Greyhole - Local writing + Best practices + Owncloud

[olson]

Hello,

We had a discussion going on (viewtopic.php?f=43&t=4431) where we were talking about the best way to write to a local greyhole share.

As per the guidance here and here, it seems to me like you should never write directly to /var/hda/file/* directory. Here are the two quotes I'm talking about:

You should never change or delete files in the shared directories (/var/hda/files/* by default) directly on the HDA, using the terminal, or the Gnome file browser, for the shares for which you checked the Uses pool option in the Amahi dashboard.

From: http://wiki.amahi.org/index.php/Greyhole

Greyhole data should only be accessed through shares, so mounting those shares locally is an easy way to work with Greyhole data safely.

From: https://github.com/gboudreau/Greyhole/w ... resLocally

It sounds like you should always mount the shares locally, and always write to the samba mount located at /mnt/samba/*. Question: So software (like owncloud, drupal, etc...) that will be making changes to files should be pointed to use the samba location (/mnt/samba/*) not the actual share (landing zone) location... correct?

So if the bolded question above is correct... Question 2: How do we use the mounted share with something like owncloud that needs www-data user permissions to write correctly?

Example: My hard drive is mounted at /mnt/mydrive. The owncloud share/landingzone is located at /mnt/mydrive/files/owncloud. My samba share is mounted at /mnt/samba/owncloud.

If my owncloud config points to /mnt/mydrive/files/owncloud/data, everything works fine because the user permissions on the files in /mnt/mydrive/files/owncloud/data are set to "www-data:users"

If my owncloud config points to //mnt/samba/owncloud/data, owncloud complains that it doesn't have the right permissions for that directory because those folders are "myuser:users".

[olson]

I posted this on Github as well since the developer monitors that more often. He responded in less than 10 minutes, awesome!

Here is the info: https://github.com/gboudreau/Greyhole/issues/79

[bigfoot65]

Awesome we now have clarification. It seems I was wrong, but not surprised. I am not right very often I will update the Greyhole wiki page accordingly.

The guy updating ownCloud will need to do the same to his wiki. For default app install, it will have to remain pointed at the /var/hda/files/owncloud/data as not all users will use Greyhole. That is easily changed though via the ownCloud web UI for others.

[olson]

I've been thinking about this and I'm not sure I like this solution... this basically gives apache access to all shares. Maybe I'm just being paranoid, but I would rather not give something that is exposed to the internet access to basically all my files.

An alternative solution would be to allow the mount shares locally script override the uid using samba's "force user" or maybe our own variable.. something like "ghforceuser". Then we could set it in the share extraparameters (http://wiki.amahi.org/index.php/Share_Extra_Parameters).

Something like "ghforceuser = www-data". Then when the script mounts the shares, it uses the www-data user instead of regular user.

What do you think of that?

[ribbles]

I've been thinking about this and I'm not sure I like this solution... this basically gives apache access to all shares. Maybe I'm just being paranoid, but I would rather not give something that is exposed to the internet access to basically all my files.

Then disconnect your machine from the internet. Nothing is completely secure. If someone does gets in (thru a hole in webapp), being apache user is not going to stop them from getting to your shares because they do not have local samba mount permission. If they get that type of access they will have ability to directly access database and filesystem to do what they need to do. Only access your server thru VPN solve 99% of this problem. Personally i would never expose my server to internet directly.

Your solution would work only for shares that allow guest access (unless you add samba option admin user for apache), and would require changes to the mount_shares_locally script to read the extra options and change the mount uid accordingly for the appropriate shares.

Adding the apache user to groups is by far the simplest solution.

[bukco13]

Hopefully someone's still monitoring this subject as I'm trying to add storage to my hda with a second hard drive and I'd like to do this using greyhole and add it to a storage pool. However I'd also like to use owncloud to manage users and file sharing. What exactly do I need to change in the owncloud and Greyhole settings so that owncloud will take advantage of the extra space in the pool?

[bigfoot65]

Best to follow the wiki guidance. There is documentation for both adding the hard drive and configuring ownCloud.

[bukco13]

Which Wiki would that be exactly. I had a look through a bunch of the wikis for both Greyhole and owncloud and for the most part neither seem to mention setup for the other. The only mention would be on this one: http://wiki.amahi.org/index.php/Media_S ... m_ownCloud All it really seems to say is that this form of file sharing shouldn't cause any problems with Greyhole, but it seems from this forum that you do actually have to change some settings as by default owncloud is not set up for Greyhole.

Other than that, the Greyhole wiki didn't seem to have anything nor did other owncloud ones.

[bigfoot65]

The ownCloud article in the Amahi wiki. You might consider contacting the contributor of that guidance for further assistance.

He may see your post here too.

[bukco13]

Any idea how to contact that person? Because again it doesn't look like any mention of Greyhole is made in the Amahi owncloud wiki.