Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: newburns on January 17, 2012, 08:59:03 PM
-
Good Day to everyone
SME 8b7
Here is my scenario:
I wanted a separate music file that could be accessed by both users and Subsonic. I created a ibay named "globally" and a group named "allinclude"
Everyone by default will be a part of this group
I created symlinks in /var/subsonic/music to a directory I created /rosemedia/audio
Subsonic reads all music just fine from there
I then created that same symlink in /home/e-smith/files/ibays/globally/files/Music
But no one has access to the file Music. Other files located in "globally" ibay is completely accessible by everyone, but not the symlink "Music".
I do not know what log files to look into to report findings. I checked messages, smbd.current, and some others, but none had information regarding accessibility to files.
My ls -l returns
[root@mtrose /]# ls -l
total 125
-rw------- 1 root root 11264 Jan 17 10:05 aquota.group
-rw------- 1 root root 12288 Jan 17 06:34 aquota.user
drwxr-xr-x 2 root root 4096 Jan 11 04:03 bin
drwxr-xr-x 4 root root 1024 Jan 10 07:22 boot
drwxr-xr-x 2 root root 4096 Jan 9 18:45 command
drwxr-xr-x 12 root root 3940 Jan 16 05:10 dev
drwxr-xr-x 88 root root 12288 Jan 17 09:45 etc
drwxr-xr-x 4 root root 4096 Jan 9 18:51 home
drwxr-xr-x 13 root root 4096 Jan 11 04:03 lib
drwx------ 2 root root 16384 Jan 9 18:40 lost+found
drwxr-xr-x 2 root root 4096 May 11 2011 media
drwxr-xr-x 3 root root 4096 Jan 10 22:20 mnt
drwxr-xr-x 7 root root 4096 Nov 28 2008 opt
drwxr-xr-t 3 root root 4096 Mar 30 2008 package
dr-xr-xr-x 235 root root 0 Jan 10 16:04 proc
drwxr-x--- 6 root root 4096 Jan 13 15:15 root
drwxrwxrwx 3 root root 4096 Jan 10 15:52 rosemedia
drwxr-xr-x 3 root root 12288 Jan 11 04:03 sbin
drwxr-xr-x 4 root root 0 Jan 10 16:04 selinux
drwxr-xr-x 2 root root 4096 Jan 10 11:26 service
drwxr-xr-x 2 root root 4096 May 11 2011 srv
drwxr-xr-x 11 root root 0 Jan 10 16:04 sys
drwxrwxrwt 8 root root 4096 Jan 17 10:01 tmp
drwxr-xr-x 16 root root 4096 Jan 10 11:30 usr
drwxr-xr-x 27 root root 4096 Jan 10 11:30 var
and db accounts show globally
globally=ibay
AllowOverride=All
CgiBin=disabled
FollowSymLinks=enabled
Gid=5007
Group=allinclusive
Name=Share for Everyone
PHPBaseDir=/rosemedia/:/tmp/:/usr/:/home/e-smith/files/ibays/globally/:
PasswordSet=no
PublicAccess=none
Uid=5007
UserAccess=wr-group-rd-group
-
A little googling shows up some notes about samba, symlinks, and security problems:
http://www.samba.org/samba/news/symlink_attack.html
This implies that you could solve your problem by customizing /etc/samba/smb.conf to support symbolic links and "wide links", but that this might introduce security issues.
Another option would be to store the actual/real music files in the ibay, then symlink to the ibay location from your other desired access points.
-
If you want the same directory+files to appear in two different places in the directory tree, use a 'bind mount' rather than a symlink.
http://aplawrence.com/Linux/mount_bind.html
-
Thank you Charlie Brady.
I did try placing all the files in the ibay directory and doing a symlink from /var/subsonic/ but Subsonic could not access the files properly. I understand that the symlinks does not work across many directories unless "wide links" is on. However, wide links poses an issue for security purposes.
Does SME 8b7 have "wide links" off by standard?
-
Thank you Charlie Brady.
It sounds to me like you read what I said, and then promptly ignored it. C'est la vie, I suppose.
-
I'm sorry. In my head, I was responding to mmccarn. I did the mount --build immediately when I read it, and it worked without a hitch. Thanks again. I always listen to CharlieBrady!
The mount --build did the trick, but how do you remove a mount --build?
Do I just use a umount?
I know not to do an rm -rf
-
Do I just use a umount?
Yes.
BTW, it's "mount --bind", not "mount --build".
-
I just came across this same issue having just upgraded from SME7 to the SME8 Beta 7. It seems the default for "wide links" in samba changed between the two versions. I too will move from symlink to mount --bind per Charlie's suggestion but does anyone know what affa's default behaviour will be with mount --bind? I'm trying to figure out if I should add "--one-file-system" to the affa parameters.
Currently I have a separate large disk symlinked into my iBay hierarchy.
-
Are you asking if AFFA will follow the mount when backing up your filesystem, or is the mount on the AFFA server?
Also, I wrote this in my /etc/fstab and wanted to be sure it was correct before I did a restart of my system. I lose my mount each restart so and this solution was the only one that seemed available
/dev/main/root / ext3 usrquota,grpquota,acl 1 1
/dev/md1 /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/main/swap swap swap defaults 0 0
/rosemedia/audio/ /home/e-smith/files/ibays/globally/files/Music/ none bind 0 0
Does the spacing affect the fstab? As you can see, everything does not line up
-
Are you asking if AFFA will follow the mount when backing up your filesystem, or is the mount on the AFFA server?
If Affa will follow the mount on the system to be backed up. I don't want to back up the same file system multiple times (ie. the 2 diffrent mount points being seen as 2 distinct hierarchies as opposed to the same one). For now I have excluded this part of my hierarchy explicitly (in affa) until I have time to test out what it does.
Also, I wrote this in my /etc/fstab and wanted to be sure it was correct before I did a restart of my system. I lose my mount each restart so and this solution was the only one that seemed available
/dev/main/root / ext3 usrquota,grpquota,acl 1 1
/dev/md1 /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/main/swap swap swap defaults 0 0
/rosemedia/audio/ /home/e-smith/files/ibays/globally/files/Music/ none bind 0 0
Does the spacing affect the fstab? As you can see, everything does not line up
Alignment is not important. A space is a field delimiter. For bind, the syntax I have been using is
/path1 /path2 bind defaults,bind 0 0
You can use "mount -a" to test your fstab. It will read and execute the fstab and output any errors will be output.
edit: clarifying my first paragraph
-
Just for the record, AFFA follows the mount and backs up the content twice. One for each location. Not sure if there is something we can do about that, but I know I will need to revisit this as the library I am using the mount option for continues to grow.
-
Just for info
PHPSysInfo also follows the mount and shows the total space on your system, along with an additional size for however big the mounted file is (which of course is double what your system's spacing is). Multiple mounts shows my system at 42tb, if only that were true!!! :(
-
newburns
Not sure if there is something we can do about that,
As Christian said: "For now I have excluded this part of my hierarchy explicitly (in affa)".....
To newburns, You need to add the extra mount folder to the Exclude setting in Affa configuration to prevent that being included in the backup, refer to Affa wiki for instructions.
http://wiki.contribs.org/Affa#Job_configuration_properties
-
Wow, mary.
You are just a plethora of knowledge. I didn't think about that at all! Thankyou :lol: