Sharing Files and Printers | Hacking Knoppix (ExtremeTech)

To paraphrase the great poet and priest John Donne, no computer is an island, entire of itself. In other words, you can't store every single file you need on your hard drive, and you can't directly connect every printer you need to use to your PC. Instead, you need to access files and printers on other machines, and you might want to make files and printers on your machine available to others. In the Linux world, there are two main protocols used for just such sharing: Samba, the open-source implementation of Microsoft's SMB/CIFS (Server Message Block/Common Internet File System) protocol, and NFS, the open standard Network File System first developed by Sun. Both work well, and support for both is built into Knoppix.

Starting and Configuring Samba

The roots of SMB (Microsoft renamed SMB to CIFS a few years ago, but the name of the Linux implementation is SaMBa — get it?) go back a long way. For the purpose of this discussion, the Samba project began life when a brilliant Australian programmer named Andrew Tridgell reverse-engineered the SMB protocol, implemented it for UNIX, and published his code in 1992. Since then, the Samba project has grown into one of the great open-source success stories.

Note

For more information about Samba, visit the Samba project home page at http://www.samba.org, or read about it at Wikipedia, at http://en.wikipedia.org/wiki/Samba_software.

To start Samba, select Knoppix → Services → Start Samba Server. Enter a password for the user knoppix, and then re-enter the password for verification. Click Yes to export all hard drives so they can be mounted, read, and written to from remote machines. (Normally this would not be a good idea, and if you're going to leave Knoppix running for a while on your machine, you probably shouldn't do this. You definitely shouldn't do this if your Knoppix machine is connected to the Net without a firewall — but you wouldn't do that, would you?)

Samba is now running on your computer. Any machine that supports the SMB/CIFS protocol can now connect to your Knoppix box. This means Linux, of course, but it also means Mac OS X and Windows, which gives you an excellent range of possibilities.

To test that Samba is running correctly, open up Konqueror in Knoppix and type smb://127.0.0.1/ in the Location bar. A list of shares, including partitions and hard drives, is displayed. Click on one of them, and you are prompted for a username and password. Use knoppix for the username, and the password is whatever you entered earlier.

You can also test via the command line. As you, not root, enter the following:

 $ smbclient -L 127.0.0.1

When you're asked for a password, just press Enter without entering one. You should see a list of all shares, but this is the list that any anonymous user will see. Don't panic — anonymous users can't actually connect to your folders and files. To prove this to yourself, enter the following on the command line:

 $ smbclient //127.0.0.1/hda1

When prompted for a password, press Enter, just like an anonymous user would. You'll see the following error message:

 Anonymous login successful Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.9-Debian] tree connect failed: NT_STATUS_ACCESS_DENIED

At first, things look bad — the anonymous login is successful. But it's OK — although Mr. Anonymous can log in, he can't see, read, or write anything.

Now try it as the approved user knoppix. Enter the following on the command line:

 $ smbclient //127.0.0.1/hda1 -U knoppix

When prompted for a password, enter the password you created earlier. This time, you should be in like Flynn, with an FTP-like prompt, like this:

 Domain=[KNOPPIX] OS=[Unix] Server=[Samba 3.0.9-Debian] smb: \>

Most of the ftp commands you know should work here as well, including ls, cd, get, put, mget, mput, and mkdir.However, smbclient has a few commands available that ftp does not: chown, chmod, symlink, hardlink, rd, and tar, for example. (tar is definitely one to check out, as you can use it to create tar backups of files and folders on a Samba share.) To see the full list of commands, just type help and press Enter.

Note

For more information about smbclient, type man smbclient on the command line.

Remember that, by default, Knoppix does things the easy way and shares everything on the hard drive. If you're going to have Knoppix running for a while, you should either edit the smb.conf file to only share appropriate items or turn Samba off when you don't need it by entering sudo /etc/init.d/samba stop on the command line. To turn it back on, just use sudo /etc/init.d/samba start, and away you go.

Accessing Files and Printers with Samba

As you just learned, smbclient is a great way to verify that Samba is running on your Knoppix computer. The real purpose of smbclient, though, is to actually connect to a machine running Samba and work with files. You can certainly use it, but it gets a little tedious having to type commands all the time. Fortunately, Knoppix — and KDE — includes a great GUI tool that you can use to browse Samba shares: Konqueror.

