PicPoc Posted September 17, 2021 Share Posted September 17, 2021 Hello, I have a problem with the access rights of the USB key via Samba. I tried several settings in vain. I put the sharing privately, selected the rights of the read / writing user, it did not work, I am ironing guest and always impossible to write on the volume. Strange thing: if I slide a file into the mounted volume, it's but the file makes 0 kb ... I can still erase it. Have you ever had this problem? I tested and met the same problem on two different keys. On another test configuration I have this problem. It's impossible for me to know what difference there is since with the same CA adjustments works! Thanks in advance. Quote Link to comment
Frank1940 Posted September 17, 2021 Share Posted September 17, 2021 Open a terminal session and look at your flash drive. You do this with the following command: ls -al /boot IF you look, you should see that the owner of everything on the boot drive is now root and the owner is the only one who has read/write permission. Furthermore, root is not allowed as a SMB user. ( root is not allow to be a samba user in Unraid.) You can see this by looking at the following file: cat /etc/samba/smb.conf Quote Link to comment
itimpi Posted September 18, 2021 Share Posted September 18, 2021 I never have any problems accessing the contents of the flash drive over the network so there has to be some other factor at play. Quote Link to comment
Frank1940 Posted September 18, 2021 Share Posted September 18, 2021 3 minutes ago, itimpi said: I never have any problems accessing the contents of the flash drive over the network so there has to be some other factor at play. Are you seeing this: I seem to recall reading the LimeTech was restricting access to the Flash Drive for security reasons. (This is screen shot of the file listing of the boot drive using version 6.9.2.) Quote Link to comment
itimpi Posted September 18, 2021 Share Posted September 18, 2021 5 minutes ago, Frank1940 said: Are you seeing this: I seem to recall reading the LimeTech was restricting access to the Flash Drive for security reasons. (This is screen shot of the file listing of the boot drive using version 6.9.2.) Obviously when accessing over the network via a SMB share I do not see the owner/permissions but I do see all the files and have read/write access. This is probably because being FAT32 there is not full support for linux permissions. the big security change was to stop any file on the flash drive being allowed to have ‘execute’ permission. The other change was that the flash drive no longer defaults to being shared on the network. Quote Link to comment
Frank1940 Posted September 18, 2021 Share Posted September 18, 2021 (edited) @itimpi, You are correct. I just checked on my Flash Drive Share settings. It is set to 'Private' and I have set the login for my Samba User to have 'Read Only' access. Thinking about it now, I can remember thinking that have 'Read-Write' access to the Flash Drive did not seem like a good idea when looking at it from a security stand point. Very seldom have I ever required write access to the Flash Drive via Windows Explorer. (In fact, as I now recall, I only set up the read access because of occasionally needing to be able to look at the Flash Drive and its contents while helping out other folks on the Forum!) Edited September 18, 2021 by Frank1940 Quote Link to comment
PicPoc Posted September 20, 2021 Author Share Posted September 20, 2021 (edited) Hi guys ! Thanks for the answers. I use Flash accès by Samba only for testing, for simplicity before using server on prod. Here is my files : # ls -al /boot total 822960 drwx------ 10 root root 4096 Jan 1 1970 ./ drwxr-xr-x 20 root root 420 Sep 20 11:55 ../ drwx------ 3 root root 4096 Aug 24 01:23 EFI/ -rw------- 1 root root 20738048 Aug 24 01:23 bzfirmware -rw------- 1 root root 65 Aug 24 01:23 bzfirmware.sha256 -rw------- 1 root root 4818656 Aug 24 01:23 bzimage -rw------- 1 root root 65 Aug 24 01:23 bzimage.sha256 -rw------- 1 root root 12562432 Aug 24 01:23 bzmodules -rw------- 1 root root 65 Aug 24 01:23 bzmodules.sha256 -rw------- 1 root root 731411968 Aug 24 01:25 bzroot -rw------- 1 root root 72698620 Aug 24 01:25 bzroot-gui -rw------- 1 root root 65 Aug 24 01:25 bzroot-gui.sha256 -rw------- 1 root root 65 Aug 24 01:25 bzroot.sha256 -rw------- 1 root root 19276 Aug 24 01:25 changes.txt drwx------ 10 root root 4096 Sep 20 11:55 config/ -rw------- 1 root root 7972 Aug 24 01:25 license.txt drwx------ 2 root root 4096 Aug 24 20:08 logs/ -rw------- 1 root root 1760 Aug 24 01:25 make_bootable.bat -rw------- 1 root root 3291 Aug 24 01:25 make_bootable_linux -rw------- 1 root root 2428 Aug 24 01:25 make_bootable_mac -rw------- 1 root root 150024 Aug 24 01:25 memtest drwx------ 2 root root 4096 Aug 24 01:23 syslinux/ # cat /etc/samba/smb.conf [global] # configurable identification include = /etc/samba/smb-names.conf # log stuff only to syslog logging = syslog@0 # we don't do printers show add printer wizard = No disable spoolss = Yes load printers = No printing = bsd printcap name = /dev/null # disable aio by default aio read size = 0 aio write size = 0 # misc. invalid users = root unix extensions = No wide links = Yes use sendfile = Yes # ease upgrades from Samba 3.6 acl allow execute always = Yes # permit NTLMv1 authentication ntlm auth = Yes # hook for user-defined samba config include = /boot/config/smb-extra.conf # auto-configured shares include = /etc/samba/smb-shares.conf Don't know why, i can't read/write on flash... Edited September 23, 2021 by PicPoc Quote Link to comment
trurl Posted September 20, 2021 Share Posted September 20, 2021 Can you see flash over the network? Quote Link to comment
PicPoc Posted September 20, 2021 Author Share Posted September 20, 2021 5 minutes ago, trurl said: Can you see flash over the network? Yes Quote Link to comment
Frank1940 Posted September 20, 2021 Share Posted September 20, 2021 There is a plugin called Config File Editor which will allow you to edit/view any of the configuration files on the Flash Drive as it has them all listed in a dropdown. (It will also allow you to edit any file on the Server file system but that is a bit more complex as you have to know where the file is in order to be able to navigate to it. NOTE: Any edit to one of the server files will only last until the server is rebooted!!!) It installs under the Tools tab and has the advantage that is only accessible to someone who has GUI/root access. Might this plugin serve your purpose? Quote Link to comment
trurl Posted September 20, 2021 Share Posted September 20, 2021 What are your SMB Security Settings for flash? Quote Link to comment
PicPoc Posted September 20, 2021 Author Share Posted September 20, 2021 Thanks, but I know Config File Editor. Basically, sharing allows you to quickly drag script files and other additions. Thanks for the suggestion, but I actually tested this plugin. Well, I found the problem : It comes from a setting about Time Machine for Macs. To solve the problem, you must deactivate the function in the Samba preferences: On Settings/SMB "Enhanced macOS interoperability:" set to "No" If we need this feature, we will give it back later. I do not see any other solution for the moment. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.