Linux and NAS (magiea 5 and synology DSM6.1 report)

Linux and NAS (magiea 5 and synology DSM6.1 report)

Postby zack » Jun 25th, '17, 20:43

Ok, i own a synology DS215j (for Disk Station), got basic features, but never finished a good integration into mageia 5.

Here a testimony, with all the things I learnt during this journey, can also be considred as a short course about NAS, and also a step by step tutorial.

I still struggling on some points, but I hope to find some help on this thread. After, if we are happy, we could turn this into an "how to" on mageia wiki.

First, we need to make basics reminders to give a quick cathing-up on background concepts. So people in the know can skip this first post.

A NAS (Network attached Storage), is basically a computer, with a disk, offering storage service over a network. My mageia desktop, is also a computer, also with a disk, but needing extra storage service. So basically this is a client / server pattern, where magia desktop is the client and synology DiskSation is the server (everything is called a "station" in synology, but actually there are "server").

So DS215j is really a computer, with CPU (ARM based), RAM, with a SATA attachement for 2 disks, USB plugs, ethernet plug, etc. This computer need an Operating system, and guess what, it is a linux derivative, patched by synology developers. This OS is called DSM 6.1, for DiskStaionManager. This DSM propose various installable "paquet", that are actually applications, that propose client/server services : mail server, database server, web server, ftp server, album photo server, streaming multimedia (music and video) server, etc, on top of stored data. It does all this, on your LAN, but is also able to do it for your client, through internet. So it is more than a NAS, it could be seen as a "private cloud". But here, we will discuss (with some expections) only the "file server" service, and in a LAN context. So plain old NAS.

Ok, so a NAS is not a disk, it is a computer with a disk, as our desktop, plus a service to access it. Now I want to spend some time to explain how computers manage their disk. The disk is physically attached to the main board, by a bus with standard protocol to control it (SATA protocol in my case). This protocol allow to read or write block (via adressing mechanism) into the disk. And thats all. I mean the disk don't have any idea of what the blocks represent. There is no "file", "folder", "ownership" meaning in a disk, just "blocks of data", stored at a predefined adress. You can't aks a "file" to a disk.

The thing that put "meaningness" on those blocks is the Operating system that controls this mainboard and this disk attachement. The module that manage a represenation of structured data, that can be stored (via blocks) on a disk, is a "file system manager". Basically, a file system define a structuration of the disk, first partitioning area, then breaking down into logical pages (containing physical blocks or sectors of the disk), some pages having some special funtions, to access the structure. This structure is called a "disk partition", containing "file system format" : formatting a disk. A page can store "data" or "metada", that is information about stored data. A page also contains "pointers", to be linked to parent page or child pages. Thus a file, is a set of "pages" of data, linked in a particular order, each file has a metadata page storing information about the file (ownership, permission, date, size, etc). The filesystem also define the notion of "folder", a page containing "pointers" to belonging files, each files maitain also a pointer to its belonging "folder". The operating, export then syscall to control this new "entities" to programs : "create folder", "create file", "read page of a file", etc. Every Operating has at least one "file system manager" that allows to store its data and programs into a disk.

But generally, it supports several file systems. Linux for example has EXT-2-3-4, BTRFS, XFS and others, generally compatible with same POSIX file system manager syscall, implemented by a common layer in the kernel, called "VFS" for Virtual File System. Windows has also its file systems : FAT-16-32, NTFS. But, in the detailed implementation, and structuration, there are all differents. If you don't know what filesystem manager has used a disk, you can't undersatnd its content. Just to finish this presentation, linux understand windows file system, and so, in case you have a dual boot on your computer, you can access both linux or windows partitions of your local disks.

A running OS, manage the safely local disks, through its file system managers, and allows its users, to concurrently manage their files and folder, generally with a permissions controling their access.

In linux, OS export to user a unique and logical "file system" view, that can be composed of several physical partition. For this, we can "mount" a partion, containing folders and files, under a folder name into the "file system", this folder making the "glue" where the partion is expanded, is called the "mount point".

But what happens when you want to have into your file system, a partition that is not part to a disk attached to your computer and controler by the OS of your computer ? This is the purpose of "file service protocol", a client/server protocol that allows a client to include into its own local file systel view, an external partition managed by another machine over the network. So this is the 3 layer of this architcure : physical block echanges between kernel and disk, file and folder exchnage between program and local filesystem, and files and folder exchanges between 2 remote filesystem.

Windows as defined one file server protocol : SMB, now named CIFS. Linux, on the other hand uses NFS (Network file system).
Last edited by zack on Jul 1st, '17, 16:16, edited 1 time in total.
zack
 
Posts: 12
Joined: Apr 5th, '11, 22:19

Re: Linux and NAS (magiea 5 and synology DSM6.1 report)

Postby zack » Jul 1st, '17, 16:13

OK, after this induction let's begin with mageia DSM 6.1 integration.

