*Solved* Is it possible to access my Rclone mount as a Samba share?

Solution

It appears --allow-other was partially broken in some recent beta builds. I updated to the latest build and all was well again. A definite reminder to check the latest stable build first whenever you are having issues

Evening chaps

I have an rclone mount set up and working perfectly on my Raspberry Pi and I also have a Plex media server on the same device. I'm considering moving the Plex server onto my Shield Pro and accessing the rclone mount as a samba share (if possible) but I'm struggling to get it working.

I must confess I'm not the most linux savvy person out there, but I usually get there with the help of some basic instructions. In the past I have set up a samba share on the same device by using webmin, however this time when I use the webmin interface it doesn't see the rclone mount despite the fact it is running, which has left me scratching my head.

Is there a reason anyone can suggest for me not being able to see the mount?

hello,
when you posted, you were asked for information, can you post that.
and what is your mount command and smb config file

No problem. I didn't include the standard help info as I didn't consider it an issue with rclone, and therefore didn't think it was relevant.

I've posted everything below, including the smb.conf file. Is it as simple as adding the mount location to the end of the config file?

What is your rclone version (output from rclone version)

rclone v1.52.2-250-g4f9a80e2-beta

• os/arch: linux/arm64
• go version: go1.14.4

Which OS you are using and how many bits (eg Windows 7, 64 bit)

Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-1015-raspi aarch64)

Which cloud storage system are you using? (eg Google Drive)

Google Drive

The rclone config contents with secrets removed.

[gdrive]
type = drive
client_id = XXX
client_secret = 
scope = drive
root_folder_id = 
service_account_file = 
token = XXX

[RichFlix]
type = drive
client_id = XXX
client_secret = 
scope = drive
root_folder_id = XXX
service_account_file = 
token = XXX

[RichFlixCrypt]
type = crypt
remote = RichFlix:/The Skull/
filename_encryption = standard
directory_name_encryption = true
password = XXX
password2 = XXX

[RichFlixBackupCrypt]
type = crypt
remote = gdrive:/Skull backup/
filename_encryption = standard
directory_name_encryption = true
password = XXX
password2 = XXX

[IndigoRebel]
type = drive
client_id = XXX
client_secret =
scope = drive
token = XXX
team_drive = XXX

My rclone mount

[Unit]
Description=PlexMount Service

[Service]
Type=notify
Environment=RCLONE_CONFIG=//home/craftyclown/.config/rclone/rclone.conf
KillMode=none
RestartSec=5
ExecStart=/usr/bin/rclone mount "RichFlixCrypt:/Encrypted/" /home/craftyclown/Skull \
  --allow-other \
  --buffer-size 32M \
  --dir-cache-time 72h \
  --log-level DEBUG \
  --log-file /home/craftyclown/logs/PlexMount.log \
  --poll-interval 15s \
  --timeout 1h \
  --umask 002
ExecStop=/bin/fusermount -uz /home/craftyclown/Skull
Restart=on-failure
User=craftyclown
Group=craftyclown

[Install]
WantedBy=multi-user.target

#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which 
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
#  - When such options are commented with ";", the proposed setting
#    differs from the default Samba behaviour
#  - When commented with "#", the proposed setting is the default
#    behaviour of Samba but the option is considered important
#    enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic 
# errors. 

#======================= Global Settings =======================

[global]
	log file = /var/log/samba/log.%m
	max log size = 1000
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	logging = file
	pam password change = yes
	server string = %h server (Samba, Ubuntu)
	panic action = /usr/share/samba/panic-action %d
	auto services = Backups
	encrypt passwords = yes
	passwd program = /usr/bin/passwd %u
	obey pam restrictions = yes
	unix password sync = yes
	map to guest = bad user
	usershare allow guests = yes
	os level = 20
	workgroup = CYBERDYNE
	server role = standalone server
	netbios name = Baby Kong

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of

# server string is the equivalent of the NT Description field

#### Networking ####

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = yes



#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects

# Cap the size of the individual log files (in KiB).

# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
# Append syslog@1 if you want important messages to be sent to syslog too.

# Do something sensible when Samba crashes: mail the admin a backtrace


####### Authentication #######

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller". 
#
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.


# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections

########## Domains ###########

#
# The following settings only takes effect if 'server role = primary
# classic domain controller', 'server role = backup domain controller'
# or 'domain logons' is set 
#

# It specifies the location of the user's
# profile directory from the client point of view) The following
# required a [profiles] share to be setup on the samba server (see
# below)
;   logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
#   logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
;   logon drive = H:
#   logon home = \\%N\%U

# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
;   logon script = logon.cmd

# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe.  The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u

# This allows machine accounts to be created on the domain controller via the 
# SAMR RPC pipe.  
# The following assumes a "machines" group exists on the system
; add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u

# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.  
; add group script = /usr/sbin/addgroup --force-badname %g

############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /home/samba/etc/smb.conf.%m

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
;   idmap config * :              backend = tdb
;   idmap config * :              range   = 3000-7999
;   idmap config YOURDOMAINHERE : backend = tdb
;   idmap config YOURDOMAINHERE : range   = 100000-999999
;   template shell = /bin/bash

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.

