Jun 22, 2019

Setup Home Net Disk Using Raspberry Pi

Background

Recently I bought a projector at home. I would like to play some video files from the PC. Even though the projector has a HDMI port, it is still troublesome to manually plug the HDMI cable.

Since the projector is actually an Android device, I realized that this is actually a general problem: how to setup a file sharing system that all the devices with different OS (Linux, Windows, Android, iOS) at home can access. I can imagine that this will make file sharing between family members blazingly easy.

I would like the net disk to be managed by a Linux device. Raspberry Pi would do the trick pretty well, as long as it is connected to an external hard drive, otherwise the R/W speed of the internal SD card is relatively slow. Of course, a 7x24 PC will also work but you will have to pay the electricity bill. ;-)

This post will be structured into several parts:

  • Setup the file sharing server.

  • Setup the file sharing clients.

File Sharing Server

So the net disk device must be able to be accessed by various devices and my projector shall be able to directly play the videos from it. There are multiple choices:

  • Using Samba. Samba is a free software re-implementation of the SMB networking protocol. It is very friendly to Windows clients. I recommend this way.

  • Using File Transfer Protocol (FTP). FTP is a standard network protocol, but it is rather old and totally insecure. It is acceptable in a local network, but definitely bad for Internet use.

  • Using Very Secure FTP Daemon (VSFTP). VSFTP is a more secure FTP protocol. But for some unclear reason, I abandoned it.

  • Using Secure FTP (SFTP). Unlike FTP, the transmission is done in a encrypted way. It is a FTP wrapper upon SSH. If the transmission goes through the Internet, SFTP might be the most secure among the four.

Here I will introduce Samba and SFTP solutions.

Samba

Creating Users

First you need to install samba on the server (Raspberry Pi in my case). Since I am using Arch Linux, a simple pacman -S samba will do the trick.

Samba uses the Linux system users but it has its own password management facility. Let's create an system user first. Since this user is only to access shared data, we put some restriction on it. 

~ $ useradd -s /sbin/nologin --no-create-home --no-user-group samba

The CLI tool pdbedit might be used to manage the users. Suppose you already have a user named samba in the OS. In order to add it to Samba, simply run the following command: 

~ $ pdbedit -a samba

Then set the password for this account. Please remember that it is mandatory that both system user and Samba user needs to be created.

In my settings the user samba is for R/W operations on the shared disk. Besides, let's create another user called visitor who has read-only permission.

Configuring Samba Server

The configuration file of Samba server is located at /etc/samba/smb.conf. The following snippet is a working example with users we just created. 

[global]
# Set the work group.
workgroup = home
# server string is the equivalent of the NT Description field
server string = Samba Server for Home Sharing

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 192.168.1.0/24 127.0.0.1
hosts deny = 0.0.0.0/0

# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
max log size = 50

# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.
passdb backend = tdbsam

[shared]
comment = Home share
# The user must have write permission to this directory.
path = /data/shared/
browsable = yes
read only = no
valid users = samba

[public]
comment = Home share
path = /data/shared/public/
browsable = yes
valid users = visitor
read only = yes

Finalizing

On Arch Linux, you can start the Samba service using the following command: 

~ $ systemctl enable smb
~ $ systemctl start smb

The CLI tool smbclient can be used as below. Note that rpi refers to the hostname of my Raspberry Pi. 

# List the share points. 
# -W and -U specifies workgroup and user respectively.
~ $ smbclient -L //rpi/ -W home -U samba
# Connect to the share point.
~ $ smbclient //rpi/shared -W home -U samba

If you see the smb: \> prompt, then congrats! Your Samba server is working properly.

SFTP

Creating a User

Similar to Samba setup, create a user (let's name it share) as following: 

~ $ useradd -s /sbin/nologin --no-create-home --no-user-group share

Putting the User Into Jail

At the very beginning, there are some very basic rules about SSH configuration, such as disabling password login by default (especially for root) etc. I recommended you to look through materials about SSH security.

It is possible to make a chroot environment for the user so that directories out of the environment cannot be accessed.

Edit the file /etc/ssh/sshd_config and put the following lines into it. Also you need to comment out the existing line starting with Subsystem sftp. 

Subsystem sftp internal-sftp

# Group can also be a match condition here.
# Match Group share
Match User share
  PasswordAuthentication yes
  ChrootDirectory /data/root
  ForceCommand internal-sftp
  X11Forwarding no
  AllowTcpForwarding no

The owner of directory specified by ChrootDirectory must be root, which means that you need to create a new directory inside /data/root/ and set the owner of it to the corresponding user, i.e. share in our example.

After this step, the user share can only use SFTP (or SSHFS) with specific directory. Both SSH login and access outside the sandbox is prohibited.

File Sharing Client

Linux

Samba

As shown above, smbclient is the main CLI tool to work with Samba. If you use Emacs, use tramp with format /smb:xiaoneng%home@rpi:/shared to directly open the shared folder.

If you want to mount the shared directory automatically, you may add the following line into the /etc/fstab file. 

//rpi/shared /mnt/samba auto credentials=/etc/samba/pass.txt,vers=1.0	0 0

Here in order not to input the password, especially when the OS is booting ;-), you may write the credentials to /etc/samba/pass.txt as mentioned above, with the following format: 

username=samba
password=pass

Making the mode of this file 0400 under root account might be a good idea.

SFTP

You may use this method in 2 ways:

  • Directly using sftp command.

  • Using sshfs to mount the remote shared directory to a local position.

Windows

Samba

Windows supports Samba natively. Simply opening the file explorer and add a network location will do the trick.

SFTP

It is essential to install an external SFTP client for unlucky Windows users. Something like WinSCP or FileZilla will work perfectly.

Android

A single open-source software MiXplorer will rule them all!

Conclusion

It is relatively easy to setup Samba or SFTP to share files at home. Samba requires a little bit more work on the server side, but it is more friendly to all sorts of clients. The transmission of Samba is not encrypted, so it is very suitable for in-house file sharing.

When security is a critical concern, SFTP might meet your needs better.

So, choose whichever works and have a try!

comments powered by Disqus