Let's start by first integration : web client.

DSM 6.1 has a full "remote dektop" experience through web browser thanks to AJAX technology. This is the first integration, and it works completly fine with mageia, you just need to now your NAS URL. With that you have access to documentation application (DSM Help), administration application (Control Panel), and "File Station" (file system explorer, like "dolphin"). And then the applciation to manage paquets (package center).

https://eteknix-eteknixltd.netdna-ssl.c ... yption.jpg

When you have insatlled an applciation, often you have a "web application", that you can use from firefox or chromium or konqueror web browser you use on mageia. The main applications with such a web cleient are : "File Station", "Audio Station", "Photo Station", "Video Station", "Note Station".

https://www.eteknix.com/synology-diskst ... -review/6/

In that case, we you login to NAS webserver, you chose your account, enter your credential, and that's it, through a web, you have a remote desktop experience of this remote computer, the NAS. When you manage some files and folders, this is done with your login identity into the nas, thanks to web authentication.

Nothing more to add, this is a key feature of synology, with a browser, you can perform all the basic tasks.
zack
 
Posts: 12
Joined: Apr 5th, '11, 22:19

Re: Linux and NAS (magiea 5 and synology DSM6.1 report)

Postby zack » Jul 1st, '17, 17:19

So far so good :-), let 's try another step, native client integration with mageia.

The "applications", or "service" that we used through web protocol, can also be acessed to native "client" GUI. In that case, an client applciation is available through synology site. Synology is suposed to offer multi platform integration (windows, mac, linux, android), let's have a look :

https://www.synology.com/en-us/support/download/DS215j

Yes, we start to worry a little, linux client is supported only for :"Synology Assistant", "Cloud Station Backup", "Cloud station Drive", "Hyper Backup Explorer", "Synology Cloud Sync Decryption Tool". And in that case, we see that "official support" is for fedora and ubuntu linux. No mageia, it is a bad news. Between the 2, the closer distri is "fedora", at least we share the same package manager RPM (ubutun with .deb, you can forget it), so we have a chance to install synology client. Will they work,shouldn't, but not tried, we could have good surprise sometimes (as well as bad ones, so we nedd to make sensible things).

Another (painful) point to mention, fedora and ubuntu are gnome based, while mageia is kde based. I run mageia with kde, I didn't install gnome at the same time. So, probbaly, if i try to install an applciation for gnome, this will end-up with plenty of gnome dependencies, that will bloat my conf (and updates needs). I even don't know if it is alway functioning to launch a gnome application, when backroug envrionment is KDE, some basic one should, but for advanced one, I have doubts... I am not an expert, I let other explain this part.

First idea, go to mageia control center (MCC), perhaps synolgy paquet are ditributed by mageia ? let's try with "synology", "station"... They aren't. Will they ? I don't think so, I don't think synology open source their code (at least DSM "as a whole" isn't). But, if mageia accpet this "tainted"/closed source, I think it is achieavble to extract fedora package, and try to re-pack content to integrate with mageia.

Ok, back to the client list. I think the most usefull application for "native" integration are "Could Station" ones (backup and drive).My first test was to download the "backup" application, so for fedora.

I checked install :

Code: Select all
[root@localhost testSyno]# rpm -i --test synology-cloud-station-backup-4.2.4-4393.x86_64.rpm
attention : synology-cloud-station-backup-4.2.4-4393.x86_64.rpm: Entête V4 RSA/SHA1 Signature, clé ID 86a998db: NOKEY
erreur : Dépendances requises:
        nautilus >= 3.6.3 est nécessaire pour synology-cloud-station-backup-4.2.4-4393.x86_64


well, I have read somewhere, nautilus dep is for gnome file explorer "top notch integration" (like right click and find "synology action"), so perhaps it could work on mageia :
https://primalcortex.wordpress.com/2014 ... e-desktop/

Did I make the test ? Not so far, if someone has done, let tell us...

Note that "hyper backup" come into auto installer linux format (linux-tar-bz2). This one should install without trouble (but without mageia integration neither), extraction of standalone local binairies, or something like this.

Ok, this part is not fully tested, but we need to see more important stuff, before resuming this first attempt.
zack
 
Posts: 12
Joined: Apr 5th, '11, 22:19

Re: Linux and NAS (magiea 5 and synology DSM6.1 report)

Postby zack » Jul 1st, '17, 18:06

Let us continue with more "traditional" linux NAS integration (not with cloed source applciations).

What I should have explained first, is how to integrate synology with MCC wizards, xhich is the "historical" mageia way.

