Samba: Directory permissions keep resetting.

RimBlock · 15 Apr 2011 at 08:17

Hi,

I have a NAS which my media player connects to via Samba.

I have two shares, 'Archive' and 'Raid'. I can browse the 'Archive' share and play content without any issue but, although I can browse the 'Raid' share and play one piece of media, after that I can not get in to the raid/media directory again with it telling me 'no media content available'. Looking on the NAS I find the directory permissions for 'Raid' and possibly the sub directories have changed to "d---------". If I reset them to 755 and try to browse from the media player again then they reset back to 000. If I reset the media player, I can browse the 'Raid' share again for one play of media then the problem comes back.

As mentioned, I have no issue with the 'Archive' share.

Both are mounted discs on /mnt. Archive is a single hard drive, Raid is a stripped array of 3 drives.

Any suggestions ?

RB

RimBlock · 15 Apr 2011 at 13:35

I did wonder if the array had degraded and was being marked as inaccessible but it looks good.

[root@nas ~]# mdadm --detail /dev/md127p1
/dev/md127p1:
Version : 1.2
Creation Time : Fri Mar 4 00:36:12 2011
Raid Level : raid0
Array Size : 2930277376 (2794.53 GiB 3000.60 GB)
Raid Devices : 3
Total Devices : 3
Persistence : Superblock is persistent

Update Time : Fri Mar 4 00:36:12 2011
State : clean
Active Devices : 3
Working Devices : 3
Failed Devices : 0
Spare Devices : 0

Chunk Size : 512K

Name : nas.ronin:0 (local to host nas.ronin)
UUID : 9b5422f7:1d742eb6:7577bcf0:d0065a0a
Events : 0

Number Major Minor RaidDevice State
0 8 97 0 active sync /dev/sdg1
1 8 113 1 active sync /dev/sdh1
2 8 129 2 active sync /dev/sdi1

RimBlock · 16 Apr 2011 at 02:35

What I have found is (for quite a few files on my share);

messages-20110316:Mar 7 23:18:18 nas setroubleshoot: SELinux is preventing /usr /sbin/smbd from getattr access on the file /mnt/archive/Media/movies/SciFi/AI/Ai -fanart.jpg. For complete SELinux messages. run sealert -l 52b98d55-a442-4537-a7 9f-56bcff966d68

Running the suggested command gets...

[root@nas log]# sealert -l 52b98d55-a442-4537-a79f-56bcff966d68
Opps, sealert hit an error!

Traceback (most recent call last):
File "/usr/bin/sealert", line 709, in <module>
proxy_obj = bus.get_object(dbus_system_bus_name, dbus_system_object_path)
File "/usr/lib/python2.7/site-packages/dbus/bus.py", line 244, in get_object
follow_name_owner_changes=follow_name_owner_changes)
File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 241, in __init__
self._named_service = conn.activate_name_owner(bus_name)
File "/usr/lib/python2.7/site-packages/dbus/bus.py", line 183, in activate_name_owner
self.start_service_by_name(bus_name)
File "/usr/lib/python2.7/site-packages/dbus/bus.py", line 281, in start_service_by_name
'su', (bus_name, flags)))
File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 630, in call_blocking
message, timeout)
DBusException: org.freedesktop.DBus.Error.Spawn.ChildExited: Launch helper exited with unknown return code 3

Any suggestions ?

Thanks
RB

tntcoder · 16 Apr 2011 at 10:43

Try killing SELinux as a test and see if the issue disappears.

ChrisB · 18 Apr 2011 at 15:53

Since you're running SELinux have you set the extended attrs on the mounted (raid) directory?

Code:

chcon -R -t samba_share_t /mnt/archive

?
Will do a recursive labelling of the -t type, and will be reset on a relabel.

To make it stick run:

Code:

semanage fcontext -a -t samba_share_t '/mnt/archive(/.*)?'
restorecon -R -v /mnt/archive

semanage starts the SELinux policy manager and updates the policy file.
restorecon then applies the policy recursively, based on the policy(s).

RimBlock · 19 Apr 2011 at 01:53

Thanks guys.

I had SELinux turned off due to issues popping up all over the play about policies, this machine being an internal NAS for movie/music sharing and not wanting to spend hours learning the ins and outs of SELinux (if it was for work then that would be different).

I have turned it on as permissive and run the following as suggested by the troubleshooter.

chcon -R -t samba_share_t /mnt/raid
Since doing this I have not seen the same problems although some files are now not showing any picture. I suspect this could be a firmware issue with the media player though. I will give a go at the other commands to make it stick.

Many thanks both of you.

One other question... My user account is also showing up as shared but is not listed in the Samba config gui. How do I stop it being shared ?

Thanks
RB