I have a PVE Community server running 8.3.1 with a total of 24 TB across 6 drives configured in RAIDZ2 that I am presenting to a bunch of different VMs, Docker containers, and LXCs using SMB using Turnkey Fileserver. While I understand that SMB isn't really optimal for this use case, and that most people would probably want to present storage using NFS, I was hesitant to use a priviledged container because of the security concerns associated with that. This might be a bit silly because this is a home hosting setup + work sandbox, but I do have a few services (Nextcloud, Jellyfin) presented publicly behind HAProxy and want to use best practices as a general rule.
I run Turnkey as an LXC and present a 20 TB mount point to it (was a typo, I intended to use 10 TB) of which I have around 4 TB consumed. I have set up the SMB shares within Turnkey based on local user groups inside of the LXC. Everything works... for a while. Periodically, whether that is a few days or a week, I suddenly discover that my Shinobi DVR VM has suddenly started throwing endless CIFS: VFS: No writable handle in writepages rc=-9 errors, or my account that I use to back up Windows boxes suddenly no longer has write privileges. A reboot of the LXC fixes everything. I've made no changes to the Samba configuration, which is as follows (slightly truncated to reduce the number of shares, all settings are identical other than groups):
This has happened about 10-15 times so far, and it is preventing me from fully jumping off of my legacy server which runs on ESXi + drive passthrough to TrueNAS for storage. That setup had its own issues but I have to say that I did not have anything like this happen with shares in TrueNAS.
It seems like the Turnkey LXCs are relatively popular here, I would expect that issues like this would be fairly rare, yet I seem to have gotten myself into a bad place that I'm uncertain how to get out of. I'm sort of tempted to sidestep into a "plain" Debian LXC and configure Samba manually, but I'm hoping to avoid that headache.
Anyone encounter these sorts of issues before? Also, if you think that what I'm trying to do here is dumb and bad, I'm willing to hear those arguments too!
I run Turnkey as an LXC and present a 20 TB mount point to it (was a typo, I intended to use 10 TB) of which I have around 4 TB consumed. I have set up the SMB shares within Turnkey based on local user groups inside of the LXC. Everything works... for a while. Periodically, whether that is a few days or a week, I suddenly discover that my Shinobi DVR VM has suddenly started throwing endless CIFS: VFS: No writable handle in writepages rc=-9 errors, or my account that I use to back up Windows boxes suddenly no longer has write privileges. A reboot of the LXC fixes everything. I've made no changes to the Samba configuration, which is as follows (slightly truncated to reduce the number of shares, all settings are identical other than groups):
Code:
[global]
obey pam restrictions = yes
server string = TurnKey FileServer
debug level = 3
min receivefile size = 16384
os level = 20
add user script = /usr/sbin/useradd -m '%u' -g users -G users
recycle:exclude_dir = tmp quarantine
delete group script = /usr/sbin/groupdel '%g'
recycle:versions = yes
socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536
recycle:keeptree = yes
add group script = /usr/sbin/groupadd '%g'
workgroup = WORKGROUP
dns proxy = no
panic action = /usr/share/samba/panic-action %d
admin users = root
log file = /var/log/samba/samba.log
max log size = 1000
recycle:touch = yes
guest account = nobody
wins support = yes
map to guest = bad user
read raw = no
pam password change = yes
encrypt passwords = yes
write raw = no
delete user script = /usr/sbin/userdel -r '%u'
security = user
netbios name = FILESERVER
vfs object = recycle
passdb backend = tdbsam
getwd cache = yes
add user to group script = /usr/sbin/usermod -G '%g' '%u'
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
[home-videos]
write list = @home-videos-users
create mode = 644
path = /rust/home-videos
read list = jellyfin
force create mode = 0644
writeable = yes
directory mode = 775
force directory mode = 2775
[network-drive]
write list = @network-drive-users
directory mode = 775
writeable = yes
force directory mode = 2775
force create mode = 0644
create mode = 664
path = /rust/network-driveThis has happened about 10-15 times so far, and it is preventing me from fully jumping off of my legacy server which runs on ESXi + drive passthrough to TrueNAS for storage. That setup had its own issues but I have to say that I did not have anything like this happen with shares in TrueNAS.
It seems like the Turnkey LXCs are relatively popular here, I would expect that issues like this would be fairly rare, yet I seem to have gotten myself into a bad place that I'm uncertain how to get out of. I'm sort of tempted to sidestep into a "plain" Debian LXC and configure Samba manually, but I'm hoping to avoid that headache.
Anyone encounter these sorts of issues before? Also, if you think that what I'm trying to do here is dumb and bad, I'm willing to hear those arguments too!