Note

This chapter examines accessing files and folders shared via Samba. For connecting to Sambashared printers, see Chapter 1.

That's right! Konqueror, the file manager that does everything, is not just a great FTP and SFTP browser, but a great Samba browser as well!

To connect to a Samba share on another machine — one that's running Windows, say — open Konqueror by selecting the Personal Files icon on the panel, simply type smb:/ in the Location bar, and press Enter. Depending on the size of your network, you'll soon see a list of all the Samba workgroups that Konqueror can find. Figure 3-5, for example, shows that Konqueror has found the author's workgroup, Milton.

image from book
Figure 3-5: Konqueror finds your Samba workgroups.

To open a workgroup, click on its icon, and a list of all the machines in that workgroup is displayed, as shown in Figure 3-6.

image from book
Figure 3-6: Konqueror displays the machines in a selected Samba workgroup.

See a machine you want to browse? Click it, and after a bit Konqueror shows you the list of shares available on that computer (see Figure 3-7).

image from book
Figure 3-7: Konqueror displays the Samba shares in a selected machine.

Keep in mind that you're seeing shares, not necessarily partitions or drives. A share can consist of an entire partition or drive (although generally that's not a good idea), but it doesn't have to be. You can share a subfolder waaaay down in your directory hierarchy by using Samba; for example, to view some OGGs and MP3s, you might click on the music share.

Immediately you're prompted for a username and password, which happens anytime you try to connect to a protected share. Keep in mind that you must enter a Samba username and password, which may not be the same as your login username and password on the box — it depends on how you set up Samba on that computer. If it's a Windows or Mac OS X machine to which you're connecting, it's a login name and password; if it's a Linux box, then login names may not be the same as Samba names. You just have to know how the computer to which you're trying to connect is set up.

Note

A few years ago, Konqueror asked you over and over again to enter your username and password — every time you entered a new subfolder, in fact. It was enough to drive you insane. Thankfully, KDE has removed this annoyance. Now you are asked once for a share, and that's it.

Once you've logged in correctly, you get what you came for: the files and folders that you want to access. In my case, that would be rock ‘n’ roll OGGs and MP3s (all legal). At this point, I might think it's time to play some music — some Smiths, perhaps. I'd click Rock_Alternative_ All_Time_Greats (yes, I am compulsively organized when it comes to my music collection), click Smiths, and then click Smiths_-_Hatful_of_Hollow_-_01_-_William, _It_Was_Really_Nothing.mp3 and … what's this? The file appears in XMMS (the default MP3 player), but there's no sound. Yet music stored locally on the Knoppix machine plays just fine. What's going on?

The problem is that the "music" share that's connected to isn't actually mounted, so XMMS can't play the songs on that share. Right-clicking on William,_It_Was_Really_Nothing. mp3 and choosing to open it with xine, it plays — after the file is first downloaded onto the machine. That's OK for a single tune, but for an album, or a large video, or anything else, downloading every single file before listening to it, or watching it, is quickly going to grow tedious. To solve that issue, you need to actually mount the Samba share on the other machine to your Knoppix box, so that Knoppix treats the file like it's on the local hard drive.

If you know how to use smbmount on the command line, this is your time to shine. Just enter smbmount and the appropriate options, and you're set. If you don't know smbmount, or you want to learn how to utilize it, start by using LinNeighborhood, included with Knoppix.

To access LinNeighborhood, open the K menu and select Internet → More Applications → LinNeighborhood. The program opens, but before you can begin using it, you need to change a few settings. To start with, choose Edit → Preferences, which opens to the Scan tab shown in Figure 3-8.

image from book
Figure 3-8: Setting scan preferences in LinNeighborhood

On the tab, enter the name of the SMB workgroup that you want to examine in the Workgroup text box. This example will use MILTON (you don't have to use all caps — that's just how Windows does it). Then check the box next to Always Scan As User, which prompts you to enter a username and password at the appropriate time.

Alternatively, you could go to the Miscellaneous tab (see Figure 3-9) and, in the Default User text box, enter the SMB username you use to log in to the SMB shares on your network.

image from book
Figure 3-9: Tell LinNeighborhood to remember your Samba username and password.