# Maximum number of usershare. 0 means that usershare is disabled.
#   usershare max shares = 100

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones

#======================= Share Definitions =======================

# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
;[homes]
;   comment = Home Directories
;   browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
;   read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
;   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
;   directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# Un-comment the following parameter to make sure that only "username"
# can connect to \\server\username
# This might need tweaking when using external authentication schemes
;   valid users = %S

# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
;   comment = Network Logon Service
;   path = /home/samba/netlogon
;   guest ok = yes
;   read only = yes

# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
;   comment = Users profiles
;   path = /home/samba/profiles
;   guest ok = no
;   browseable = no
;   create mask = 0600
;   directory mask = 0700

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
;   write list = root, @lpadmin











[Backups]
	path = /media/data/Backups
	comment = Backups
	writeable = yes

[homes]
	path = /home/craftyclown/Skull

for the rclone.conf file, i hope you have redacted passwords and whatnot?

now that you have posted all the needed info.
i am sure some expert will stop by.
in the mean time, there are many posts in the forum as samba and rclone mount, did you not find any helpful?

Was there a reason you asked me to post the smb.conf?

So I've been playing about with the smb.conf as well as the samba module in webmin and I can set up a share that includes everything inside my home folder, except for my rclone mount. I've also tested on the shield and once again it can see everything apart from the rclone mount.

So is the problem somewhere in the mount script?

I changed the unmask setting to --umask 000 but that didn't help

[Unit]
Description=PlexMount Service

[Service]
Type=notify
Environment=RCLONE_CONFIG=//home/craftyclown/.config/rclone/rclone.conf
KillMode=none
RestartSec=5
ExecStart=/usr/bin/rclone mount "RichFlixCrypt:/Encrypted/" /home/craftyclown/Skull
--allow-other
--buffer-size 32M
--dir-cache-time 72h
--log-level DEBUG
--log-file /home/craftyclown/logs/PlexMount.log
--poll-interval 15s
--timeout 1h
--umask 000
ExecStop=/bin/fusermount -uz /home/craftyclown/Skull
Restart=on-failure
User=craftyclown
Group=craftyclown

[Install]
WantedBy=multi-user.target

You have --allow-other which is what I was going to suggest.

You might also need --allow-root

If you sudo -i to root can you read the files in /home/craftyclown/Skull ?

What user is the samba server running as?

Thanks Nick,

I logged in as Root and although I could see the folder Skull, I was unable to access files within it.

It's starting to feel like --allow-root might be the answer! I'll give that a try now

The samba server is running as my home user, the same as rclone

Ah, no dice I'm afraid

I added --allow-root to my mount and did a full reboot to ensure everything was loaded properly, but I still can't access Skull as a samba share. It is completely invisible

Hmm, not sure what to suggest next. Maybe try mounting it outside your home directory? What are the permissions on /home/craftyclown ? That might need to be 755

Yep, it's a strange one isn't it. I can't for the life of me think what is preventing access.

Permissions on the home folder are 755 and permissions on the mount, now that I've added --allow-root are 777

I think you're right about moving the mount, at least to see if it makes a difference. I'll give it a go and report back

So I moved the rclone mount and chucked it in the /media/data directory as firstly that's a far more logical place to have it and secondly because that is the same location I have my backups folder, which I can share via Samba without issues....

It still doesn't work

The only obvious difference I can see is that the backup folder is owned by root and my mount is owned by my user. I'm reluctant to change my mount user and group to root as I feel like that could be opening a can of worms, but I can't think what else to do now.

Does anyone have an inspired suggestion they can throw my way?

hello,

i have a raspberry pi4
on the pi4, i did a rclone mount gcrypt: /home/pi/rclone/mounts/gcrypt --read-only --allow-other

i am not a linux expert but when you mentioned webmin, i have not heard of it.
i installed it and configured samba using this guide.
https://doxfer.webmin.com/Webmin/Samba_Windows_File_Sharing

first time i tried, on my win10, i was able to net share the samba share named gcrypt.

i use emby, not plex.
emby on pi4 was able to see the rclone mount

Thanks asdffdsa, I'm familiar with that webmin page and as mentioned I have successfully shared other folders on the same server. It is only my rclone mount that doesn't want to play ball..

I'm presuming this is a permissions related issue, but at this stage I'm not sure what else I can try

Soooo, still not fixed but here's what I know;

1. Samba works fine. I know this because I can set up other shares in different directories and they work fine. I can even set up a directory with the same name as the rclone mount in the same place it used to live (inside my home folder) and that now works, since it is no longer the mount.

2. I did wonder if the problem related to the fact it was being accessed by Plex (a long shot I know!) but I stopped the Plex Server and the problem remains.

3. It can't be group/owner related. I know this because I have other directories with the same group/owner that are successfully working.

I really haven't a clue what is wrong

It might be worth a look in the kernel log. There might be an apparmor profile preventing it or something like that.

i know this is real basic advice.
sometimes it is good to start over.

the first time i tried webmin and samba, it did not work.
wasted a few hours and no go.
so i started with a fresh samba config file, that webmin guide and in two minutes, it was all working.

I tried running sudo apparmor_status but I couldn't see anything relevant that might be affected.

Where are you suggesting I check?

Take a look at the output of dmesg and in /var/log/kernel.log just in case there is anything interesting in there.

I presume you haven't got any containers in the mix otherwise you would have mentioned them I'm sure.

Just a thought - did you edit /etc/fuse.conf to include user_allow_other ?