Monday, 4 January 2016

Linux - Debian Media Content Server

I've decided to combine a number of server functions I currently have onto a single Debian box for ease of sharing media etc. Having now got to the point where I have a spare HP Microserver N40 freed up which has 1 x 250GB and 3 x 2TB HDDs, its time to get this project started. Several minutes later I had the latest stable Debian (8.2.0) NetInstall ISO downloaded and burnt to a CD all ready to get started. Upon booting, I always use the expert install, not because that reflects my skill level, more from habit following years of the graphical installers not working on all sorts of old hardware I've accumulated over the years. Anyway, before we get started ensure the system is up to date, it should be as it was a fresh Net Install, but old habits die hard.
apt-get update
apt-get upgrade
apt-get install vim vsftpd apache2 samba
Following the installation two new directories are to be created. Using the -p option, any parent directories are also created.
mkdir -p /home/TRUSTEDUSER/content/media/video
mkdir -p /home/TRUSTEDUSER/content/media/audio
FTP Access As I am hosting the media within my home directory, it is simple enough to allow me ReadWrite FTP access to it all by making the following changes in the /etc/vsftpd.conf file.
local_enable=YES
write_enable=YES
local_umask=022
Following the edits, restart the service.
service vsftpd restart
Web Browser (HTTP) Access I need read access to all my media content using a nothing more than a browser. This isn't destined to be publically available so I'm happy with the security implications of such a broad approach to access and security. In this simple scenario it is easiest to just update the default Document Root as below:
vi /etc/apache2/sites-available/000-default.conf

DocumentRoot /var/www/html
DocumentRoot /home/TRUSTEDUSER/content
Once the default document root has been updated, we need to turn attention to the apache2.conf file. In this file we delete (or comment if you prefer) the eisting Directory statements before adding a new one and restarting apache as shown below:
vi /etc/apache2/apache2.conf

<Directory /home/TRUSTEDUSER/content/>
  Options Indexes FollowSymLinks
  Require all granted
</Directory>

service apache2 restart
Samba (Microsoft Networking Access) For samba I wanted 3 shares, one hidden which would be write enabled for me, and two others which were read only by anyone using the guest account. My target folder structure and permissions are shown below
/home/TRUSTEDUSER/content/media          # Write access enabled for me (TRUSTEDUSER)
/home/TRUSTEDUSER/content/media/audio    # Read only access for Guest account
/home/TRUSTEDUSER/content/media/video    # Read only access for Guest account
The supplied Samba config file /etc/samba/smb.conf is replaced with one containing just the elements I require. Of course, I take a backup first.
cp /etc/samba/smb.conf /etc/samba/smb.conf.original
The file below is my new /etc/samba/smb.conf file. For simplicity I've just copied it here.
#======================= Global Settings =======================
[global]
workgroup = WORKGROUP
dns proxy = no
load printers = no
printcap name = /dev/null
disable spoolss = yes

#### Networking ####
interfaces = 127.0.0.0/8 eth0
bind interfaces only = yes

#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0

####### Authentication #######
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user

############ Misc ############
usershare allow guests = yes

#======================= Share Definitions =======================
[media]
comment = Media Share
path = /home/TRUSTEDUSER/content/media
valid users = "TRUSTEDUSER"
write list = "TRUSTEDUSER"
guest ok = no
browseable = no

[audio]
comment = Audio Media Share
path = /home/TRUSTEDUSER/content/media/audio
read only = yes
guest ok = yes

[video]
comment = Video Media Share
path = /home/TRUSTEDUSER/content/media/video
read only = yes
guest ok = yes
Once the /etc/samba/smb.conf file has been updated, its a good idea to use the testparm command to catch any mistakes. Once that looks ok, reload samba with the following:
/etc/init.d/samba restart
Samba stores it user accounts seperate from the Linux system running Samba, therefore I need to create a Samba Password as below:
smbpasswd -a TRUSTEDUSER
If you want to use a Samba username that doesn't already have a Linux account, you can either create a Linux account the normal way with useradd, or as below if you do not want the user to be able to log into the Linux host.
useradd -c "Another Users Name" -d /home/AnotherUsersName -s /sbin/nologin AnotherUsersName
smbpasswd -a AnotherUsersName
After samba is configured, and the new user has been configured we can test to make sure the access works as expected. I am not going to document all that here, but if what I have written helps someone then great. Final things to think about, are the underlying Linux file permissions on the appropriate directories and files. I have mine configured for 755, but there are other schools of thought out there.

No comments:

Post a Comment

All comments made are subject to moderation.