Install Samba
I'm using Manjaro on my desktop. And I want to create a read-only file share to share files with my iPad. I will be logging in as a guest. Here, I install and configure Samba. And I include configuration parameters that make the share compatible with my iPad.
I already created a directory for my file share at /data/fileshare. And I placed a test file in there: weird_fishes.txt
Install
Install Samba Package
sudo pacman -S samba
Write smb.conf
Installing Samba does not include a default configuration file. Here is an example file for my share which is compatible with Apple devices.
sudo pwsh -c "New-Item -Path '/etc/samba/smb.conf' -ItemType File -Force" sudo vim /etc/samba/smb.conf
File Name:
/etc/samba/smb.conf
File Contents:
[global] server role = standalone server log file = /var/log/samba/%m.log map to guest = Bad User load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes show add printer wizard = no vfs objects = fruit streams_xattr #log level = 3 [fileshare] path = /data/fileshare public = yes
Run the testparm command after writing the configuration file to validate the smb.conf syntax.
# basic testparm -s # verbose # Press Enter to load Vim after testparm runs. testparm -v | vim +"set nomodified" -
Start Samba
Enable and start Samba.
sudo systemctl enable --now smb.service
Confirm Directory Permissions
You can check the current permissions of the file share and its parents with namei.
If you save the namei output to a file, you can revert any permission changes you make in the next step or later. There won't be a way to undo changes made with chmod without this information.
namei -l /data/fileshare # Save namei output to a file. namei -l /data/fileshare >> /home/michael/Desktop/namei_output.txt
The guest user (nobody) should have read and execute permissions on the shared folder and execute permission on all parent directories. To accomplish this, you will need to modify the 'other' permissions for each directory. I am not aware of an easy way to do this work in one step. The best way is making changes to individual directories with chmod.
The example below adds the execute permission for 'other' to the /data directory. The execute permission allows Samba to traverse this directory to any child directories: like "fileshare".
chmod o+x /data
Configuring AppArmor
In my case, I also need to configure AppArmor because I'm using Ubuntu Snaps (packages) on my system. AppArmor is a prerequisite for the snapd daemon.
Since I am using a custom share directory--/data/fileshare--I need to tell AppArmor about it. By adding exceptions to my AppArmor policy, the Samba service will be able to access the file share on behalf of connected clients.
- Edit the usr.sbin.smbd file as root.
sudo vim /etc/apparmor.d/local/usr.sbin.smbd
- Add two exceptions for your custom file share.
The contents of my usr.sbin.smbd file are below.
The first exception gives Samba read access to the root of the share.
The second exception gives Samba permission to make changes to subfolders and files.
Remember, these changes fix any problems caused by AppArmor. But Samba will still respect the directory permissions mentioned earlier. So, in AppArmor, it's ok to allow read, write, and other types of necessary permissions. If you want to decode the the AppArmor exceptions shown below, see the File Permissions link at the end of this article.
In both exceptions, I've used the path to my share directory: "/data/fileshare/" You will have to modify the paths in this configuration file to match your share path if it's different than mine.
File Name:
/etc/apparmor.d/local/usr.sbin.smbd
File Contents:
# Site-specific additions and overrides for 'usr.sbin.smbd' "/data/fileshare/" rk, "/data/fileshare/**" lrwk,
- Save your changes to usr.sbin.smbd
- Restart the AppArmor service.
sudo systemctl restart apparmor
Verify Guest Access
Try to access the file share with the smbclient terminal application. At the smb: \> prompt, try using ls to list the files available on the share.
In this example, we can see the weird_fishes.txt file is listed.
smbclient -N //localhost/fileshare Try "help" to get a list of possible commands. smb: \> ls . D 0 Mon May 2 07:42:32 2022 .. D 0 Sun May 1 07:21:15 2022 weird_fishes.txt N 691 Sun May 1 11:32:31 2022 479597248 blocks of size 1024. 440488612 blocks available smb: \> exit
After verifying guest access, the file share should be working for you.
Test iPad
Try connecting to the share with the iPad.
- Open the Files app.
- Tap the circle with three dots near the top of the Files side panel.
- Tap Connect to Server.
- Enter the fully qualified path to the share. In my case:
smb://edward/fileshare
Where "smb://" is the protocol and is the same for everyone. "edward" is the network name of my computer; change this to match your server's network name. And, "fileshare" is the share folder.
- Tap Connect or press Return on your keyboard. Now, we're asked to connect as a Guest or Registered User.
- Tap Guest.
- Tap Next. Now the file share should be visible.
From here, I can browse and open files on the share.
If you want to return to the shared folder within the Files app, the file share will be listed under the Shared heading with the server name. On my Files app, I see Shared and then edward. The eject button next to the server name lets you explicitly disconnect from the server.
Troubleshooting
iPad Error Messages
During testing, I received two error messages from the iPad.
The operation couldn't be completed. Operation not supported.
Content Unavailable The folder contents could not be displayed because of an unknown error.
Make sure that you are not using the "hosts allow" parameter in smb.conf. I noticed that the iPad was communicating with the server via IPv6. That makes it difficult to create a reliable list of allowed hosts. So, I don't use "hosts allow". The "interfaces" smb.conf parameter might also cause problems.
Problems After Updating to Manjaro 21.3.7
I had trouble connecting to my file share after updating to Manjaro 21.3.7 This version was released in August 2022.
To fix the issue, I needed to add two exceptions to AppArmor. I installed AppArmor as a prerequisite for Ubuntu Snaps. I use snaps elsewhere on my system. And snaps were installed while Samba was working. But, some part of the default security policy changed while upgrading Manjaro. So, versions of Manjaro 21.3.7 and later require the exceptions to be added if you're using AppArmor.