Launch Mageia Control Center / Network shares (en francais Paratge réseaux, you have guess I was not English -soory for my poor skills- so, can't tell the exact labels in english version).

We have 3 options to configure remote storage access :
1) windows samba (cifs)
2) unix NFS
3) webdav

Before to walktrough, I recall that we consider magiea as the client. So our purpose it to import NAS share locally, and not export our file system to outside.

I realized I never talk about webdav :
https://en.wikipedia.org/wiki/WebDAV

There is a quick tutorial on webdav usage at synology :
https://www.synology.com/en-uk/knowledg ... ith_WebDAV

Ok, so you need to insatll a kind of webserver on your NAS, that will export the local (NAS) filesystem through this web protocol. So, you need to autheticate to NAS, so same credential as when you use the general "web client".
Ok, to finish this webdav introduction, you can look at KDE integration :
http://docs.basex.org/wiki/WebDAV:_KDE

That all, for webdav for the moment, I want to spend more time on CIFS and NFS, that are more traditionnal approach of file system integration.

So let resume with MCC wizard, here the online doc of "diskdrake' (also in mageia do of course) :
https://doc.mageia.org/mcc/4/en/content ... aring.html

My first idea was to use CIFS client, I will discuss this point later. So how diskdrake manage my CIFS integration ? Not well. At first attempt the discovery didn't find any server. In the MCC, in the "network and internet", host definitions can help.

know, the server is listed, but no share point is presented. Not normal.I launched samba-client to see if my CIFS conf was visible.

Code: Select all
[jacques@localhost testSyno]$ smbclient -L XXX
Enter jacques's password:
Domain=[JACKYNAS_WG] OS=[Windows 6.1] Server=[Samba 4.4.13]

        Sharename       Type      Comment
        ---------       ----      -------
        homes           Disk      user home
        music           Disk      System default shared folder
        photo           Disk      System default shared folder
        testFolder      Disk      jsut for testing purpose
        IPC$            IPC       IPC Service ()
        video           Disk      System default shared folder
        home            Disk      Home directory of jacques
Domain=[JACKYNAS_WG] OS=[Windows 6.1] Server=[Samba 4.4.13]

        Server               Comment
        ---------            -------
        XXX             

        Workgroup            Master
        ---------            -------
        XXX_WG         
[jacques@localhost testSyno]$


So, a samba client sees my NAS (XXX), diskdrake seems to have a bug, I did'nt declare it in mageia's bugzillza (but I should). One possible explanation is that I have 2 windows workroup in my LAN. One, with default name WORKGROUP, is managed by my internet access box, but I declared my NAS as another workgroup, so perhaps it confuse the windows discovery.

Then I made another test with synology settings, in DSM / control Panel / Files services : SMB.

SMB must be enabled of course, but in Advanced Settings, check "Enable Local Master Browser", then Apply .
NB : doing this, enable Guest account, on DSM, I am not sure this is a good idea, so, I will revert after the configuration.

Tada ! diskdrake can now see the NAS shares !

Well, to be sure, I revert the "Local Master Browser", apply, and then, it still worked. Very strange, the only other I have done, is that start my wife windows laptop (by chance). This is perhaps this machine that provide some netbios support in my network (I know it has impact, because my samba client now also see the WORGROUP of my box, that was not the case before. Another explanation, is that discovery takes sometimes. I don't know... It is strange.

If I shutdown the windows laptop, it is still working.

Well, know I can foolow the procedure to setup a samba share, I mount all my shares, letting mageia proposing mount point, I also let him save fstab. I will explain that.

Some part are a bit tricky. If you let user = %, the system will ask at boot, or you will be notified by a system message, at the console, you can read that :

Code: Select all
[jacques@localhost ~]$
Broadcast message from root@localhost (Sat 2017-07-01 23:50:23 CEST):

Password entry required for 'Password for %@//YYNAS/homes:' (PID 5554).
Please enter password with the systemd-tty-ask-password-agent tool!


I don't know how to manage this agent for the paswword. what I propose is to enter your NAS password in USERNAME, and then open advance option, enable "user" option (it will select several option). Then, in other, enter PASSWORD=YOUR_NAS_PASSWORD.

Then click on "mount", it should work (but it doesn't for me). To finish, let diskdrake save your settings in fstab. It will create a line like this :
Code: Select all
//YOURNAS/homes /mnt/homes cifs user,credentials=/etc/samba/auth.YOURNAS.YOURUSERNAME 0 0


So why it doesn't work, as a user type thsi :
Code: Select all
[jacques@localhost ~]$ mount /mnt/homes
error 13 (Permission denied) opening credential file /etc/samba/auth.YOURNAS.YOURUSERNAME
[jacques@localhost ~]$
It is normal, this file is owned by root with r+w permission.

