I would like to have a flash card installed with folders that are available on the LAN but also have a folder (or preferably a partition) that is not available or visible on the LAN. The second folder (partition) would be used for storage of system (backup etc.) files. It would be nice to be able to access the system files using samba, but access using ssh is OK.
From my experimentation so far, it appears that all partitions (mount points) on all attached devices are mounted in the same way (as set in the GUI) at system boot. I can use the luci interface after boot to change the access on each mount point, but these changes are not retained after a reboot.
The best I have been able to do is to create a sub-folder owned by root, and restrict its permissions to only the root user. This folder is visible on the LAN but its contents can not be seen or modified by others. I can only access it using ssh or scp.
Is there a better way to do what I want? I am a Linux user, but this is my first experience with OpenWRT/luci.
Thank you for the link that led me to the configuration file. Part of my problem seems to be that the config is changed on every boot up. I was then able to find the script /etc/hotplug.d/block/50-samba which makes the configuration changes. I am working on that file to get my desired operation. Being able to customize the router operation is a great feature.
It seems that if i put any user in the âAllowed usersâ field, I can not mount the share. I have created a user on the router to try and restrict access to a mount point. I also can only mount the userâs home folder by checking the Allow guests" box. Is there something I can do to correct this?
Thank you for your suggestion, but it does not work for me. I have found that if I use the option users âusernameâ either directly by editing /etc/config/samba or the Luci interface I get an error when I try to mount the share. The error occurs if the option guest_ok is ânoâ or even âyesâ. If I set the option guest_ok to âyesâ and do not use the option users I can mount the share. I have tried mounting with Apple OSX, Linux, and Android clients. I do not have a MS Windows computer available to use at this time. These same machines can mount user shares on other Linux computers running samba.
I have also found that using the default samba template I can mount the /root folder as a guest when it is not specified as a mount point. I believe this is because the [global] options for "Share home-directoriesâ is checked by default. All that is needed is for the client computer to specify smb://GL-AR750S/root as the mount point and use guest account. The mount is read only. As /root is a known folder, I believe this is an undesirable situation and I have changed guest_ok to ânoâ in the template.
I have also changed the file /etc/hotplug.d/block/50-samba line "uci delete samba.@sambashare[$i]â to âexitâ so that existing "config sambashareâ sections are not changed if they are mounted when the router is rebooted.
I have edited my reply to correct spell-check errors. Hope it is more understandable.
I forgot to ask if you are able to create and use a mount with a valid user required? If so, how did you create the newuser on the router. The adduser command does not seem to exist so I created the newuser manually. I was able to log in as newuser with his password, and I was able to mount the user /home/newuser folder when specified as a guest only mount point. I could not use the newuser as a valid user to mount any folder, nor could I access his home folder other than with the guest account.
The final change was to modify the Template line:
security = share
to
security = user
I also found and added the package âshadow-useraddâ and used the useradd command to add the desired username and /home/username folder. I had already added the /home folder. Used (as root) âpasswd usernameâ to set the shadow password, and âsmbpasswd -a usernameâ to add a samba password.
I am not sure if all the above was needed, but I now can mount the username home folder and specify username as a âValid userâ on a share and mount it with the username and password.
