EDIT: This has been solved!! This link has the full post, but basically you need to ensure SELinux flags are set for every file, and this won’t happen to new files added. I have appended the SELinux option as a context entry to my fstab and now every file shows!
So right off the bat, I understand that NFS is dependent on UID matching. What I can’t find is a guide to setting this up that isn’t either:
- Make all nfs media accessible by all, or
- Use advanced permissions that seem(?) reliant on professional server authentication that I can’t wrap my head around
(I guess I need to take some Linux classes?)I would happily work with anyone willing to help me understand how to make this work though.
As for Samba: Well it seemed like I had everything set up well enough. I can login with each of the three users just fine. All files and folders have 02777 permissions with correct ownership. This was set after initially using just 777, and a troubleshooting answer on a Stack Exchange-like site advised 02777. However, files that I added shortly after setting up Samba and getting it running are simply not showing in client systems. And crucially, this is even the case on machines that logged in the first time after the file changes, ruling out the potential for bad client-side caching. Is there a server-side caching I’m not aware of?
I can run chmod -R 02777 *
all day til the cows come home for the entire drive that’s being shared (under /mnt/4tb, yes this is related to my previous thread on reddit r/linuxadmin). But no matter how I run it alongside restarting samba (sudo systemctl restart smb
), it still won’t show those newer files. Testparm succeeds, no errors in the config. FWIW, I printed the config below
[global]
workgroup = SAMBA
security = user
unix extensions = no
server string = Ravens Hoard
passdb backend = tdbsam
inherit permissions = yes
printing = cups
printcap name = cups
load printers = yes
cups options = raw
# Install samba-usershares package for support
include = /etc/samba/usershares.conf
[gen-media]
comment = General Media Repository
path = /mnt/4tb/general
writeable = yes
browseable = yes
public = no
create mask = 0644
directory mask = 0755
valid users = user4, user2, user1
force user = user4
[intake]
comment = Intake Directory
path = /mnt/4tb/intake
read only = no
writeable = yes
browseable = yes
public = no
create mask = 0644
directory mask = 0755
valid users = user1
[user1]
comment = Share for user1
path = /mnt/4tb/user1
read only = no
writeable = yes
browseable = yes
public = no
create mask = 0664
force create mode = 0664
directory mask = 02755
force directory mode = 02755
valid users = user1
[user2]
comment = Share for user2
path = /mnt/4tb/user2
read only = no
writeable = yes
browseable = yes
public = no
create mask = 0644
directory mask = 0755
valid users = user2
[user3]
Comment = Share for user3
path = /mnt/4tb/user3
read only = no
writeable = yes
browseable = yes
public = no
create mask = 0644
directory mask = 0755
valid users = user1, user3
force user = user3
Lastly in my explorations on file sharing, is SFTP/SSH-based file sharing. But with this, I don’t know of a way for Windows clients to mount the share transparently. Is this possible? Or would the Windows client be stuck with using 3rd party software like WinSCP?
FWIW, The idea of this is that the shares can be read and written to by Android through Solid Explorer, Android TV using Kodi, and Windows 10. It would have 3 users and 4 shares, as can be seen in the samba config. Any help towards getting one of these methods working for this purpose would be very much appreciated.
Hmm… Some initial questions to help with debugging:
Thanks for responding!
So I don’t know what file access logs I should look at. All the samba logs have essentially had nothing at all in them except for variations on
[2023/09/28 23:50:31, 0] ../../source3/rpc_server/rpc_worker.c:1125(rpc_worker_main) rpcd_winreg version 4.18.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2023
so it doesn’t seem like they’re going to be of any help here…
The new files do show and launch on the server itself just fine.
Stopping samba does produce the expected timeout errors on clients
Renamed file does show as renamed. Bonus, a new file I created on the server from context menu “New text file” entry does also show on clients
Server is running on Fedora Linux 38
Hmm… so what’s different about the files that don’t show up? If we can figure that out, that may point to the solution… Were they created in a notably different way (e.g. uploaded from a client)? Are they symlinked into the directory? Are they named in a notably different way? Very different in size? You’ve said you’ve already checked file permissions, but what about the actual owner/group – are they the same as the files that do show up?
Is SELinux (or some other security software) running and doing something weird maybe? For Fedora, I think there would be a log entry at
/var/log/audit/audit.log
if something is getting blocked due to a security policy, but I don’t run Fedora personally.Turns out, yes it was. For Samba shares, SELinux requires every file to have the
sudo semanage fcontext --add --type "samba_share_t"
command run on it. And of course, the new files wouldn’t have had this like the ones that were present when I was setting up Samba…I expanded my search to making a post on the Fedora forums, where an @/glb pointed out that fact, and thankfully was able to also state that adding it to fstab for the drive will automate that process at boot. So the issue is now solved, thanks to glb over here: https://discussion.fedoraproject.org/t/file-sharing-woes-samba-nfs-sftp/91112/13