Alternately, in dolphin (KDE file explorer), you now see your NAS mount point in the left panel, ilf you click ont it you also have an errot message :
Code: Select all
Une erreur est survenue en accédant à « homes on jackynas ». Le système a répondu :error 13 (Permission denied) opening credential file /etc/samba/auth.jackynas.jacques


Before I continue, i want also to show you where you can have error inforation. You can look at /var/log files. Especially, CIFS client and filestem modules are running inside the kernel, so you can look (as root)

Code: Select all
[root@localhost log]# tail -15 kernel/errors.log
Jul  2 00:13:15 localhost kernel: [ 4096.174028] CIFS VFS: cifs_mount failed w/return code = -13
Jul  2 00:13:52 localhost kernel: [ 4133.571145] CIFS VFS: cifs_mount failed w/return code = -13
Jul  2 07:22:47 localhost kernel: [    3.367516] nouveau 0000:03:00.0: unknown chipset (118010a2)


OK, I want to stop here, for several reasons :
- I have made a change in my conf (i will explain), so perhaps you don't have exactly the same issue as me,
- I want to explain fsatb, and mount things, this is imprtant to understand
- Resolving this bug, risk to be lon in this tutorial, and perhaps it will discourage readers, although there is another integration pattern that appear to be simplier.

I promise I will come back on this "diskdrake" session, but believe me, after this first "blocking" situation on "CIFS", you will also find a "blocking" situation in NFS, and Webdav (that i never tried), seems to be a kind a "workaround", for me. So, it really the time to stop this part.

But before I switch, and to be equal among the 3 methods : CIFS, NFS, WEBDAV, I want to introduce NFS.

NFS is the more "straightforward" filesystem integration for linux, as this is the "Network File System" created for UNIX world. It is not the case in an "interorable" environment, but we will discuss this later. I just want to show you some piece on NFS integration with "diskdrake". I want to warn you that finally I decided to turn off NFS, at least to main shares. I will explain later, so the idea here is just to give a quick feedback with MCC wizard, it is not my final recommandation.

I want first to tell you I am surprise that now wizard work well (it is the first time, so i made something special with my recent actions), so it is very important that your NAS can be visible as a server to scan. For example, i added an alias in hte host "definition", this is perhaps it works ? Alternatvely, changing SMB setting on NAS forced a network service, so perhaps restart or reboot or NAS can help to configure correctly the NAS...

If you try to google synology and linux, you will find this NFS tutorial :

https://www.synology.com/en-uk/knowledg ... etwork_NFS

So, go to control panel, activate one share, put a network filtering scheme (I used hostname mechanism for this, your NAS need to resolve this hostname, so your mageia laptop must be "named" and binded to IP, see you internet box for DHCP/DNS settings).

Ok, resume the wizard. it is straightforward. Seems to work.

For example, you can go to a console and list your mounts points :
Code: Select all
 [jacques@localhost mnt]$ cd /mnt
[jacques@localhost mnt]$ ls
homes/  music/  photo/  testFolder/  testfolder2/  testhomejacques/  testhomemarie/  video/

For this section, i made a test with "testfolder2" and this mount point folder appears "like a normal folder", as it is higlighted with a green background color, the inactive shares appreas just "blue" on black background.

Now, this mount point appears in "Dolphin", as well as other "CIFS mount points". But if I want to access, I have an error.

Note by the way that you can not use same "mount point" twice. This is why I create a "testfolder2" mount point, the prior version is used by "CIFS" moutn point. Huh, you think, is is a smat idea to access the same share with 2 different protocols ? well, good point. I had the same worry, checked on google, and it seems that DSM6.1 manage safely concurrent service of one share with both CIFS and NFS, it poses questions, but at least it is safe. We will discuss this later.

Ok, back to our error, I have made a msitake when I quick and dirty created the testfolder2 directory, look at the permissisn :
Code: Select all
[jacques@localhost mnt]$ ls -al
total 44
drwxr-xr-x 10 root   root   4096 juil.  2 10:33 ./
drwxr-xr-x 20 root   root   4096 août  22  2015 ../
drwxr-xr-x  2 root   root   4096 juin  10 11:13 homes/
drwxr-xr-x  2 root   root   4096 juin  10 11:13 music/
drwxr-xr-x  2 root   root   4096 juin  10 11:13 photo/
drwxr-xr-x  2 root   root   4096 juil.  1 22:57 testFolder/
d---------  4 nobody nobody 4096 juin  18 20:28 testfolder2/
drwxr-xr-x  2 root   root   4096 juin  10 22:39 testhomejacques/                                                                                           
drwxr-xr-x  2 root   root   4096 juin  10 23:58 testhomemarie/                                                                                             
drwxr-xr-x  2 root   root   4096 juin  10 11:13 video/     


as root, gives more privilege to this mount point (you have to unmount before, look at the special button in diskdrake) :

Code: Select all
[root@localhost log]# chmod 755 /mnt/testfolder2/
[root@localhost log]# ls -al /mnt/
total 40
drwxr-xr-x 10 root root 4096 juil.  2 10:33 ./
drwxr-xr-x 20 root root 4096 août  22  2015 ../
drwxr-xr-x  2 root root 4096 juin  10 11:13 homes/
drwxr-xr-x  2 root root 4096 juin  10 11:13 music/
drwxr-xr-x  2 root root 4096 juin  10 11:13 photo/
drwxr-xr-x  2 root root 4096 juil.  1 22:57 testFolder/
drwxr-xr-x  2 root root 4096 juil.  2 10:33 testfolder2/
drwxr-xr-x  2 root root 4096 juin  10 22:39 testhomejacques/
drwxr-xr-x  2 root root 4096 juin  10 23:58 testhomemarie/
drwxr-xr-x  2 root root 4096 juin  10 11:13 video/


Ok, this is clean now, re-mount the share.

So ok, now you can see your share with Dolphin, if this is a test share like me, with empty content, and you did the same action to mount it, then I will demo a quick thing with privilege.

Try to create a text file with dolphin in your testfolder2 mount point ? You can't, when you ricght click to create a new text file, the action is invalid. This is because you created a mount point as "root" (MCC has root uid), and your KDE session is (normally) a regular user (jacques in my case).

If I try to this the same with the console :
Code: Select all
[jacques@localhost mnt]$ touch /mnt/testfolder2/testfile
touch: impossible de faire un touch « /mnt/testfolder2/testfile »: Permission non accordée                                                                 
[jacques@localhost mnt]$ 


So in english, I have not suffiant privilege. But look more carefuly what you have in term of priviege, in your local file system :
Code: Select all
[jacques@localhost mnt]$ ls -al /mnt/testfolder2/
total 16                                                                                                                                                   
drwxr-xr-x  5 nobody nobody 4096 juil.  2 10:58 ./                                                                                                         
drwxr-xr-x 10 root   root   4096 juil.  2 10:33 ../                                                                                                       
d---------  2 nobody nobody 4096 juin  18 20:28 #recycle/                                                                                                 
drwxrwxrwx  2 nobody nobody 4096 juil.  2 10:58 test/


It is interesting to see that the mount point is owned by "root", but other file are owned by "nobody".

If I create a file :
Code: Select all
[root@localhost ~]# touch /mnt/testfolder2/roottesfile2.txt
[root@localhost ~]# ls -al /mnt/testfolder2/
total 16
drwxr-xr-x  5 nobody nobody 4096 juil.  2 11:15 ./
drwxr-xr-x 10 root   root   4096 juil.  2 10:33 ../
d---------  2 nobody nobody 4096 juin  18 20:28 #recycle/
-rw-r--r--  1 nobody nobody    0 juil.  2 11:15 roottesfile2.txt
-rw-r--r--  1 nobody nobody    0 juil.  2 11:13 roottesfile.txt
drwxrwxrwx  2 nobody nobody 4096 juil.  2 10:58 test/
[root@localhost ~]#


I see it as "nobody". Now, login as admin into your NAS (to see all files) by the wen, and use the "FileStation" to see this share :
rootfiles are owned by "root", as well as "#recycle". But "test" folder is owned by NAS admin user (that is not called root, nor nobody). test folder has been created inside the share, from the remote filesystem (using "File Station", at this time I was connected as admin, so it is logical. But, you should note, that even is permission are consistant, ownerships differ.

Just mark this in your memory, we will explain that later...

I promise I will come back on this "diskdrake" session, but believe me, after this first "blocking" situation on "CIFS", you will also find a "blocking" situation in NFS, and Webdav (that i never tried), seems to be a kind a "workaround", for me. So, it really the time to stopt this part about wizard, and continue our tutorial.
Last edited by zack on Jul 2nd, '17, 11:29, edited 3 times in total.
zack
 
Posts: 12
Joined: Apr 5th, '11, 22:19

Re: Linux and NAS (magiea 5 and synology DSM6.1 report)

Postby doktor5000 » Jul 2nd, '17, 03:03

You should probably separate the questions from the rest ...
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 17630
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: Linux and NAS (magiea 5 and synology DSM6.1 report)

Postby zack » Jul 2nd, '17, 10:08

doktor5000 wrote:You should probably separate the questions from the rest ...

