Xaero Posted January 26, 2020 Share Posted January 26, 2020 (edited) If I want to add some options to the shares created by unraid, do I just use [share-name] and then put the additional delegations underneath? What I'm trying to accomplish is using "hosts allow" and "hosts deny" to allow and deny access to certain shares for Wireguard clients using ip addresses (since all wireguard clients in my case are static IPs) If I can use SMB Extra Settings in this manner then that solves the problem without needing extra legwork. I was thinking about submitting a feature request, but it may be kind of a niche case. Edit: I ended up testing this, it works exactly as I anticipated. If I add an entry like so: [ShareName] hosts allow = <Wireguard ClientIP> That client can see that share. If I add an entry like so: [ShareName] hosts deny = <WireGuard ClientIP> That client can no longer see that share. This modfies existing settings set by unraid automatically. This was wrong. And just makes the shares completely unavailable, because there is no path defined for them. Edited January 26, 2020 by Xaero Quote Link to comment
Xaero Posted January 26, 2020 Author Share Posted January 26, 2020 (edited) So, I did a little bit of testing (see my edits above) and found that instead of it overriding the auto config from unraid, it ends up disabling the shares all-together. Executing `testparm` reveals the reason: WARNING: No path in service Backups - making it unavailable! NOTE: Service Backups is flagged unavailable. WARNING: No path in service Games - making it unavailable! NOTE: Service Games is flagged unavailable. WARNING: No path in service isos - making it unavailable! NOTE: Service isos is flagged unavailable. WARNING: No path in service Software - making it unavailable! NOTE: Service Software is flagged unavailable. WARNING: No path in service Video - making it unavailable! NOTE: Service Video is flagged unavailable. *snip* Wait, I know there's paths because Unraid generates these entries by default. What's happening here?! So I took a look at /etc/samba/smb.conf: /etc/samba/smb.conf [global] # configurable identification include = /etc/samba/smb-names.conf # log stuff only to syslog log level = 0 syslog = 0 syslog only = Yes # we don't do printers show add printer wizard = No disable spoolss = Yes load printers = No printing = bsd printcap name = /dev/null # misc. invalid users = root unix extensions = No wide links = Yes use sendfile = Yes aio read size = 0 aio write size = 4096 allocation roundup size = 4096 # ease upgrades from Samba 3.6 acl allow execute always = Yes # permit NTLMv1 authentication ntlm auth = Yes # hook for user-defined samba config include = /boot/config/smb-extra.conf # auto-configured shares include = /etc/samba/smb-shares.conf And I see that the smb-extra is loaded before smb-shares This means that I can't apply any advanced configuration to shares. Is this intentional, @limetech? Edited January 26, 2020 by Xaero 1 Quote Link to comment
Frank1940 Posted January 26, 2020 Share Posted January 26, 2020 (edited) I actually noticed this several years ago but never raised it up as an issue as I did not have a valid reason for doing so. My personal opinion is that the include = /boot/config/smb-extra.conf statement should be the last item executed in the smb.conf file as it should be the user's option to be able include in it exactly what is required to modify and tailor the SMB system to function as he wants and needs. Perhaps, this should really be a bug request... Edited January 26, 2020 by Frank1940 Quote Link to comment
Xaero Posted January 27, 2020 Author Share Posted January 27, 2020 21 hours ago, Frank1940 said: I actually noticed this several years ago but never raised it up as an issue as I did not have a valid reason for doing so. My personal opinion is that the include = /boot/config/smb-extra.conf statement should be the last item executed in the smb.conf file as it should be the user's option to be able include in it exactly what is required to modify and tailor the SMB system to function as he wants and needs. Perhaps, this should really be a bug request... I think so, I'll open one when I'm able to with proper documentation of what is wrong, why it happens, and how changing the order fixes it. It may be that this is intentional, but there should still be a way to override the basic functionality without making such changes. I did switch the order on my system, and it is working properly with the order switched. I was also able to add a feature I think unraid should have as an option: access based shares enum = yes This makes it so that if the user access the samba directory listing, they only see the shares they have access to. Even with smbtree. So for example, I have the appdata, system shares as browseable=yes,and private with only my user for any access. I then also added allow hosts=192.168.1. As a result of this, if I am NOT at home, and try to access my server - those shares aren't available, or listed (which is good, because I can't screw anything up remotely.) Similarly, if I connect as any other user - they aren't even present. Results in a very polished experience for other clients as well - they only see the folders they need, rather than a bunch of folders they don't have permission to view. Quote Link to comment
Frank1940 Posted January 27, 2020 Share Posted January 27, 2020 It should be a simple change. Unless there is some reason that I can't think of as to why @limetech made a decision not to put the smb-extra.conf file as the end of the file which is the normal smb.conf configuration. You certainly have a valid reason for wanting it there! Quote Link to comment
limetech Posted January 27, 2020 Share Posted January 27, 2020 One way to accomplish this: You can put your changes in some other file, call it config/my-extra-settings.conf Then put something like this in your 'go' file: cat /boot/config/my-extra-settings.conf >>/etc/samba/smb.conf Quote Link to comment
Xaero Posted January 27, 2020 Author Share Posted January 27, 2020 Not a bad idea for a workaround. Quote Link to comment
limetech Posted January 28, 2020 Share Posted January 28, 2020 42 minutes ago, Xaero said: Not a bad idea for a workaround. There are other things you can do, for example, create a config/shares/<sharename>.conf file and then in your 'go' file set up a loop over config/shares/*.conf cat'ing them to end of smb.conf. A little more general perhaps. Quote Link to comment
Xaero Posted January 28, 2020 Author Share Posted January 28, 2020 Indeed, I'm thinking I'll add echo "include = /boot/config/smb-override.conf" >> /etc/samba/smb.conf In `go` for the sake of brevity in the conf file. Depending on how complicated my needs get, that may become a reality though. Quote Link to comment
Marshalleq Posted January 28, 2020 Share Posted January 28, 2020 You can also not use the impacted shares in the shares part of the unraid gui and just write a full samba share config for each individual one you need extra options for in the samba settings section of the gui. I do that for zfs. Sent from my iPhone using Tapatalk Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.