Samba share some directories with account, some without account

[noric]

UPDATE!
See here for the solution: http://forums.smallnetbuilder.com/showpost.php?p=137309&postcount=24


____________________________________________________________________________________________________________________________

The title pretty much tells what I would like.
I want to give everyone access (better if read-only) to my Media folder, without they need to authenticate ====> share without account.
On the contrary I myself want full access rights to every directory (of course I'd need to authenticate) ====> share with account.

In case this isn't possible, as a last resort, is there a way I could at least create a non password-protected account? The GUI doesn't let me do that.

Thanks!

 

[ColinTaylor]

OK, I don't know if this will work, but give it a try.

Turn off "Allow guest login" in the GUI and set up your password protected shares as normal.

Then create /jffs/scripts/smb.postconf as follows:

#!/bin/sh

logger -t $(basename $0) $1

CONFIG=$1
source /usr/sbin/helper.sh

pc_insert "[MEDIA" "guest ok = yes" $CONFIG

Where "MEDIA" is the (unique) name of the folder you're sharing with a "[" in front of it.

Reboot and see if it works!

 

[noric]

I don't have "allow guest login" in the GUI because I'm still on 374.40 fw. I only setup a secondary account with read-only rights, while the main account (which is there by default) has read-write. Both of the accounts are password-protected.
Then I created the script as per your advice, moved it to /jffs/scripts and made it executable. I rebooted the router but nothing happens: I can't open the Media folder without account.
In the router's log I find the following entry twice:

Jan  1 01:00:13 smb.postconf: /etc/smb.conf

so the script should be running, I guess.

What exactly should it be doing? I don't understand.

Thanks for the effort!

P.S.: in the script I tried both "[/path/to/Media" and only "[Media".

P.P.S.: maybe the script is running before the usb hdd is mounted? Should I insert a sleep command?

 

[ColinTaylor]

Can you post the contents of /etc/smb.conf

The idea of the script is to locate in that file the section header for the "Media" share. It looks like this

[Media]

or this

[Media (at VERBATIM)]

depending on whether or not you are using "Simpler share naming (without the disk name)".

Once it has found the correct section header it should insert the following line after it:

guest ok = yes

I haven't tried this so it might not work anyway.

 

[noric]

[global]
workgroup = WORKGROUP
netbios name = RT-N66U
server string = RT-N66U
unix charset = UTF8
display charset = UTF8
log file = /var/log.samba
log level = 0
max log size = 5
security = USER
guest ok = no
map to guest = Bad User
encrypt passwords = yes
pam password change = no
null passwords = yes
force directory mode = 0777
force create mode = 0777
max connections = 5
socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=65536 SO_SNDBUF=65536
obey pam restrictions = no
use spnego = no
client use spnego = no
disable spoolss = yes
host msdfs = no
strict allocate = No
bind interfaces only = yes
interfaces = lo br0
use sendfile = no
map archive = no
map hidden = no
map read only = no
map system = no
store dos attributes = yes
dos filemode = yes
oplocks = yes
level2 oplocks = yes
kernel oplocks = no
wide links = no
[entware]
comment = sda1's entware in WDC WD10 JUCT-63CYNY0
path = /tmp/mnt/sda1/entware
dos filetimes = yes
fake directory create times = yes
valid users = noric, utente
invalid users = utente
read list = noric
write list = noric
[Torrent]
comment = sda1's Torrent in WDC WD10 JUCT-63CYNY0
path = /tmp/mnt/sda1/Torrent
dos filetimes = yes
fake directory create times = yes
valid users = noric, utente
invalid users = utente
read list = noric
write list = noric
[debian]
comment = sda1's debian in WDC WD10 JUCT-63CYNY0
path = /tmp/mnt/sda1/debian
dos filetimes = yes
fake directory create times = yes
valid users = noric, utente
invalid users = utente
read list = noric
write list = noric
[File di configurazione]
comment = sda1's File di configurazione in WDC WD10 JUCT-63CYNY0
path = /tmp/mnt/sda1/File di configurazione
dos filetimes = yes
fake directory create times = yes
valid users = noric, utente
invalid users = utente
read list = noric
write list = noric
[Media]
comment = sda1's Media in WDC WD10 JUCT-63CYNY0
path = /tmp/mnt/sda1/Media
dos filetimes = yes
fake directory create times = yes
valid users = noric, utente
invalid users =
read list = noric, utente
write list = noric

Edit: "noric" is the main account, while "utente" is read-only.