Hi, can you explain your point ? To allow others to answer without reading all, or because it is not good to let question in this testimony/tutorial ?
By the way, as you know well this forum, do you think this thread is useful ? is i redondant or misplaced ?
zack
 
Posts: 12
Joined: Apr 5th, '11, 22:19

Re: Linux and NAS (magiea 5 and synology DSM6.1 report)

Postby zack » Jul 2nd, '17, 11:41

I want now to explain you, how we can integrate "remote share" directly with KDE and Dolphin, without using "diskdrake", and permanent system level "mount point".

UNIX practise is more to "mount" permanently external share transparently into local file system, so you even don't notice what part is implmented locally, and what other parts are remote. I say that, but often we use "/mnt" (mounted) anchor, we we want that users know that this part is remote.

But, this is not the practise for window "graphical" and "wizard" culture. In windows, you add "network folder" into your file explorer, give your credential in remote file system, and then, if you choose this is a permanent inclusion, you check the question in the wizard "make it persistent at reboot". And that's it.

KDE has this notion of "network folder", you can integrate yoour NAS with this (those) feature(s).

There is a KDE system configuration that you can do to ease "CIFS" mounting. Open the system configuration, and in "network and connectivity", then "shares", you setup a default identity mapping to a remote CIFS filesystem. This allows you to safely store your password in KDE wallet, this identity will be implicity used when you try to perform some CIFS connection. This setting is KDE session bounded, that is if you use several account on your mageia client, then every user in its session wil have its own default CIFS identity, that's good.(you have a "windows share" help entry point in KDE documentation), but you will not have more details...

Then the rest of integration stuff is done at Dolphin GUI level, on the left panel, you have on top "places", on of those is "network". It is all happening from here.

The first thing you will try to do is to expanse the "Samba shares", to open one of your share point (with you default identity configured before). Wel, for me it doesn't work.

Is is an issue I do not understand. What I can see, is that the only workgroup visible/explored by Dolphin is the default one "Workrgroup". But in my case, this workgroup does not provide anyshare. Synology allows to create a worgroup exported by its samba server, to disambiguate, I called it another name (MYNAS_WG), and it is not visible when I want to browse my NAS shares.

Still this discovery services, I saw that in "KDE system configuration" / Network and connectivity / network settings / service discovery. Tried to add the other workkroup, NAS_WG, or just giving smb://MY_NAS. Didin't work... Still a mystery how work windows samba discovery into KDE.

I put some URL for record, but didn't dig them :
https://wiki.archlinux.org/index.php/samba
https://fitzcarraldoblog.wordpress.com/ ... e-network/

But, you can manually enter a samba share when you know the server name. So in dolphin/places/network, you have a special folder calld "add a network folder". It has for info to connect (choose window share in the list):
Name : YOUR_LOCAL_FOLDER_NAME
Server: YOUR_NAS_PASSWORD
Folder: /video (for example a default share in Synology)

Check the box "create folder shortcut". Now if you enter to you "Netwok" place, you see all your share points.

So you can mount all your share points like this, by default KDE will lookup for the defaut SAMBA identity if it works, or otherwise ask for a valid credential.

There are persistent, you find them again after your reboot, work just like the "windows way".

From a technical standpoint, I think this is not mounted exaxtly like the "diskdrake" do. I don't know how it works, but you can veirfy here :
https://forum.kde.org/viewtopic.php?f=27&t=27299

Actually, I think this integration doesn't mount anaything, but dynamically, perfom samba request to list and to get file. Then every thing is cached locally ( in /var/tmp according to the URL).

Is it bad ? For me yes. For example, some multimedia applciation like "Amarok", "clementine", "VLC", will not accept "network places" as regular folder for multimedia files. So NAS/music is completly useless. In my case, it means having a local copy of my music. Not good at all.

Other concern for me, is working in CLI mode (console), with KDE "network share", I don't know where to access, there is no acessible mount point (for example, if you want to script data import and export, I want to do that for CD ripping for example). It will not work.

The last thing that I found really flipping horrible, is that. Remmeber the "testfolder2" mouting file demo earlier, we had this permission :
Code: Select all
[root@localhost ~]# ls -al /mnt/testfolder2/
total 16
drwxr-xr-x  5 nobody nobody 4096 juil.  2 11:15 ./
drwxr-xr-x 10 root   root   4096 juil.  2 10:33 ../
d---------  2 nobody nobody 4096 juin  18 20:28 #recycle/
-rw-r--r--  1 nobody nobody    0 juil.  2 11:15 roottesfile2.txt
-rw-r--r--  1 nobody nobody    0 juil.  2 11:13 roottesfile.txt
drwxrwxrwx  2 nobody nobody 4096 juil.  2 10:58 test/
[root@localhost ~]#


So my KDE user (jacques) has no write permission. So mount this folder witk KDE "network folder", activate permission in GUI, and then tada : jacques is owner and has right access to root files. Ok, you think it is only a "local display", but when you will try to change it remotely, it will prevent you. Let's try ! Open rootfile.txt, change the content and save. Hopefully it is not possible (we have not the write acces).

