 'others' are denied any access, but this isn't the full picture. If you examine the permissions, you will notice a '+' sign at the end of the permissions, this means that there are extended ACL's set on the share, they are possibly the same as the Unix permissions, but they could be different. To see these extended, you need to use 'getfacl'

getfacl /media/pi
Hi. Everything is fine now. I needed to install ACL (sudo apt-get install acl) then use setfacl -Rbn on /media/pi to get rid of the ACL permissions. Everything seems to be working now. I wish I could say how those ACL permissions were set in the first place. I have no idea. Maybe something I did in Webmin? Who knows.

Thank you so much for your patience and guidance. It really is appreciated.

Return to “Beginners”