In order to strengthen security, I’ve created a different username/password to use through Samba and disabled the osmc one; I think I did the right things to make this work with the new user, automount feature does work with the new username/password for the /home/osmc folder.
However for some reason it doesn’t work anymore with my plugged in usb storage devices. The error I’m getting when trying to access it with my Windows laptop is simply “Access denied”. I don’t know if my username/password isn’t recognized or if it’s a matter of linux permissions…
sudo cp /etc/samba/smb.conf /etc/samba/smb-local.conf
sudo nano /etc/samba/smb-local.conf
[Removed the following line]
config file = /etc/samba/smb-local.conf
[Edited the following lines under the [osmc] section and the [automount template] section:]
valid users = mysuser
sudo service samba restart[/quote]
Is there a way to know if it’s a matter of username/password not recognized or a matter of folder permissions ?
Thanks a lot, I think I saw something interesting there:
[quote][2015/07/16 20:11:19.544518, 0] …/source3/smbd/uid.c:153(check_user_share_access)
user myuser connection to SS_USB-MSD_64G denied due to share security descriptor.[/quote]
Do you have any idea how to fix this ?
My samba configuration file is exactly the stock one, except for valid users = myuser
[quote][osmc]
browsable = yes
read only = no
valid users = myuser
path = /home/osmc
comment = OSMC Home Directory
The reason it’s not working with a different username is because the user permissions for the automount shares are not actually set in smb.conf. The automount shares are created dynamically on the fly using the samba ‘net usershare add’ command which is run by udisks-glue when removable disks are detected. This is controlled by /etc/udisks-glue.conf:
You’ll see at the end of the line $(hostname)\osmc:f - this gives the osmc user full read/write access. Anyone else won’t have access.
When I devised the automount share system in RC3 I didn’t consider the use case of trying to set permissions for another user - the problem is that although the [automount template] in smb.conf can be used to provide additional properties for shares created this way, you can’t override the access permissions.
You could edit udisks-glue.conf to change the user permissions for the shares (note that there are multiple copies of the scripts that must all be changed) however updates would overwrite your changes.
Another possible approach is to simply create another share under a slightly different name with your custom user permissions, as I don’t think you can override the existing share in smb.conf.
Thanks a lot DBMandrake for the very detailed answer, for the time being, I plan to mount my main hard drive in /etc/fstab (under /mnt, with the x-systemd.automount and noauto options as instructed).
Since I’m not the only one bothered by the way this is currently handled, would you consider, DBMandrake, making this feature evolve thus allowing every Samba user to benefit from it, and preventing future updates from broking it ?
I don’t know how hard it would be or how many lines of codes it represents, but that’d be SUPER great !
Problem is, I’m not sure of a simple way to do it, or it would have been done already.
The only practical way to add on the fly shares is by using ‘net usershare add’, and when you do that you must provide the usernames and permissions for those shares on the net usershare command line, it can’t be provided or overridden in the smb.conf.
And this is done from udisks-glue, whose conf file is not very user friendly, and not something we can really make user customisable.
What you can do though is if it suits your needs better, is disable the automount shares by changing browseable = yes in the [automount template] section to no, then add a custom smb-shares.conf file that manually adds your desired shares with any permissions you like.