Now, go connect to your NAS as admin by the web, control Panel/shared folder, and then give jacques a read/write permission to the share. This user can now open the file belonging to this share in KDE, alter a root file inside the shared folder, and save it.

If you use "File Station", this modified file is now owned by jacques, and root has nor more permission to it...

We will study this later. I can't tell if this is specific to KDE way of mounting, or a more general thing.

That's all for KDE integration, and so the overall quick guided tour of all integration method for synology NAS inside mageia 5 KDE desktop...
Last edited by zack on Jul 2nd, '17, 18:22, edited 1 time in total.
zack
 
Posts: 12
Joined: Apr 5th, '11, 22:19

Re: Linux and NAS (magiea 5 and synology DSM6.1 report)

Postby doktor5000 » Jul 2nd, '17, 15:12

zack wrote:
doktor5000 wrote:You should probably separate the questions from the rest ...

Hi, can you explain your point ? To allow others to answer without reading all, or because it is not good to let question in this testimony/tutorial ?

It's just not good practice to mix a tutorial together with actual support-type questions in one post - at least put your own questions in separate posts.
And if it should be a tutorial it should at least be factually correct and consistent, and not put up more questions that it answers. Maybe first you should try to get answers for your own questions?

zack wrote:By the way, as you know well this forum, do you think this thread is useful ? is i redondant or misplaced ?

Well, I don't actually see the point and there are quite a few things that are lacking IMHO. It seems you want to explain the integration with Mageia,
but just put up questions of yourself on how to install the client software or hyper backup and mention that you weren't able to install them or didn't test them.
And you setup CIFS share and there are some issues mounting them an such, and then you go over to setup the integration via NFS and webdav.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 17630
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: Linux and NAS (magiea 5 and synology DSM6.1 report)

Postby zack » Jul 2nd, '17, 16:08

doktor5000 wrote:
zack wrote:
doktor5000 wrote:You should probably separate the questions from the rest ...

Hi, can you explain your point ? To allow others to answer without reading all, or because it is not good to let question in this testimony/tutorial ?

It's just not good practice to mix a tutorial together with actual support-type questions in one post - at least put your own questions in separate posts.
And if it should be a tutorial it should at least be factually correct and consistent, and not put up more questions that it answers. Maybe first you should try to get answers for your own questions?

I fully agree. But I am not able currently to segregate the 2, I consider this thread as a kind of interactive draft before I publish a consistant tutorial. But I am practising at the same time as I am authoring, and sometimes, I find issues (bug or things that I don't fully understand). I will try to exhibit all the unclear points in a separate post (or thread), when I will have finished a whole complete draft of this tutorial, that I want to cover all possible way to integrate, before focusing on what is for me the best approach. During this process, I want to write down the maximum of things to keep the same "journey" of a newcomer (so a kind of fresh first experience), and also to not forgot little tweaks I have done, that will not be consistant with "newcomer" results. So literraly this is a working draft, I publish it to have external feedback and answers, and perhaps it will be useful at someone, even in this draft form (and also If I give up on this ambitious journey, there will be a minimum trace of it).

doktor5000 wrote:
zack wrote:By the way, as you know well this forum, do you think this thread is useful ? is i redondant or misplaced ?

Well, I don't actually see the point and there are quite a few things that are lacking IMHO. It seems you want to explain the integration with Mageia,
but just put up questions of yourself on how to install the client software or hyper backup and mention that you weren't able to install them or didn't test them.
And you setup CIFS share and there are some issues mounting them an such, and then you go over to setup the integration via NFS and webdav.


Yes it is weird, but I want to give a big picture before, to concentrate on what matters (for me), and fix it until it is clear. I expect to answer to the main "infinished" things later on.

One thing I think I known I will not be able to, if someone can help me, is to install DSM 6.1 "Cloud Station Backup", because I think I will need it, but I am not coomfortable with RPM tricks and depencies risks...

Thank for you feedback, aprreciated, I will try to take into account as much as I can...
zack
 
Posts: 12
Joined: Apr 5th, '11, 22:19

Re: Linux and NAS (magiea 5 and synology DSM6.1 report)

Postby zack » Jul 9th, '17, 18:39

Before finalzing this integration advice, I think it is useful to spend some time on identities and permissions.

So we know that both client and server are linux computers, with their own identities and filesystem (with different permission philosophy).

By default, in mageia, yo have a root user (id/gid 0:0), then you create regular users, that will start at 1000:1000. Each identity is protected by a credential. In case of mageia, a local secret store in /etc/passwd.

