{"id":151,"date":"2019-05-30T16:40:28","date_gmt":"2019-05-30T14:40:28","guid":{"rendered":"http:\/\/www.underealm.com\/tech\/?p=151"},"modified":"2020-01-15T22:07:44","modified_gmt":"2020-01-15T21:07:44","slug":"samba-windows-nix-selinux-and-you","status":"publish","type":"post","link":"https:\/\/www.underealm.com\/tech\/2019\/05\/samba-windows-nix-selinux-and-you\/","title":{"rendered":"Samba, Windows, *nix, SELinux and you"},"content":{"rendered":"\n

Let’s face it: SMB\/CIFS comes in handy plenty of times. Works great under Linux, works great with Windows, and if it’s configured properly it’s fun times for everyone. There are multiple potential behavioural problems though, mostly involving charsets.<\/p>\n\n\n\n

Samba charset (and filesystem) setup<\/h2>\n\n\n\n

While I’ve been successfully using iso-8859-1<\/code> by default for a long time in my Samba servers, until recently I also used the same charset in the *nix filesystem, which brought all kind of oddities. 20\/20 hindsight, as per usual. In smb.conf<\/code>, you can configurn though you can specify different charsets to make everyone happy:<\/p>\n\n\n\n

[global]\ndos charset = iso-8859-1\nunix charset = utf-8\npreserve case = yes\nshort preserve case = yes\ndefault case = lower\ncase sensitive = no<\/code><\/pre>\n\n\n\n
This has multiple advantages:<\/p>\n\n\n\n
  • Windows gets its iso-8859-1<\/code> charset, and is happy;<\/li>
  • Linux gets its utf-8<\/code> charset, and is happy;<\/li>
  • preserve case<\/code>s make sure that filenames aren’t changed while moving files across machines;<\/li>
  • disabling case sensitive<\/code> avoid weird behaviour under Windows.<\/li><\/ul>\n\n\n\n
    This is the configuration I’ve been running for years, sharing files across Windows\/Linux\/OS X machines since Windows XP, and has been working perfectly.<\/p>\n\n\n\n
    Changing filesystem charset<\/h2>\n\n\n\n
    If you’re switching the unix charset though, you might need to convert existing files\/directories to the new charset. Cue in convmv<\/code>:<\/p>\n\n\n\n
    convmv -f <from_charset> -t <to_charset> -r --preserve-mtimes <dir><\/code><\/pre>\n\n\n\n
    In my case:<\/p>\n\n\n\n
    convmv -f iso-8859-1 -t utf-8 -r --preserve-mtimes .<\/code><\/pre>\n\n\n\n
    With this simple command I was able to mass rename thousands of files in one go. Note that you also need the --notest<\/code> parameter to actually apply the changes, and not just list the files in a dry run.<\/p>\n\n\n\n
    SELinux<\/h2>\n\n\n\n
    While playing around Centos I stumbled into SELinux problems I wasn’t prepared for. Consider the following:<\/p>\n\n\n\n
    [Share]\ncomment = Personal share\npath = \/home\/<username>\/share\/\nguest ok = no\nbrowseable = yes\nwritable = no\ncreate mask = 0660\ndirectory mask = 0775\nwrite list = <username><\/code><\/pre>\n\n\n\n
    Supposing the path actually exists, that the username is added to the samba user database and that the password is correct, everything should work fine. Except that it mostly likely won’t, because we need to configure SELinux on top of everything else:<\/p>\n\n\n\n
    restorecon -R -v \/home\/<username>\/share\/\nchcon -R -t samba_share_t \/home\/<username>\/share\/<\/code><\/pre>\n\n\n\n
    That’s all there is to properly setup and have the content accessible. Contrary to what other people claims, you don’t have to increase permissions in the samba path tree<\/strong>. A 0700<\/code> on the \/home\/<user><\/code> works perfectly fine.<\/p>\n","protected":false},"excerpt":{"rendered":"
    Let’s face it: SMB\/CIFS comes in handy plenty of times. Works great under Linux, works great with Windows, and if it’s configured properly it’s fun times for everyone. There are multiple potential behavioural problems though, mostly involving charsets. Samba charset (and filesystem) setup While I’ve been successfully using iso-8859-1 by default for a long time […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[81,83,85,82,86,84],"class_list":["post-151","post","type-post","status-publish","format-standard","hentry","category-antifud","tag-centos","tag-cifs","tag-linux","tag-samba","tag-selinux","tag-smb"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.underealm.com\/tech\/wp-json\/wp\/v2\/posts\/151"}],"collection":[{"href":"https:\/\/www.underealm.com\/tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.underealm.com\/tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.underealm.com\/tech\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.underealm.com\/tech\/wp-json\/wp\/v2\/comments?post=151"}],"version-history":[{"count":3,"href":"https:\/\/www.underealm.com\/tech\/wp-json\/wp\/v2\/posts\/151\/revisions"}],"predecessor-version":[{"id":154,"href":"https:\/\/www.underealm.com\/tech\/wp-json\/wp\/v2\/posts\/151\/revisions\/154"}],"wp:attachment":[{"href":"https:\/\/www.underealm.com\/tech\/wp-json\/wp\/v2\/media?parent=151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.underealm.com\/tech\/wp-json\/wp\/v2\/categories?post=151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.underealm.com\/tech\/wp-json\/wp\/v2\/tags?post=151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}