How I Enabled Sharing of a directory via Samba in Nautilus

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read this

How I Enabled Sharing of a directory via Samba in Nautilus

Postby psych1610 on Thu Feb 10, 2011 1:00 am

This brief how to should assist a user with enabling sharing of a directory in that users home using the right click menu, properties, and share. As with anything, this worked for me but may not work for you. There is also probably a more secure way of doing what you want, but in a home setting, on a desktop, where you trust the people in your network it works fine for me. It will be up to the individual user to decide whether it will work in their specific situation.

In Ubuntu this worked out of the box, in LMDE I received an error upon clicking "Create Share" that went something like this.

Code: Select all
'net usershare' returned error 255: net usershare: cannot open usershare directory /var/lib/samba/usershares. Error Permission denied
You do not have permission to create a usershare. Ask your administrator to grant you permissions to create a share.


Searching for this error gave multiple hits. The first clue for me was the permission denied error. Someone, somewhere, suggested running Nautilus as root but this didn't seem the right way to go so I hazarded a guess that my user might not have the correct permissions to perform this function.

First, I checked to make sure I actually had the directory mentioned.

Code: Select all
sudo su
should bring you to the root shell.
Code: Select all
 cd /var/lib/samba/usershares/
to make sure it's there. I was not able to do this as a normal user because of permissions issues, hence the need to become root. To drop back down
Code: Select all
 exit


In this bug report: https://answers.launchpad.net/ubuntu/+s ... tion/31818 in the last post (September 2010) a user suggested:
Code: Select all
chown root:sambashare on the /var/lib/samba/usershare
This did not work for me

Since I was trying this as a user I edited it, and in place of root I put my username so that it read
Code: Select all
sudo chown dave:sambashare var/lib/samba/usershare
Replace my username with yours, obviously!

If I understand correctly this sets you as the owner and sambashare as the group of /var/lib/samba/usershare

This needed to be run with root privileges so it might be necessary to add a 'sudo' in front of it for you as it was for me.

Following this step I was able to successfully create the share and view it on my Windows box, however, I was not able to get in as it said I had the wrong password.

To fix this I used 'smbpasswd'. From their man page:
The smbpasswd program has several different functions, depending on
whether it is run by the root user or not. When run as a normal user it
allows the user to change the password used for their SMB sessions on
any machines that store SMB passwords.


Running plain old smbpasswd in terminal asks you for your Old password which, of course, I did not know. Run with the -a switch smbpasswd adds the username to the local smbpasswd file. If the user already exists in that file then the command is treated as a regular request to change the password. Note: this requires sudo in front of it, as I have done, or else it will fail as noted in the man pages.

Code: Select all
sudo smbpasswd -a dave
Again replace my name with your own user name.

Enter your new password twice and you should be all set!

Notes, please read.
Following this I was successfully able to browse my home directory, not just the "Public" directory as I originally requested. I'm unsure of why it didn't. Perhaps (and this is only a guess) Samba had shared my home directory by default and changing the password as we just did above allowed me to access it. The first part of this guide, chowning /var/lib/samba/usershares, may actually be completely unnecessary if you can view your machine in network locations but just cannot access it. As I said though, for me this works perfectly.

I hope this helps someone setup sharing quickly and easily. Tips, suggestions on how to make this more secure or better are of course welcome. I'm no master here by any means, however, this got me up and sharing without breaking anything so I deem it a success!
psych1610
Level 3
Level 3
 
Posts: 152
Joined: Mon Mar 03, 2008 5:12 pm

Linux Mint is funded by ads and donations.
 

Re: How I Enabled Sharing of a directory via Samba in Nautil

Postby cecar on Thu Feb 10, 2011 6:19 am

You have to add yourself to the sambashare group. I think thats the name of the group. Not 100% shure though.
cecar
Level 4
Level 4
 
Posts: 365
Joined: Tue Aug 24, 2010 2:47 am
Location: Stenungsund, Sweden

Re: How I Enabled Sharing of a directory via Samba in Nautil

Postby altair4 on Thu Feb 10, 2011 7:43 am

LMDE does not set up groups by default as Gnome Mint does. Changing /var/lib/samba/usershares to have you as owner will fix the problem for you ( dave ) but the preferred method , as cecar suggested, is to add yourself to the sambashare group. If you look at the permissions on /var/lib/samba/usershares:
drwxrwx--T 2 root sambashare

All you need to do is add every user to the samashare group:
Code: Select all
sudo gpasswd -a dave sambashare

Then logout and login again for the group change to take affect.