Edit2: I don't see "guest ok = yes". Can I manually add it?

 

[ColinTaylor]

Edit: "noric" is the main account, while "utente" is read-only.

Edit2: I don't see "guest ok = yes". Can I manually add it?

Yes, it doesn't seem to have worked. OK, edit the file manually and then

# killall smbd
# smbd -D -s /etc/smb.conf

 

[noric]

It doesn't work. I think I read something about "guest ok" working only when security is set to "share" and not to "user". Let's see if I can find it.

 

[noric]

It works!!! Now I explain.

 

[noric]

I've done other changes to the [Media] section and I'm trying to figure out which one did the trick.

 

[ColinTaylor]

I think I've got it. You need to remove/disable this line

valid users = noric, utente

because it's blocking the guest user access.

 

[noric]

So, in addition to adding the line

guest ok = yes

you need to change

valid users = <<user>>

to

valid users =

This way you have read-write access with the main account (password protected) and read-only access without authentication!

Edit: we wrote at the same time. Indeed, that's the line!
Thank you very much Colin!

 

[ColinTaylor]

You're welcome.

So

pc_insert "[Media" "guest ok = yes" $CONFIG

should work for you, but I can't think of a nice way of disabling "valid users".

UPDATE: Maybe "sed". I think it's probably safe to disable ALL of the "valid users" lines because the GUI also creates "read list" and "write list" entries. If that is the case then

sed -i 's/^valid users.*/valid users =/' $CONFIG

might do it.

 

[noric]

The postconf script isn't working, actually. Maybe I need to escape "[" by adding a backslash?

 

[ColinTaylor]

Strange, it works for me. Can you post your script.

 

[noric]

You're right, sorry. I had checked the smb.conf file after messing with the GUI settings and the file had been recreated from scratch deleting the "guest ok = yes" line.
About the "valid users = ", there is also the command

pc_replace "original string" "new string" "config filename"

but that would change all entries, like sed. Maybe it has a simpler syntax, though.

Edit: I had missed your update about sed. That's quite simple too.

 

[noric]

I've manually changed all "valid users" and it seems to work as I wanted.
I'm going to try

pc_replace "valid users = noric" "valid users = " $CONFIG

 

[ColinTaylor]

This works for me:

#!/bin/sh

logger -t $(basename $0) $1

CONFIG=$1
source /usr/sbin/helper.sh

pc_insert "[Media" "guest ok = yes" $CONFIG

sed -i 's/^valid users.*/valid users =/' $CONFIG

pc_replace only substitutes the part of the line you specify. And the list of users can/will change.

Actually, yes you're right. This would be better:

pc_replace "valid users =" "# valid users =" $CONFIG

 

[noric]

I've tried this and it works.

#!/bin/sh

logger -t $(basename $0) $1

CONFIG=$1
source /usr/sbin/helper.sh

pc_insert "[Media" "guest ok = yes" $CONFIG
pc_replace "valid users = noric" "valid users = " $CONFIG

But it's way better commenting the line, as you said.

Edit: won't it comment the line "invalid users" too, will it??

 

[ColinTaylor]

Edit: won't it comment the line "invalid users" too, will it??

Yes, you're right. Didn't think of that. Back to sed then?

sed -i 's/^valid users/#valid users/' $CONFIG

 

[john9527]

Yes, you're right. Didn't think of that. Back to sed then?

sed -i 's/^valid users/#valid users/' $CONFIG

Since they are executed serially...

pc_replace "invalid users =" "inxalid users =" $CONFIG
pc_replace "valid users =" "# valid users =" $CONFIG
pc_replace "inxalid users =" "invalid users =" $CONFIG