Monday, August 27, 2012

Home Server Setup - The Second

Last year i bought a sweet small cube that should be my new home server, running with linux, to do all the stuff I want to do at home. This post will be about the second setup of this server. The first installation was my first "Linux server experience". As I was a little bit frightened to fail on the command line I installed a desktop edition of ubuntu. A friend who introduced me into the Linux world always said: "A server with a GUI actually isn't a real server!". Of course! But I felt good with that and now as I got some experience with Linux on my server I am sure that I will make the whole "command line server thing" - so I'm using the Ubuntu Server edition.

The original reason for this post is the setup of the server relating to sharing media files with serveral users in the home network. As I had to discover there were still some problems on which I had to spend much time to solve them. So to give it a name: I wan't to tell about Samba and further file administration problems.

Before I can start with the linux specific stuff, I will explain the environment and the conditions in my home network. There are actually only two users: me and another one. I have, as one can imagine, a Linux machine and he (the other one) has a Windows machine. Although it doesn't effect the problem directly I have to mention that the other user uses a very well known smartphone of Apple and therefore also iTunes. But this is another problem. The server runs with Linux, too. Both client machines shall have access to shared directories on the server, for instance for:
  • music
  • videos
  • pictures
  • documents
  • backups.

That is to say, we both use the same media directories with different programmes from different platforms.

Now to the server side. The media data to share is stored on a RAID 1 array mounted at /media/data owned by the root user. The first steps to take are about creating the directories you wan't to share.

sudo mkdir /media/data/music
sudo mkdir /media/data/videos
... (also for the other directories)

The next step is to set up the users and groups that will be allowed to access shared media data. In this setup I will create the users user1 and user2, and the group share_media. Every user in this group shall get access to the data.

sudo groupadd share_media (create the group)

sudo adduser user1
sudo usermod -a -G share_media user1
... repeat the procedure for user2

At the moment the directory /media/data still is owned by the user root and the group root. To let the subdirectories be accessed by users of the created group, the directories have to be assigned the group share_media.

sudo chgrp -R share_media /media/data/*

This assigns the group to all children of /media/data. In my case the directory lost+found is also a child which should be owned by the root user. In this case you should replace * by the special sub directory name.
Now the time is right for installing Samba, a server that enables Linux to share files or directories with other Windows, MAC OS or Linux machines.

sudo apt-get install samba

For configuring Samba you have to open the configuration file /etc/samba/smb.conf in your favourite editor. I do it with vim. How vim works you can see here Because the owner is root you have to prepend sudo again.

sudo vim /etc/samba/smb.conf

Typically many debian (the ancestor system of Ubuntu) configuration files consist of
  • comments marked by the sign "#"
  • sections surrounded by square brackets, example: [section name]
  • settings in the form of: key = value
Then you append your declaration for your shared directories at the end of this file. You may give some comments before that. You do this analogously for the other shared directories.

[Shared Music]
comment = A shared directory for music on the server.
path = /media/data/music
writeable = yes
browseable = yes
guest ok = no
valid users = @share_media
create mask = 0775
directory mask = 0775

Actually the last two lines were the most difficult thing costing me much time to figure out that I had to set these lines. The explanation for this comes a bit later when I talk about file permissions. Although we already have set unix passwords for our users we still must set up users and passwords for Samba. You do it like the following line shows.

sudo smbpasswd -a user1 (then type in the password for user1 again)
... repeat it for user2

Now you can restart the Samba server to get the changes applied.

sudo service smbd restart

When you try to access the shared directory from another machine in the network you should be promted to type in your user name and password. Actually without the mentioned second lines in the Samba share configuration you would only be able to read the shared directories. So now I will explain what these lines are about.

The typical umask (see for understanding the term) is 0022 (or shorter 022). This means when directories are created the default permissions are rwxr-xr-x. So the owner (first 3 signs) is able to read, write and execute (when it is a directory the x means you can access it). Users in the same group (second 3 signs)  and other users (last 3 signs) are only allowed to read and to execute.
For the shared directory this would mean: When user1 creates a sub directory, user2 is not allowed to write in that directory (create files). This is not the way that I need it. So I had to define an other mask for Samba. The mask system used in smb.conf is another one than umask. There you still have 4 positions with numbers but each number is the sum of the 3 granted rights:
  1. read with number 4
  2. write with number 2
  3. execute / access with number 1.
So e.g. 7 means 4 + 2 + 1 (everything allowed) and 5 means 4 + 1 (read and execute). The line (0)775 means then analogous in the symbolic representation of permissions rwxrwxr-x.

Until now you have declared how Samba should handle the share and modification operations (rwx). But the shared directories still have the default permission values. These have to be set now.

sudo chmod -R g+rws /media/data/* (take care for lost+found explained above)

That's it. Now you should be able to create, modifiy and delete directories and files with different users from different systems.

No comments:

Post a Comment