Run your own home-entertainment server with Linux and MythTV: we show you how.

by Jo Shields on 4 October 2007, 14:52

Tags: HEXUS, Linux

Quick Link: HEXUS.net/qajyv

Add to My Vault: x

If you make sure you're connected, the writing's on the wall

Now we're going to make another configuration tweak. Most home routers are very poor at remembering a PC's identity - I know whenever I restart my Linksys, all the IP addresses on the network shuffle around. Whilst this isn't a problem for desktop machines, for servers, it can cause issues - for example, you may want to set up some port-forwarding rules on your router for BitTorrent, which requires you to specify your TorrentFlux machine's IP address. To fix this, we're going to give the machine a "static" IP address - this means it doesn't ask the router for an IP, it uses the one it wants to use.

From the desktop, click the network icon in the top-right, and click "Manual configuration". In here, you can specify which connections should be automatic and which should be manual. Select the active network connection, then Properties. Roaming mode should be disabled, and in "Configuration", make sure you select "Static IP Address". Set the IP address to something which is unlikely to be used (for example, my router assigns addresses starting from 192.168.1.64, so I'm free to use lower numbers for static addresses, so I use 192.168.1.2). It's really important not to get this wrong, as every machine on a network needs a unique IP address in order to work. The Subnet mask should be set to 255.255.255.0 on most networks (if it isn't that, then you probably know the correct value) , so it will be automatically set to that. Gateway Address should be set to the IP address of your router, which usually starts with "192.168" or "10.0" and ends with "1" (you can check this detail from anywhere on your network). The easiest way to ensure settings take effect is to reboot.

Now we know exactly where we are on the network, let's do something useful. First, let's check we have a data folder that everyone on your system can write to. If you partitioned your system as suggested, you should already have a /data partition - if not, we'll create a /data folder instead. In either case, hit Alt-F2 and type "gksu nautilus" to get an administrator's-eye view of files on disk. Without running it as the system administrator (using gksu) you don't have permission to make potentially system-damaging changes to your machine, such as creating or deleting files in system areas. Now, first, click the "Computer" button at the top, and on Filesystem. This is what a Linux system looks like on disk. If it doesn't already exist, right-click here and click "Create Folder", naming it "data". Now, right-click on your data folder, and click properties. There's a Permissions tab here - this allows you to decide which users may view or write files into this folder. What you do here is largely up to you - if you really trust your users, you could grant everyone write access. If not, you could make it read-only, but with a write-all subfolder inside for people to share their junk. Make sure you close this window when you're done, as an admin window is a risky thing to leave lying around.

Now for some neat things. We're going to let anyone write to our global share, but we're also going to give users access to their own private home folders automatically. First, we need to edit a config file: Hit Alt-F2, and run "gksu gedit /etc/samba/smb.conf" to load the config file for the file-sharing server for editing. Scroll down to the line that says "; security = user" and change it to "security = share" - note the semicolon needs deleting. Next, scroll down to the bottom and add:
[homes]
comment = Home Directories
browseable = no
valid users = %S
writable = yes
create mask = 0600
directory mask = 0700

Now we need to do a couple of things before this will work - first, we need to ensure that the passwords used by your Linux system internally (which uses a secure password storage method) match up with those used by the file-sharing service (which must use a less secure scheme for Windows compatibility). Load up Synaptic, and install "libpam-smbpass". Now to use it, run "gksu gedit /etc/pam.d/common-password" - this file determines how the system deals with password changes, so we need to add a line at the bottom:
password required pam_smbpass.so nullok use_authtok try_first_pass
Now save that, and reload the Samba config file with "gksu invoke-rc.d samba reload". Any new users you create will be able to access their data from Windows by pressing Windows-R and typing \\linuxservername\username\ or mapping a drive letter in Explorer. Your user won't though, as the password tables don't match - easiest option here is simply to change your password, to get things into sync. Hit System, Preferences, About Me to change your password. Done!