In synology, in Control Panel / Uer (and Group) you can see the identities managed by synology.By default when you install the NAS, you create an admin user, but there is also a default "root acount", you have also special identities like "guest", or "multimedia". Thes later ones, are identities needed for certain application services, for example DLNA services is owned by multmedia user, and so have limited permission over the NAS. But, we don't need to enter into details. What you must know, is that synology allow you to add identities, but it is only managed as "logical identity", by their username/loginname. What I mean exactly, is that you can't decide the corresponding uid/gid in user management applciation (but in reality DSM low level uses uid and gid).

Even if you want to create a same "logical" identity client side and server side, "physically", they will mismatch. For example, identity are protected by a credential, and credential is

Let's imagine, you want to align "mageia" identity to the one of the DSM (change uid/gid), then update accordingly the ownerships of all your files. Then, this is only one idntity, on one computer. Probably your are in a more complex situation !

In my case (a family home), I have 4 "family identities". Several devices that can access my NAS :
- 2 TV
- 1 connected HI-FI system
- 4 PC (2 multi user in dual boot mageia and windows, 1 muti user on windows, one netbook mono user on windows)
- 4 smartphones
- 1 android tablet

So managing a unified technical identity mgt for all users on all devices is a challenge. But propbaly, what you really want to have when you buy a NAS, is a sort of "shared" storage interoperable with all your devices, and respecting the "logical" identities.

To be more precise, this is how I see it. Synolgy exports its file system with 4 shares by default : video, music, audio, homes. Multimedia shares are supposed to be "public" (or shared between identities) shares, while the "homes" are supposed to be private to "personal" identities. You can defines more, but this is default approach (and a sensible one).

I consider that the "private" home on synolgy, must be accessible for any "personnal logical" identity, whatever the connection devices it uses (but only for this identity).

I consider multimedia shares to be acessible by every personnal entity, any could read/wirte files it drop in those public places, but should only be able to read the ones created by other identities.

To achieve that, 2 options. Either use a unified Identity mgt (a identity server if you prefer), or create "mappings" to "associate" different technical local entity, to one "logical" central identity.

When you install your DSM, you have the choice. For example, you can set-up your NAS as a client of an identity server :

https://www.synology.com/en-global/know ... rvice_desc
https://www.synology.com/en-global/know ... ory_domain

This server can be a windows domain (or worgroup), or a more a "ldap server". Thus, when you connect to your NAS, your identity will be granted by ldap, and you will have an identity provided externally.

The problem, with joining an identity server when you insatll your NAS, is that your central identity mgt must be in place before ! The second problem, is that some device don't allow delegation of identity server, like an android device. Last point I don't masterise, is the behavior of your device when it can't reach is identity manager (not running, or your not in your LAN)...

So the most likely, is that you will be forced to use the seond solution, that is, use a new local identity management for your NAS, and then, you need to map correctly each account of each device to a DSM account....

This is what we will explore in next post...

But before, i forgot to introduce permissions.

Linux uses the traditional unix permission system, specified in POSIX :
https://en.wikipedia.org/wiki/File_syst ... ermissions

Basically, there are users and groups. user can be member of groups. Others is a special group, all users are member of this group.

Every file and folder belongs to a user ownership and a group ownership, then a permission pattern in granted to the ownership model (user:group:others). Privilege that can be given are execution/list/wlaktrhough (x), read (r) or write (w).

There is also an optional permission extension model, via ACL (Access Control List), but I don't want to enter into details.

So for UNIX, this is quite consistant and simple.

For windows, this is a different story. In FAT, there is no ownership, neither permission system that is quite a simplifed approach ! In NTFS, there is one, but it is so complex, that it can be a challenge to understand what permission will be given to a file.

NTFS is based on user and groups, so no mystery here, but introduce far more privilege kinds, some are defined by compostion of different ones. The second innovation, is the idea that you can grant or deny a right to someone (so positive and negative privilege), and the most confusing features an inheritance system, that can be activated (or not), from a parent folder to all of its belongings...

At the end, it is very simple to be completly lost !

Ok, now imagine a client / server approach of this. You want to merge an external filsystem (let say a remote NTFS on your NAS into a local linux POSIX file system). Remember that identity may differ. Ok you see the mess now.

But, you did'nt get it completly, because a file server protocol can alter this view of permission, look at how CIFS (samba) add a special acces control when exporting its internal file system to external :

https://blog.varonis.com/the-difference ... rmissions/
http://www6.nasuni.com/rs/445-ZDB-645/i ... ctices.pdf

So, at a CIFS share level, you can define permission (simplied model), that will restrict permission (filter) underlying permission model (kind AND mask operation analogy). Ok, that's enough for that...
zack
 
Posts: 12
Joined: Apr 5th, '11, 22:19


Return to Networking

Who is online

Users browsing this forum: No registered users and 1 guest