If you're not feeling paranoid, go ahead and enter the SMB password you use in the Save Default Password text box, and then check the box in front of it.

Note

Keep in mind that if you're connecting to another Knoppix box, the default user is knoppix, with an SMB password that you set when you turned on the SMB server.

After you have your preferences set, click the Save button, and then the Close button. Back in the main LinNeighborhood window, choose Options → Browse Entire Network. A window similar to the one shown in Figure 3-10 opens, asking you to enter a username and password (yes, you did just enter them, and now you have to do it again — weird, eh?).

image from book
Figure 3-10: Before browsing, you have to enter the username and password again.

Check the Browse as User box, enter a username and password, and click OK. That window closes, and a list of workgroups and machines appears in LinNeighborhood, similar to what is shown in Figure 3-11 (if the list doesn't appear after a reasonable time, double-click the Knoppix icon at the top of the window — the one with the penguin head next to it — and that should display the list).

image from book
Figure 3-11: LinNeighborhood displays a list of machines in a workgroup.

To mount the music share found on Dante, double-click on Dante. Again you're asked for a username and password, but fortunately these are already filled in for you (if you used the Miscellaneous tab discussed earlier), so all you have to do is click OK. Dante expands to reveal all the shares, including printers, that are available, as shown in Figure 3-12.

image from book
Figure 3-12: LinNeighborhood displays a list of Samba shares on a machine.

Double-click the music share, and the Mount Dialog window opens (see Figure 3-13).

image from book
Figure 3-13: Tell LinNeighborhood exactly how you want to mount a Samba share.

You shouldn't have to enter anything in this window, unless you're unhappy with the defaults. By default, LinNeighborhood will create the necessary directories and then, in this example, mount the music share on Dante at /home/knoppix/mnt/DANTE/rsgranne/, which is probably just fine. If you want the mount point to be somewhere else, though, go ahead and enter the path. If the SMB User or SMB Password isn't correct, change it. Once you've got everything the way you like it, click the Mount button to close the Mount Dialog window and return to the LinNeighborhood window.

You can tell that LinNeighborhood has mounted the Samba share, thanks to the open folder icon and the path under the Mountpoint column. To test the new mount, open Konqueror (the Personal Files icon on the panel) and click on the mnt directory, the name of the machine to which you're connecting (DANTE in my case), the name of the share (music), Rock_ Alternative_All_Time_Greats, Smiths, and finally Smiths_-_Hatful_of_ Hollow_-_01_-_William,_It_Was_Really_Nothing.mp3. Almost immediately I hear Johnny Marr's guitar and Morrissey's croon (you'll hear whatever music file you selected). Excellent! Create a playlist in XMMS, or just click on individual songs in Konqueror, or even watch movies; it's all easy, seamless, and quick once you've mounted that Samba share to your filesystem.

However, you're not done. Remember that you can use LinNeighborhood to help learn the syntax of smbmount? Here's how: In LinNeighborhood, select Options → Export Mountscript. You're asked where you want to save the file, which by default is named mountscript. Because you're just learning, any old place is fine, so why not the Desktop?

Tip

Normally, if you were going to use that file again to mount Samba shares, you'd create a bin directory and place it in there, and then run chmod 744 mountscript to make it executable. If that sounds useful to you, be sure to read Chapters 10–12, which discuss remastering Knoppix.

Open mountscript with your favorite text editor and take a look at it. It's just a bash shell script that calls smbmount with the appropriate options. With that script as a template, you can easily add more lines that will mount other SMB shares. If you're feeling really ambitious, you can arrange for that script to run when you boot, automatically mounting several SMB shares onto your local filesystem, saving time and making things simple and easy.

Tip

For the full skinny, try man smbmount. Here's a hint: If you're going to use smbmount, look at the credentials option for better security.

Sharing and Accessing Files with NFS

NFS is actually older than the SMB protocol, but it does far less. SMB enables you to share files and folders as well as printers, whereas NFS only shares files and folders. In terms of security, SMB is better in many ways because it enables you to control access to shares by usernames ("Are you steveb? Then you cannot access the finance directory, no matter what machine you're on."), while NFS only controls shares by machine ("Are you coming from the machine named Dante? You are? Great — then no matter who you actually are on that machine, you've got access to the finance directory!"). SMB is built in to Windows, obviously, but it's very well supported on Mac OS X and Linux, whereas NFS is primarily a UNIX protocol — you can find support for NFS on Windows, but it just isn't widely used. Nevertheless, if you're looking to easily share files between Linux machines, NFS is quick, easy, and efficient.

To get started with NFS, you need to detail your NFS shares. Suppose you want to make the /tmp directory on the Knoppix machine Homer available to the non-Knoppix Linux machine Dante, for example. First you need to ensure that Homer and Dante know each other's IP address. Do that by editing their /etc/hosts files. For instance, if Dante's IP address on your LAN is 192.168.0.105 and Homer's is 192.168.0.110, then you add 192.168.0.105 dante to Homer's /etc/hosts file and 192.168.0.110 homer to Dante's /etc/hosts file. Once that task is complete (no reboots required — this is Linux!), the two machines can find each other on your network.

Then open /etc/exports on Homer with a text editor (you need to be root, so sudo vim /etc/exports if you're using the command line, or sudo kwrite if you want to start a GUI text editor as root), and add the following line:

 /tmp dante(rw,sync)

Caution

You must be very careful when you're entering the line in the exports file. Notice that there is no space after the machine name and before the parenthesis, and that there is no space after the comma. Do not put spaces in there, or you will accumulate bad security karma. See http://www.tldp.org/HOWTO/NFS-HOWTO/security.html for more information.

Some Other Handy NFS Commands

If you really want to make the best of NFS, you need to know some additional commands. You'll find the following quite useful:

/etc/init.d/nfs-kernel-server stop: Stops NFS
/etc/init.d/nfs-kernel-server restart: Restarts NFS (be careful with this because anyone connected to your NFS server will temporarily find themselves unable to work on any programs accessing NFS-based data)
exportfs -ra: Re-exports the /etc/exports file if you've made changes.

To start NFS, you need to run several commands in Konsole, starting with this one:

 $ sudo portmap

portmap essentially translates RPC numbers into networking port numbers. When a server (for instance, your Knoppix machine, running NFS server) receives an RPC call, it uses portmap to send that call to the right network port. Without portmap, NFS doesn't work.

Note

Don't know what an RPC is? Head over to Wikipedia and read http://en.wikipedia.com/wiki/RPC.

Other commands include stop (sudo /etc/init.d/portmap stop) and restart sudo /etc/init.d/portmap restart). For more information about portmap, use man portmap.

Next, start two services by running the following:

 $ sudo /etc/init.d/nfs-common start $ sudo /etc/init.d/nfs-kernel-server start

That gets NFS up and running.

With NFS on, anyone running an NFS client on Dante should be able to mount and connect to the shared /tmp directory on Homer. To mount the shared directory, run the following commands as root on Dante:

 # mkdir /mnt/homertmp # mount -t nfs homer:/tmp /mnt/homertmp

The first command creates the mountpoint; the second does the actual mounting. Now you can run ls /mnt/homertmp and see the contents of the /tmp directory on Homer as though it were part of Dante's local filesystem.

Anyone on Dante can now access that share mounted at /mnt/homertmp. Remember that the share was exported rw, so anyone using Dante not only has access, but can also read and write documents on that mounted share. That's why many consider NFS to be a little insecure, and why Samba is so often used, even for sharing between Linux machines. One more word about security: Never connect a machine running portmap directly to the Net, or you are opening yourself up to vulnerabilities. NFS is powerful, but it can also leave sensitive files wide open, so be careful!

Tip

For a brief overview of NFS, the Wikipedia has a nice article at http://en.wikipedia.org/wiki/Nfs. To learn more about NFS, read the "Linux NFS-HOWTO," available at http://tldp.org/HOWTO/NFS-HOWTO/, or "NFS: Overview and Gotchas," at http://www.troubleshooters.com/linux/nfs.htm. You can also set up NFS clients to automatically mount NFS shares using automount; to find out how to do so, read the "Automount mini-Howto" at http://tldp.org/HOWTO/Automount.html, and "Configuring the NFS automounter" at http://osr5doc.ca.caldera.com:457/NetAdminG/BOOKCHAPTER-15.html.