Guest access is pretty much disabled in both Nautilus-share and Classic Samba sharing and there are other groups you need to add yourself to in order to have the full functionality in LMDE as you would in Gnome Mint. You might want to look at the "Debian" subsection of this HowTo for those: viewtopic.php?f=42&t=23169&p=315218#p315218
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
altair4
Level 16
Level 16
 
Posts: 6151
Joined: Tue Feb 03, 2009 10:27 am

Re: How I Enabled Sharing of a directory via Samba in Nautil

Postby psych1610 on Thu Feb 10, 2011 12:56 pm

Thanks for the advice! Perhaps this thread might be removed then since there are other, more preferred ways, to do what I accomplished. I wouldn't want to inadvertently steer others in the non-preferred direction. I do love how the same effect can be had two or three different ways though :)

One question though: As it stands, do you think the way I did it would cause problems in the future with permissions or updates? I'm not sure how to revert back to what it was in the past (silly me didn't make a note of it) and since it works I'm tempted to leave it be.
psych1610
Level 3
Level 3
 
Posts: 152
Joined: Mon Mar 03, 2008 5:12 pm

Re: How I Enabled Sharing of a directory via Samba in Nautil

Postby altair4 on Thu Feb 10, 2011 1:17 pm

Good question. Technically root no longer has write access to that directory but root basically has write access to everything anyway. If it were me I'd revert back to the default:
Code: Select all
sudo chown root:sambashare /var/lib/samba/usershares


The real problem if you don't do it by adding users to the sambashare group is if you add any more local users to your box - even if it's only for testing purposes. They won't be able to create a nautilus-share.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
altair4
Level 16
Level 16
 
Posts: 6151
Joined: Tue Feb 03, 2009 10:27 am

Re: How I Enabled Sharing of a directory via Samba in Nautil

Postby psych1610 on Thu Feb 10, 2011 9:03 pm

Hi again, I set the usershare directory back to its default state but I was hesitant about adding the lines

Code: Select all
usershare allow guests=yes


to smb.conf.

Instead, I added the packages suggested as well as added my user to the groups of fuse and sambashare and I was able to share my entire home directory with my Windows 7 laptop. It accepted my password and all. I'm still not 100% sure how a guest would have logged on and I haven't investigated enough to find out.

As of right now everything is working how it should, but, should I want to change it to disallow my entire home directory and just a specific folder is there an easy way to do that? Selecting the folder and sharing it does work but is redundant because it's still in my /home.

To clarify, right now no directories have been marked as being shared using nautilus. Samba automatically seems to want to share my home directory provided I have the username and password. Since I do, that's fine. But no one else should be able to view my home either and I wonder if as a guest they would still be able to instead of just the directory I give them.
psych1610
Level 3
Level 3
 
Posts: 152
Joined: Mon Mar 03, 2008 5:12 pm

Re: How I Enabled Sharing of a directory via Samba in Nautil

Postby altair4 on Fri Feb 11, 2011 9:01 am

You've got a couple of things going on here so let me give this my best shot:

(1) "usershare allow guests = yes"

That statement in smb.conf is not a mandate - it simply enables the ability to use the "Guest Access" box in nautilus-share. You are under no obligation to check it if you don't want to use it. It's just there if later on you want to use it. And it relates to just the target folder you are sharing.

(2)
To clarify, right now no directories have been marked as being shared using nautilus. Samba automatically seems to want to share my home directory provided I have the username and password. Since I do, that's fine. But no one else should be able to view my home either and I wonder if as a guest they would still be able to instead of just the directory I give them.

In stead of how some other distros modify the samba default configuration that is passed to them from the Samba developers, Debian simply passes them through to the final install. Since Samba is a server utility it sets something up by default called [homes]. The Gnome Mint smb.conf has this section commented out but Debian has it enabled. If you do a "testparm -s" you will see a [homes] section that looks something like this:
[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No

You will notice that it has no path specifying what exactly is being shared and that's because it's not a share in the traditional sense but rather a template. It will create a share "on the fly" of the users home directory if the remote client user passes the correct username to the server. If the remote user is a Linux client then he would have to connect to the "share" by explicitly entering his username at the moment of initial contact, for example:
Code: Select all
smb://192.168.0.100/altiar

But in a Windows client there is a 12 year old design flaw in which the Windows client automatically passes the Windows user's actual local login username and password at the moment of initial contact. If there is a match in usernames on both systems then the Linux Samba server will automatically set up a share to that user's Linux home directory. Note that it's to that specific user and no one else. In fact the Windows client user wouldn't even know that another user has a home directory on that server. And a "guest" would not know any of the home directories exist

