Automatically mount USB 3 attached to my wifi router

As discussed here, I have Seagate Ultra Slim USB 3 attached to my wifi router as a NAS (Network-attached storage). It provides a good backup/sharing storage for my home network that’s accessible from all my home computing devices, which was nice.

Accessing it from Windows is easy to set up, all I needed to do was to map a drive. Accessing it from Linux needs some additional work, but it turned out to be not too bad either.

Initially I created an entry in /etc/fstab. It uses the cifs protocol. Some cursory research shows that cifs is old and oboselete, but I’m not sure of other ways of accessing it. As I mentioned in that post, I had to put in the ver=1.0 option for it to work, something I don’t like.

Anyway, the drawback of /etc/fstab entry is that my Linux system would try to mount it before establishing network access, which doesn’t work for obvious reasons. I had to “sudo mount -a” afterwards. That is manual and gets tedious real fast.

So I did some research. One solution was to use _netdev option in the fstab entry, which didn’t work for me. The other was to use the auto option, which didn’t work either.

In the end, what worked for me was using systemd. Here are two articles that I relied to get mine going.

Tomáš Tomeček, Automatic mounts with systemd
Michael Albert, Systemd: (Auto-) Mount cifs shares This article has good examples for cifs options. Yes, I had to use the ver=1.0.

Thanks guys!

Accessing external USB disk attached to my ASUS RT-AC68U router

I have my own cloud storage server using ownCloud for many years now, and love it. It’s like DropBox, only better.

However, even with that, it’s still nice to have a shared storage for my home network. So today I bought a Seatate Ultra Slim USB 3 disk from Costco, with 2TB capacity. It is attached to my router, ASUS RT-AC68U. Here are the steps for:

  • Router set up;
  • Mount a drive on Windows;
  • Mount a drive on Linux;

Router:
1. Go to 192.168.1.1 through your browser;
2. USB Application (left side);
3. Media Services and Servers;
4. Network Place (Samba) Share / Cloud Disk;
5. Enable Share. I also enabled Allow guest login. Leave everything and click “Apply”.

Windows:
Map a drive to \\192.168.1.1\Seagate_Backup_Plus_Drive\Seagate

Linux:
sudo apt install cifs-utils
sudo mkdir /media/routerUSB
Edit /etc/fstab, adding this line:
//192.168.1.1/Seagate_Backup_Plus_Drive/Seagate /media/routerUSB cifs guest 0 0
Run sudo mount -a

Update: I’m now running Manjaro Arch Linux on my home workstation. cifs-utils is installed by default. I created the routerUSB folder under /mnt. In addition, the entry I added to /etc/fstab is a bit different. To get rid of an error similar to “host not found”, I added the vers=1.0 option:
//RT-AC68U-56E8/Seagate /mnt/routerUSB cifs username=user,password=password,vers=1.0 0 0

Enjoy!

No 32-bit for SQL Server 2016 Express

I’ve learned that SQL Server 2016 Standard and Enterprise Editions no longer provide 32-bit. But I do wonder about SQL Server 2016 Express Edition. It’s different in that it’s free, and mostly geared toward lightweight usage, people who are learning, etc. So perhaps it still offers 32-bit?

After some upgrade work to one SQL Server 2008 R2 Express 32-bit, I can tell you with real experience that SQL Server 2016 Express does NOT have 64-bit either.

So the latest Express edition that has 32-bit is SQL Server 2014. Like Allan Hirt, I also say good riddance. It’s time to move on.

Adding attachment to Outlook 2016 email

A couple of months ago Outlook 2016 on my old PC (Windows 10) started misbehaving:

  • Clicking “Attach File” to add an attachment from my PC to an email message;
  • A window would show up. When it worked, I would be able to move the mouse down and click “Browse This PC…”. However, nowadays this window disappears so quickly that it doesn’t give me enough time to click that “Browse This PC…” item!
  • Web search ensued. Some suggested repairing the mailbox, which I’ve done but to no avail;
  • To get around this, open a windows Explorer window and navigate to the location where the attachment is located, drag it to the email window and release it. Viola, attachment added and you’re done!

Hope this helps!

SQL Server best practice: grant permissions to per-service SID

Since Windows Server 2008/Windows Vista, from SQL Server 2008 onward, SQL Server installation process automatically generates per-service security identifier (SID). Whenever possible, it is recommended to grant rights to this service SID for security reasons, instead of your SQL Server’s startup account, which typically is domain user account.

For example, for performance reasons, I always want to SQL Server to have the following rights: Instant File Initialization and Lock Pages in Memory. The former enables instantaneous data (not log) file growth; whereas the later prevents Windows system from paging SQL Server data to virtual memory on disk.

Those rights can be granted via the Local Security Policy application, secpol.msc. Navigate to Security Settings -> Local Policies -> User Rights Assignment, you’ll find them there. Please note that Instant File Initialization is actually called “Perform volume maintenance tasks”.

Before service SID was introduced, I always granted those rights to SQL Server’s startup account. In my case it was typically a domain\user account. With the introduction of service SID, SQL Server’s resource access rights is the sum of both its startup account and service SID. Therefore it is recommended to grant rights to service SID, for obvious security reasons.

To prove that’s the case, let’s conduct the following experiment. For default instance of SQL Server, its service SID is NT Service\MSSQLSERVER. For named instance, its service SID is NT Service\MSSQL$InstanceName. Please note instant file initialization, once enabled, only works for SQL Server data files, not logs.

1. Assume your SQL Server instance is running under a domain\user account without “Perform volume maintenance tasks”;
2. Run the following code:

dbcc traceon(3004,3605,-1)
go
 
create database TestDb
go
 
exec sp_readerrorlog
go
 
drop database TestDb
go
 
dbcc traceoff(3004,3605,-1)
go

Pay attention to the output of “exec sp_readerrorlog”. You should see something similar to this:

2016-05-19 23:39:35.830 spid51 Zeroing C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\DATA\TestDb.mdf from page 0 to 1024 (0x0 to 0x800000)
2016-05-19 23:39:35.890 spid51 Zeroing completed on C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\DATA\TestDb.mdf (elapsed = 66 ms)

3. Now using secpol.msc, grant your service SID, in my case, NT Service\MSSQLSERVER, the right of “Perform volume maintenance tasks”;
4. Restart SQL Server instance;
5. Repeat step 2, you shouldn’t see entry similar to the one listed above in the error log, indicating that SQL Server has the combined rights of its startup account and its service SID.

By the way, this also applies to data and log folder permissions. Only grant data and log folder permissions to service SID, not its startup account. I have automated that process here.

Happy learning!