Alan 🏴🇪🇺🏳️🌈Hitting a wall with #netatalk here during #marchintosh - guest access always ends up with shares being locked, so I can't open a drop box for you to send me nice things over #globaltalk - anyone successfully done this?
fergycool@alanfleming I've been successfully doing this for two years and it was working fine over Christmas (a few people dropped in Crimbo greets!), but for some reason I have yet to understand my Netatalk 4 public share is now only viewable on my zone (scotgate) and not from any other zones. Absolutely no idea what I've broken! After messing for a week I've given in and just published a share from my G4 Mac Mini instead :-) - asiandubfoundation on scotgate if anybody fancies dropping in a greet… ;-)
That would be a fallback, I can do that too. I'd still like to know if this is a bug or something I'm doing wrong. #netatalk documentation is rough. I'm on 4.2.3 on Debian - you?
@alanfleming Sorry for not replying earlier. I'm using the official Docker image on Debian. But I think my issue is solved and was not a fault of Netatalk. I've got Jrouter, TashRouter and Netatalk. I initially had TashRouter and Netatalk on the same machine. That did work, but "broke". So I moved Netatalk to the Jrouter machine. That just did not work. So I moved all three to separate Debian boxes. It all seems to be working OK now. Well fingers crossed it is fixed. Not had any greets yet ;-)
Thank for the thought- I’m using the System 6 router in QEMU on a separate machine so it’s not that.
@alanfleming good luck fixing it. When you do let me know if it needs testing. Same TZ as you and I WFH so generally available.
I’ve just done some commandline work on an iPad over a vpn into my home - it might work now, who knows?
europlus 
@alanfleming @SinclairSpeccy I have, but not for a while.
I am considering setting up a separate Dropbox again because for some reason the guest-writeable folder I have in an otherwise R/O folder won’t allow folders to be copied into it.
Perhaps we should hit @dmark (who I’m sure has nothing better to do) to run a short workshop for #GlobalTalk admins 😀
dmark@europlus @alanfleming @SinclairSpeccy always very happy to support GlobalTalk admins in any way I can *^^*
@dmark @alanfleming @SinclairSpeccy thank you, that’s very kind. Are you aware of a resource which describes the best way to set up a dropbox folder where guests can leave files or folders? And where it’s better to have such a folder not inside an otherwise R/O folder?
I’d love to do this “the right way”, and link to it from my new globaltalk.wiki site :)
@europlus @alanfleming @SinclairSpeccy you should never nest AFP shared volumes if that's what you're asking -- define the dropbox volume in a separate directory that's not inside of another shared volume.
now I don't have a good write-up right now but I can take some time this weekend perhaps; if you're able to follow along, there's the entrypoint shellscript for the netatalk container, look at what we do with the AFP_DROPBOX flag:
https://github.com/Netatalk/netatalk/blob/main/distrib/docker/entrypoint_netatalk.sh
key is to give the shared volume root dir appropriate permissions, including the sticky bit; what I do in the container is "chmod 2775" (recursively if needed) on the shared dir, add 'nobody' to a group, then chown the dir so that the group owns it; finally in afp.conf "valid users = nobody" and "rwlist = nobody" on the dropbox volume for good measure.
sorry if this doesn't make sense because it's pretty late at night here :-D
@dmark @alanfleming @SinclairSpeccy sorry, I should have been clearer…
I’m not nesting shares, I’m trying to figure if I can just have a folder shown inside a share that acts as a dropbox folder, or if I need to make it a share of its own.
@europlus @alanfleming @SinclairSpeccy the Dropbox folder has to be it’s own shared volume; netatalk isn’t quite flexible enough to have different user access schemes on different subdirs I’m afraid
Thanks for this, I’ll have a go when I’m back home later today.
@alanfleming may I ask you to describe what you’ve tried so far? The key requirement is that the “nobody” user is granted write privileges to the shared volume on the host file system, either directly or through group membership. Alternatively you designate another system user as AFP guest in afp.conf
There is also a Dropbox option in the official Netatalk container image if you’re running a containerized deployment.
Exactly that. user dedicated, set as owner of directory. They have write access - nothing in the window bar indicating not - but a lock. Error looged on as guest is "you cannot copy <thing> onto the shared disk "dropbox" because the disk is locked." If I screw up permissions separately, I can see that in the top bar.
Here's a photo to show what I mean. Top is dropbox share - writable but locked. Bottom is globaltalk share - not writable (pencil with red line) and also locked. It's the locking that I can't solve. Both on Powell on EtriNet if you want a look.
Sam Johnson@alanfleming I ran into this as well on PurrTopia:Pluto. I found that if I put a folder inside the share, it isn’t locked, so that’s what I ended up sticking with for my Public Dropbox share for now. Would love to hear if you figure out a better way!
oh I wish that had worked :( Thanks! It seems that, although apparently simple, #netatalk is a bit of a maze of twisty options.