That all works fine if the Linux box is in fact an actual Samba File Server. But if this is more a peer-to-peer samba server where bob wants to share some directories with sally then this is overkill. If your intent is to share a few folders with others on your LAN and they are using Windows then one way out of this is to disable the [homes] directory by commenting out those lines just as the regular Mint and Ubuntu do:

Edit smb.conf as root and place a # sign in front of all the [homes] related share definition parameters so that it looks like this:
#[homes]
#comment = Home Directories
#valid users = %S
#create mask = 0700
#directory mask = 0700
#browseable = No

Then restart samba:
Code: Select all
sudo service samba restart


I should also note that there are two completely different ways of using Samba to share files: Nautilus-share and Classic-share. The [homes] share represent one of many ways to create Classic Samba shares. It's best not to use both methods on the same target and it's best not to share directories within directories.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
altair4
Level 16
Level 16
 
Posts: 6151
Joined: Tue Feb 03, 2009 10:27 am

Re: How I Enabled Sharing of a directory via Samba in Nautil

Postby hurinth on Sun Feb 12, 2012 3:56 pm

Using LMDE edition, what I had to do was, first go to Users and Groups, then Manage Groups > Sambashare > Properties and then check your user name.

Later, go to /etc/samba/smb.conf, and under the [global] section, add usershare owner only = false

Log out, then log in.
hurinth
Level 1
Level 1
 
Posts: 17
Joined: Sun Feb 12, 2012 3:40 pm

Re: How I Enabled Sharing of a directory via Samba in Nautil

Postby altair4 on Sun Feb 12, 2012 5:17 pm

hurinth wrote:Using LMDE edition, what I had to do was, first go to Users and Groups, then Manage Groups > Sambashare > Properties and then check your user name.

Later, go to /etc/samba/smb.conf, and under the [global] section, add usershare owner only = false

Log out, then log in.

You have to do a whole mess of stuff to get Samba to work on LMDE ( viewtopic.php?f=42&t=23169&p=315218#p315218 ) and I'm really somewhat ambivalent on the use of "usershare owner only = false "

On the one hand why would you want any user on your system to share everything - like another users home directory?

On the other hand it will only work if the folder you are attempting to share that you do not own has permissions of 777. If not it will fail when it tries to change permissions - unless of course you trying to create a read only share. It would be better in my mind to just open a root instance of nautilus ( gksu nautilus ) and share whatever as root.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
altair4
Level 16
Level 16
 
Posts: 6151
Joined: Tue Feb 03, 2009 10:27 am

Re: How I Enabled Sharing of a directory via Samba in Nautil

Postby hurinth on Tue Feb 21, 2012 11:43 pm

On the one hand why would you want any user on your system to share everything - like another users home directory?


If your statement is true (haven't tested that far) then you are right, but then again, Im the king of my computer, no other user accounts in it. And this is the same truth for many people.

On the other hand it will only work if the folder you are attempting to share that you do not own has permissions of 777


Don't user folders come by default as 755? What is the concern above all about then?

Cheers
hurinth
Level 1
Level 1
 
Posts: 17
Joined: Sun Feb 12, 2012 3:40 pm

Re: How I Enabled Sharing of a directory via Samba in Nautil

Postby altair4 on Wed Feb 22, 2012 8:47 am

Nautilus-share does 2 distinct things when it creates a Samba share:

(1) It sets up the share definition itself.
(2) It automatically modifies the Linux permissions on the target shared directory so that it is consistent with the permissions you specified in the share definition.

If you set "usershare owner only = false" and you attempt to share a directory you do not own then it will faithfully fulfill item (1) and create the share but it will ultimately fail when it attempts to do item (2) - unless the folder is already at 777 - because User1 cannot change permissions of a folder owned by User2. Depending on the default Linux permissions of the target directory however, User1 may still be able to create a read-only share of User2's directory.

All in all I don't think it's a good idea to enable "usershare owner only = false" in a multi-user setup. In a single user setup the user will have to go outside of nautilus-share to modify permissions to be consistent with how he set up the share which defeats the usefulness of nautilus-share. That's why I suggested that for folders he does not own the user bring up a root instance of nautilus and create the share there . Then root has authority to modify the underlying Linux permissions as needed.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
altair4
Level 16
Level 16
 
Posts: 6151
Joined: Tue Feb 03, 2009 10:27 am

Linux Mint is funded by ads and donations.
 

Return to Other networking topics

Who is online

Users browsing this forum: No registered users and 1 guest