See the section above on Configuring AppArmor for instructions.
While I was having this issue, the Samba log showed this error:
File Name:
log.samba-dcerpcd
File Contents:
[2023/03/20 16:00:37, 0] ../../source3/rpc_server/rpc_host.c:2940(main) main: messaging_init() failed
Administration
Check Samba Logs
Note that journalctl will not show the full log. Go to /var/log/samba and read the logs directly.
List the modified logs.
Get-ChildItem -Path "/var/log/samba" | Where-Object { $_.LastWriteTime -ge ((Get-Date).AddMinutes(-20))} | Sort-Object -Property LastWriteTime -Descending | Format-Table -AutoSize Directory: /var/log/samba UnixMode User Group LastWriteTime Size Name -------- ---- ----- ------------- ---- ---- -rw-r--r-- root root 5/3/2022 21:20 4476 log.smbd -rw-r--r-- root root 5/3/2022 21:20 7592 log.samba-dcerpcd -rw-r--r-- root root 5/3/2022 21:20 744 log.rpcd_lsad -rw-r--r-- root root 5/3/2022 21:20 744 log.rpcd_mdssvc -rw-r--r-- root root 5/3/2022 21:20 744 log.rpcd_rpcecho -rw-r--r-- root root 5/3/2022 21:20 744 log.rpcd_epmapper -rw-r--r-- root root 5/3/2022 21:20 744 log.rpcd_fsrvp -rw-r--r-- root root 5/3/2022 21:20 744 log.rpcd_spoolss -rw-r--r-- root root 5/3/2022 21:20 14068 log.rpcd_winreg -rw-r--r-- root root 5/3/2022 21:20 24704 log.rpcd_classic -rw-r--r-- root root 5/3/2022 21:20 278637 smbd.log -rw-r--r-- root root 5/3/2022 21:20 46072 2600_1700_1e80_7880_bc92_a917_e0f1_ 2fe3.log -rw-r--r-- root root 5/3/2022 21:20 154076 mobile.log
Read the log file.
vim -R /var/log/samba/smbd.log ... [2022/05/03 21:20:13.032298, 0] ../../source3/smbd/server.c:1741(main) smbd version 4.16.0 started. Copyright Andrew Tridgell and the Samba Team 1992-2022 [2022/05/03 21:20:13.032359, 2] ../../source3/smbd/server.c:1744(main) uid=0 gid=0 euid=0 egid=0 [2022/05/03 21:20:13.032596, 2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2022/05/03 21:20:13.032609, 2] ../../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED ...
Increase Log Level
Change the log level by adding a parmeter to smb.conf and restarting the smb service. This will show additional information.
Remember to disable the higher log level after you are finished troubleshooting. You can comment out the parameter with '#'. Then restart the service again.
File Name:
/etc/samba/smb.conf
File Contents:
Add log level under [global].
[global] log level = 3
Manage Samba
You can manage the Samba service with the commands below.
systemctl status smb.service | vim +"set nowrap" +"set nomodified" - sudo systemctl start smb.service sudo systemctl stop smb.service sudo systemctl restart smb.service
Making Changes to smb.conf
Here are the steps for changing the smb.conf file.
sudo vim /etc/samba/smb.conf testparm -s sudo systemctl restart smb.service
Change the systemd unit File for Samba
Here is the location of the systemd configuration for Samba. For example, you can add smbd command-line options to the "ExecStart=" line available in the file. See the smbd manual page linked below for available options.
# edit file # Use '#' for comments inside the file. sudo vim /usr/lib/systemd/system/smb.service # Reload systemd manager configuration sudo systemctl daemon-reload # restart unit sudo systemctl restart smb.service
Uninstall
You can reverse the changes made here and uninstall Samba with these commands.
This leaves the file share directory and contents intact. This does not undo or change any local permissions to the file share directory which might have changed by using chmod. If you saved the namei output before making changes, you can use that information to manually reset permissions for each directory.
I also reset the AppArmor exceptions file back to its default. This only affects Samba.
sudo systemctl stop smb.service sudo systemctl disable smb.service sudo rm /etc/samba/smb.conf "# Site-specific additions and overrides for 'usr.sbin.smbd'" > /etc/apparmor.d/local/usr.sbin.smbd sudo systemctl restart apparmor sudo pacman -Rs samba
Note on Vim
If you pipe stdin to Vim, the resulting buffer or file will be marked as modified. And you will be prompted to save the buffer before exiting Vim. Often this text is not needed. And it would be helpful to exit Vim without habitually typing :q! The problem is that if you accidentally type :q! in another context, you can lose all your work.
You can add a line to vimrc so that you can exit with :q after reading from stdin. This saves you from typing +"set nomodified" at the command line.
" Don't set 'modified' when reading from stdin au StdinReadPost * set nomodified
References
vfs_fruit Manual Page (Apple compatibility parameters)
Explanation of chmod Symbolic Modes
File Permissions | AppArmor GitLab
systemd.service | Arch Manual Pages
stdin Configuration Option | starting.txt | Vim Online Help
Changes
- Added AppArmor instructions.
- Cleaned up steps for iPad Files app.
- Removed references to smbclient -L localhost. This no longer works for me.
- Added Format-Table to one-liner.
- Updated advice on Files app.
- Updated logging sections.
- Added Note on Vim.
Created: Monday, May 2, 2022
Updated: Thursday, March 23, 2023
/gemlog/