Specifically, I installed Nextcloud and wanted to be able to access the files and upload in bulk instead of via the web interface, or the integrated Explorer client which is convenient but only works if you want to synchronise files locally (ie keep a copy) and are happy to move everything there.
Nextcloud writes files as user/group www/www so I had to have the SMB share write files as that user, but be accessible to my user or group. I realise that isn't the best security or auditing model, and I might have achieved the same with a complex group config between FreeNAS and the jail, but it seemed unnecessary for my home server.
I also created the group nextcloud_files to define the FreeNAS users that could access this share.
In short, these advanced auxiliary SMB settings worked:
- valid users = @nextcloud_files
- force user = www
- force group = www
I was able to mount the share as the Windows user and copy data into it, and it appeared as the www user.
Additionally, I tried to set it so that the shares would only be visible to the users who could access them, with either or both of these options:
- hide unreadable = yes
- access based share enum = Yes
But that doesn't seem to work and probably requires user-level settings on FreeNAS which is not available in the web interface, and I don't like invisible manual configuration.
Nextcloud note: it's not a good idea to side-load files into the storage, although they do appear in the web frontend, it hasn't attributed disk usage properly and I'm not sure if this means certain metadata won't be tracked. There just doesn't seem to be a nice way to pre-load it with GBs of photos.
To update the database, there is a server-side command to re-scan all the files, ie:
To update the database, there is a server-side command to re-scan all the files, ie:
root@nextcloud:/ # sudo -u www php /usr/local/www/nextcloud/occ files:scan joel The process control (PCNTL) extensions are required in case you want to interrupt long running commands - see http://php.net/manual/en/book.pcntl.php Starting scan for user 1 out of 1 (joel) +---------+-------+--------------+ | Folders | Files | Elapsed time | +---------+-------+--------------+ | 305 | 21041 | 00:21:53 | +---------+-------+--------------+
This is not ideal.
Turns out there is also a WebDAV address you can alternatively map instead of a windows share, which would solve this problem!
... but Windows doesn't like it, no matter whether it's internal, external, port included or not. Of course.
UPDATE: I solved this and described it in another post
No comments:
Post a Comment