Setting up Samba on ZFS

dimitarvp · 24 January 2021 14:01

Background

Hello community,
A programmer with interest in sysadmin work here, never got quite good at it so need some help if you are willing to provide it.

Lately created a Manjaro home server and successfully set up a ZFS pool with it. Wrestled with NFS a bit, finally managed to make that work that too (read-only but that works for me). Samba works as well but I can’t seem to configure it exactly as I like when it’s paired with ZFS (explanation of my needs below). It occurred to me that I should probably share a directory outside the ZFS pool and play with the config there until I have the results I want but I’d also like to ask a few questions, in case anybody wants to share experience.

Questions

Must I manually add Samba shares after I did sudo zfs set sharesmb=on <your_pool_or_dataset>? It seems ZFS is taking care of it but I still have permission problems (guest access doesn’t work).
I could never get the hang of what should I restart and when after I change Samba configuration (/etc/samba/smb.conf) in ZFS conditions. The ArchWiki seems to imply doing sudo systemctl restart smb should be enough – is that true? Or maybe I should also turn off Samba sharing through ZFS first? Or must I do it after I restart the Samba service? A workflow step by step here would be extremely helpful!
I followed the excellent guides on ArchWiki but I am only able to log in with my Manjaro server user and password even if I followed 20+ guides for enabling guest access. The conflicting information out there really does not help matters either. Is there a canonical up-to-date source? Even ArchWiki’s steps didn’t work for me out of the box and I am pulling my hair out.

What I want to have

I want to have both fully working Samba guest read-only access and an authenticated read-write access. I will have both mounted separately on my client machines.
I want to make a new user, say editor, that can only be used for read-write Samba access. I don’t want to use my normal OS user for it like I currently am doing. Any additional security advice is welcome (like disabling shell access et. al.) – I believe the official ArchWiki works well here but, any additional info is appreciated.
I am okay with keeping nobody as the guest user but is there a way to have the Samba access work without specifying “Guest” as the user name? So far macOS and VLC for iOS don’t seem to think so and I am aiming to have them, plus Win10 clients, plus Kodi / Plex having having access.

I tried a ton of things and have been thorough but I feel that I applied conflicting information – configuring Samba doesn’t have consensus out there on the net – and screwed up my setup and got a bit discouraged.

Any sources you feel are official for Manjaro and contain a step-by-step will be very appreciated!

Thank you for your time.

Greggex · 24 January 2021 14:22

I can’t help you with the ZFS stuff. (my server runs on Ubuntu/btrfs). I have my public directories set up as follows:
[public]
comment = Public Directories
path = /mnt/nas/public
public = yes
browseable = yes
writable = no
write list = myuserid

They work with Windows, VLC on Android and Kodi.
I’m using Samba authentication.

dimitarvp · 24 January 2021 14:35

Appreciate the baseline working config, thank you.