Join Log in
Score:1
trwnh avatar Server

How do I veto a specific UNIX path with Samba? (Match one directory with a specific name, but NOT any others)

pe flag
trwnh

So I recently learned about the veto files option for Samba, and I want to use it to hide just one directory that matches a given name.

Example: I have two directories with the following UNIX paths:

  • /storage/data/nextcloud
  • /storage/users/trwnh/nextcloud

I want to veto the first one, but not the second one.

Options I've tried:

  • veto files = /storage/data/nextcloud (didn't work, so I read the man page a bit more closely and discovered that the / is an OR separator and not a path separator)
  • veto files = /storagedatanextcloud (my first assumption was that I should simply remove the path separators -- it must be a bit late, IDK why I thought that would work)
  • veto files = /nextcloud/ (works, but hides both directories instead of just the first)

At this point I'm stuck, and I'm not even sure if the functionality I want is implemented within Samba, so I turn to the Internet to help me figure this out.

163
0 + 0
Score:0
bandie avatar Server
us flag
bandie

smb.conf(5) implies that you can not veto specific paths, only file (and dir) names, let them be anywhere.

       veto files (S)

       This is a list of files and directories that are neither visible nor accessible. Each entry in the
       list must be separated by a ´/´, which allows spaces to be included in the entry. ´*´ and ´?´ can
       be used to specify multiple files or directories as in DOS wildcards.

       Each entry must be a unix path, not a DOS path and must not include the unix directory separator

So it's not what you are looking for, given that you can not change neither nextcloud directory's name.

There are some options:

my assumption is that you access samba with the same user as your system user, so you can not revoke r/x bits only from samba user without affecting your linux user's permissions.

  1. run samba in a separate mount namespace, in which you over-mount the directory you want to hide. see unshare(1) and mount --bind, may need to tune samba init scripts a bit.

  2. bind-mount the whole /storage to somewhere else, eg. /smb/storage, and over-mount /smb/storage/users/trwnh/nextcloud. and point the samba share to /smb/storage. this way you don't need separate mount namespace.

  3. put /storage/data and /storage/users in separate shares.

  4. make a samba vfs module which's only job is to hide the unwanted directory.

0 + 0
trwnh avatar
pe flag
trwnh
I think I might have to go with (3) and just live with the [storage] share not showing user nextcloud folders, since the [storage_users_trwnh] share would show it, right? Only downside being I have to mount two shares on each client instead of one. And I suppose also that I can't name any directory or file "nextcloud" without it similarly disappearing.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.