Hi all,
I may have created an unexpected situation, but from my point of view it's normal.
I want to have 2 differents access to the same content (huge) like videos.
So i need 2 flexshares :
So I've used bind mount this way :
which works fine :
The flexshare configuration (flexshare.conf) is OK :
BUT, I can only connect to only one share. I'm being rejected when connecting to the other share. I need to restart smb service in order to log again and get access to the second share.
So I can get only access to films or divx share but not both.
What I expected was to get acces to both :
<ul>
films : Read-Write
divx : Read-Only
</ul>
What did I miss ? Is it possible ?
Thanks in advance for your help.
I may have created an unexpected situation, but from my point of view it's normal.
I want to have 2 differents access to the same content (huge) like videos.
So i need 2 flexshares :
- first Read-Write for me only
- second Read-Only for every one logged
So I've used bind mount this way :
#Disques LVM
/dev/WD_Group/Store /store/lv_store ext4 defaults 1 3
# Bind Mount : Store
/store/lv_store/divx /var/flexshare/shares/films none bind,rw 0 0
# Read-Only
/store/lv_store/divx /var/flexshare/shares/divx none bind,rw 0 0
/store/lv_store/divx /var/flexshare/shares/divx none remount,ro,bind 0 0
which works fine :
[root@home store]# cat /proc/mounts | grep tor
/dev/mapper/WD_Group-Store /var/flexshare/shares/films ext4 rw,relatime,data=ordered 0 0
/dev/mapper/WD_Group-Store /var/flexshare/shares/divx ext4 ro,relatime,data=ordered 0 0
The flexshare configuration (flexshare.conf) is OK :
<Share divx>
FileEnabled=1
FileAuditLog=0
FileRecycleBin=0
FilePermission=1
FileBrowseable=1
FileModified=1457711031
FileComment=Films Read Only
ShareSystemPermissions=0770
ShareDescription=Films Read Only
ShareGroup=maison
ShareCreated=1457711013
ShareModified=1457711013
ShareEnabled=1
ShareDir=/var/flexshare/shares/divx
ShareInternal=
</Share>
<Share films>
FileEnabled=1
FileAuditLog=0
FileRecycleBin=0
FilePermission=4
FileBrowseable=1
FileModified=1457711072
FileComment=Mes films
ShareSystemPermissions=0770
ShareDescription=Mes films
ShareGroup=moi
ShareCreated=1457711056
ShareModified=1457711056
ShareEnabled=1
ShareDir=/var/flexshare/shares/films
ShareInternal=
</Share>
BUT, I can only connect to only one share. I'm being rejected when connecting to the other share. I need to restart smb service in order to log again and get access to the second share.
So I can get only access to films or divx share but not both.
What I expected was to get acces to both :
<ul>
films : Read-Write
divx : Read-Only
</ul>
What did I miss ? Is it possible ?
Thanks in advance for your help.
Share this post:
Responses (12)
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Hi,
I agree but this is true for the file /etc/samba/flexshare.conf
[divx]
path = /var/flexshare/shares/divx
comment = Films Read Only
browseable = Yes
guest ok = No
directory mask = 0775
create mask = 0664
valid users = @"%D\maison", @maison
veto files = /.flexshare*/
The file i'm talking of is : /etc/clearos/flexshare.conf
<Share divx>
FileEnabled=1
FileAuditLog=0
FileRecycleBin=0
FilePermission=1
FileBrowseable=1
FileModified=1499954487
FileComment=Films Read Only
ShareSystemPermissions=0770
ShareDescription=Films Read Only
ShareGroup=maison
ShareCreated=1457711013
ShareModified=1457711013
ShareEnabled=1
ShareDir=/var/flexshare/shares/divx
ShareInternal=
</Share>
The only thing I change is ShareDir=/var/flexshare/shares/divx to ShareDir=/var/flexshare/shares/films
This field is not editable on webconfig and is based on flexshare name "divx" and is build at flexshare creation.
I've used webconfig to change the flexshare and every thing is fine.
But you're right in the future it might change that's why I suggested to : Remove /var/flexshare/shares/New flexshare in order to prevent samba flexshare to works if config returns to the original folder..
I hope it a little bit clearer ? -
Accepted Answer
Taryck BENSIALI wrote:
I'm afraid that is quite dangerous. Unless something has changed recently, every time you make any change to any flexshare definition in the Webconfig, the file is rewritten and it will remove you manual edits. This is why I pulled the new share out into a separate file.
A better workaround was to :
- Create a new Flexshare :
- Edit /etc/clearos/flexshare.conf to change ShareDir=/var/flexshare/shares/ New flexshare to existing flexshare (to set as read only)
- Remove /var/flexshare/shares/ New flexshare
With that I do not need to edit smb.conf - Create a new Flexshare :
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
I did not fully test. You can't do it directly through the flexshare system. What you can do is clone the flexshare definition into another file, say /etc/samba/myshares.conf and just change the relevant bits. Add a line to /etc/samba/smb.conf which says "include = /etc/samba/myshares.conf" and restart samba. I add my line directly below the "include = /etc/samba/flexshare.conf" line. The webconfig will leave this definition alone.
It won't get round your other issue of o/s level read only control. -
Accepted Answer
Well, 1st reason is that I don't know how to make 2 flexshare shares point to the same location without bind mount. May I use symbolic link ?
2nd I want to ensure at OS level that Read only is ensure because I'll connect some sync tools like google photo sync that is not well documented and might want to delete file.
On a read only mount point even if you are root you can't delete, modify files....
If byCan you not define the share "divx" exactly the same as the share "films" except that you make the divx share read only and change the sharegroup through the webconfig?
you meansEven if I mount (bind) RW it's KO.
, if i've not understood well then it's should be 1st reason :-) -
Accepted Answer
Can I ask why you are trying to configure the flexshares like this? Can you not define the share "divx" exactly the same as the share "films" except that you make the divx share read only and change the sharegroup through the webconfig? There is no need for bind mounts or anything like that. -
Accepted Answer
After incresing the log level to 99 I get this clue :
[2017/07/12 01:40:01.084967, 5, pid=12089, effective(2000, 63000), real(2000, 0)] ../source3/smbd/filename.c:867(unix_convert)
New file desktop.ini
[2017/07/12 01:40:01.084995, 8, pid=12089, effective(2000, 63000), real(2000, 0)] ../source3/lib/util.c:1001(is_in_path)
is_in_path: desktop.ini
[2017/07/12 01:40:01.085025, 8, pid=12089, effective(2000, 63000), real(2000, 0)] ../source3/lib/util.c:1025(is_in_path)
is_in_path: match not found
[2017/07/12 01:40:01.085053, 10, pid=12089, effective(2000, 63000), real(2000, 0), class=vfs] ../source3/smbd/vfs.c:1160(check_reduced_name)
check_reduced_name: check_reduced_name [desktop.ini] [/var/flexshare/shares/films]
[2017/07/12 01:40:01.085095, 10, pid=12089, effective(2000, 63000), real(2000, 0), class=vfs] ../source3/smbd/vfs.c:1220(check_reduced_name)
check_reduced_name realpath [desktop.ini] -> [/var/flexshare/shares/divx/desktop.ini]
[2017/07/12 01:40:01.085125, 2, pid=12089, effective(2000, 63000), real(2000, 0), class=vfs] ../source3/smbd/vfs.c:1265(check_reduced_name)
check_reduced_name: Bad access attempt: desktop.ini is a symlink outside the share path
conn_rootdir =/var/flexshare/shares/films
resolved_name=/var/flexshare/shares/divx/desktop.ini
[2017/07/12 01:40:01.085172, 5, pid=12089, effective(2000, 63000), real(2000, 0)] ../source3/smbd/filename.c:1073(check_name)
check_name: name desktop.ini failed with NT_STATUS_ACCESS_DENIED
[2017/07/12 01:40:01.085219, 3, pid=12089, effective(2000, 63000), real(2000, 0)] ../source3/smbd/filename.c:1426(filename_convert_internal)
filename_convert_internal: check_name failed for name desktop.ini with NT_STATUS_ACCESS_DENIED
[2017/07/12 01:40:01.085255, 50, pid=12089, effective(2000, 63000), real(2000, 0), class=tevent] ../lib/util/tevent_debug.c:66(samba_tevent_debug)
s3_tevent: Schedule immediate event "tevent_req_trigger": 0x7f2982d1f630
[2017/07/12 01:40:01.085288, 50, pid=12089, effective(2000, 63000), real(2000, 0), class=tevent] ../lib/util/tevent_debug.c:66(samba_tevent_debug)
s3_tevent: Cancel immediate event 0x7f2982d1f630 "tevent_req_trigger"
[2017/07/12 01:40:01.085319, 3, pid=12089, effective(2000, 63000), real(2000, 0)] ../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_create.c:293
[2017/07/12 01:40:01.085352, 10, pid=12089, effective(2000, 63000), real(2000, 0)] ../source3/smbd/smb2_server.c:2989(smbd_smb2_request_done_ex)
smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:3146
desktop.ini file seams to be dynamicaly created.. twice :
check_reduced_name: check_reduced_name [desktop.ini] [/var/flexshare/shares/films]
check_reduced_name realpath [desktop.ini] -> [/var/flexshare/shares/divx/desktop.ini]
check_reduced_name: Bad access attempt: desktop.ini is a symlink outside the share path
conn_rootdir =/var/flexshare/shares/films
resolved_name=/var/flexshare/shares/divx/desktop.ini -
Accepted Answer
smb log file do not provide anything interesting information.
when I remove the bind mount RO :
umount /var/flexshare/shares/divx
it's OK.
Even if I mount (bind) RW it's KO.
For windows point of view, when I connect to 2 differents share it's like there is only ONE and unique share and I'm prevented to login.
This is the same on shell :
[root@home raid]# smbclient //ClearOS/divx -U taryck
WARNING: The "syslog" option is deprecated
Enter taryck's password:
krb5_init_context failed (Invalid argument)
smb_krb5_context_init_basic failed (Invalid argument)
Domain=[HOME] OS=[Windows 6.1] Server=[Samba 4.4.4]
tree connect failed: NT_STATUS_ACCESS_DENIED
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »