{"id":189,"date":"2015-05-18T19:58:08","date_gmt":"2015-05-18T18:58:08","guid":{"rendered":"http:\/\/www.troliver.com\/?p=189"},"modified":"2015-06-10T21:33:04","modified_gmt":"2015-06-10T20:33:04","slug":"creating-a-windows-shared-drive-in-ubuntu-14-04-with-samba-part-1","status":"publish","type":"post","link":"https:\/\/www.troliver.com\/?p=189","title":{"rendered":"Creating a Windows shared drive in Ubuntu 14.04 with Samba"},"content":{"rendered":"<p><em>Since writing this post, these subsequent posts may help with some issues:<\/em><\/p>\n<ul>\n<li><em><a href=\"http:\/\/www.troliver.com\/?p=232\">How to remove .DS_Store and other system-created files in Samba<\/a><\/em><\/li>\n<li><em><a href=\"http:\/\/www.troliver.com\/?p=226\">Issues with PBIS Active Directory and Samba<\/a><\/em><\/li>\n<\/ul>\n<h1>Introduction<\/h1>\n<p>One of the many servers we <em>didn&#8217;t <\/em>lose was the team&#8217;s\u00a0storage server, called Warehouse. In fact, it was the only remaining survivor of what we can in future call the Great Server Loss of 2014 (or 2015. We&#8217;ve had two now). However, it had been set up by someone else who worked here and I was keen to see how hard it was to set up for myself, since we&#8217;ll be setting something similar up later for students to have their own storage space. With the server&#8217;s footprint at over 2TB (deleted files don&#8217;t free up any usage, since its a VM), I decided it would just be quicker and more useful to rebuild it from scratch, rather than copy everything over to a new partition in a lengthy disk &#8220;downsize&#8221; process.<\/p>\n<p>This &#8211; and following &#8211; articles should help with\u00a0making a file server in Ubuntu\u00a0(the same steps should more or less apply to any other flavour of Linux) that you can then\u00a0access, and map a drive to, from Windows. We need <strong>Samba<\/strong> because Linux&#8217;s own file system, NFS, can&#8217;t be accessed natively by Windows &#8211; so we will configure a system that can. Samba is, basically, the Unix way to to use Server Message Blocks (SMB), which is mostly used by Microsoft networks for file-sharing and communication between hosts. If you&#8217;ve seen the term <em>CIFS<\/em> anywhere, it is basically a Microsoft-only implementation of an older (but once newer) version of Samba (<a href=\"http:\/\/blog.varonis.com\/the-difference-between-cifs-and-smb\/\">see here\u00a0for a more in-depth explanation<\/a> of how it all fits together). So Samba is the thing we will configure and use for Windows machines to be able to access the file system on our Linux server &#8211; from Windows, it should essentially appear to be just the same as a Windows server share.<\/p>\n<p>For where I work, there are two purposes for our\u00a0storage server:<\/p>\n<ul>\n<li>Share files between staff members in Windows, which should be only accessible by certain authenticated users<\/li>\n<li>Make certain files (desktop backgrounds, some installers, some documents and assets) publicly accessible for\u00a0other users and computers<\/li>\n<\/ul>\n<p>There are a few steps involved and, although not particularly lengthy, I wanted to go into a bit more detail about how to get each step working and explain some of the problems you might also face in a similar environment.<\/p>\n<h2>Initial Installation<\/h2>\n<p>When installing a\u00a0standard Ubuntu 14.04 server installation, select <strong>Samba<\/strong> and <strong>OpenSSH<\/strong>. Out of the box\u00a0you can connect to the server via SFTP, using something like WinSCP. But this isn&#8217;t really practical for accessing files &#8211; additionally, you have to be authenticated to login and, with only one account, you&#8217;d have to make more users manually if you wanted to give access to different people. So, after updates and upgrades, we need to configure Samba to make it work at all and end with the aim of joining an Active Directory domain.<\/p>\n<h2>Configuring Samba<\/h2>\n<p>There are two things that are implied a lot throughout the next few step;s the first is that you are editing the samba configuration file which in this case &#8211; unless otherwise specified &#8211; is at\u00a0<em>\/etc\/samba\/smb.conf<\/em><\/p>\n<p>The second thing is that you will be doing a lot of service restarts. Any time you make a change in the Samba configuration file, you have to restart both the nmbd and smbd services, which you can do using <em>service samba<\/em>.<\/p>\n<p>Finally, you&#8217;ll likely have to use\u00a0<em>sudo<\/em> for everything.<\/p>\n<pre class=\"lang:vim decode:true\">sudo vim \/etc\/samba\/smb.conf\r\n\r\nsudo service samba restart\r\nStopping Samba daemons: nmbd smbd.\r\nStarting Samba daemons: nmbd smbd.<\/pre>\n<p>&nbsp;<\/p>\n<h2>Starting to make\u00a0Samba work<\/h2>\n<p>Now, by\u00a0default if you connect to a Ubuntu server through the Windows explorer address bar, for example \\\\10.1.63.246\\, you&#8217;ll get a message that Windows can&#8217;t access the address.\u00a0However, with Samba installed, you&#8217;ll be able to browse\u00a0it straight away, since ports 139 and 445 are open, which are used by Samba. Although, until we enable the home directories, we won&#8217;t see anything.<\/p>\n<p>The first thing to do is\u00a0edit the samba configuration file, smb.conf,\u00a0which contains different categories and settings. There will be a commented out section called [homes], so uncomment it to read as follows:<\/p>\n<pre class=\"lang:vim decode:true\">[homes]\r\ncomment = Home Directories\r\nbrowseable = yes<\/pre>\n<p>If you save and exit the configuration and restart the samba service, you can now navigate back to your IP address and should see new folders show up:<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-200\" src=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/bar2.png\" alt=\"bar2\" width=\"435\" height=\"104\" srcset=\"https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/bar2.png 435w, https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/bar2-300x72.png 300w\" sizes=\"(max-width: 435px) 100vw, 435px\" \/><\/p>\n<p>This will show whether or not it works!\u00a0However, you don&#8217;t need be authenticated for this and, by default, <strong>all<\/strong> user directories are shown here and, although not editable, they are readable and copyable. In the configuration file, you can change <em>&#8220;browseable = yes&#8221;<\/em> and make it <em>&#8220;no&#8221;<\/em> instead; this way, you can&#8217;t see all the home directories by default and any other shares you make, you can make browseable. However, the user directories are still accessible. This probably still isn&#8217;t going to be quite right; we want to create our own shares and control which are public and which require a user to be authenticated to be able to view them.<\/p>\n<h2>Active Directory with PBIS<\/h2>\n<p>One way to accomplish this is to make different user accounts and groups on the server itself, but with an Active Directory domain already in existence, we can just join\u00a0our server to the domain, as previously described <a href=\"http:\/\/www.troliver.com\/?p=172\">here, under &#8220;Change 2&#8221;<\/a>, and use these accounts and groups instead.<\/p>\n<p>With the server on the domain, you can now login as other users if you wanted to. I modified the configuration file to remove all of the comments and, essentially, rewrite it as follows;<\/p>\n<pre class=\"lang:vim decode:true\">[global]\r\nworkgroup =\u00a0Troliver\r\nrealm = troliver.com\r\nserver string = Warehouse Server (%h)\r\ndns proxy = no\r\nsecurity = ADS\r\nencrypt passwords = true\r\nlog file = \/var\/log\/samba\/log.%m\r\nmax log size = 1000\r\nsyslog = 0#\r\npanic action = \/usr\/share\/samba\/panic-action %d\r\npassdb backend = tdbsam\r\nobey pam restrictions = no\r\nunix password sync = yes\r\npasswd program = \/usr\/bin\/passwd %u\r\npasswd chat = *Enter\\snew\\s*\\spassword:* %n\\n *Retype\\snew\\s*\\spassword:* %n$\r\npam password change = yes<\/pre>\n<p>The important things here are the\u00a0<em>domain name\u00a0<\/em>in\u00a0<em>realm<\/em> and that\u00a0<em>security = ads<\/em> is set. After this comes the different\u00a0<em>shares &#8211;<\/em> mappings to Unix directories; to make a share, you have to specify the path to a directory.<em>\u00a0<\/em><\/p>\n<h2>Creating shares<\/h2>\n<p>For this guide, I&#8217;ve made two shares &#8211; <em>test1<\/em> and <em>test2<\/em>. You can\u00a0do this by simply add the following lines to the configuration file created above:<\/p>\n<pre class=\"lang:vim decode:true\">[test1]\r\ncomment = Read only, everyone\r\npath = \/home\/share\/test1\r\n\r\n[test2]\r\ncomment = Read only, CST Tech Staff group\r\npath = \/home\/share\/test2<\/pre>\n<p>The shares will be visible but you can&#8217;t initially access them, with a message that the network name\u00a0cannot be found.<\/p>\n<p><a href=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/share1.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-198 size-full\" src=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/share1.png\" alt=\"share1\" width=\"866\" height=\"567\" srcset=\"https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/share1.png 866w, https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/share1-300x196.png 300w\" sizes=\"(max-width: 866px) 100vw, 866px\" \/><\/a><\/p>\n<p>This is because the path we have specified in Samba doesn&#8217;t actually exist on the server. Samba will show Windows that this path exists but that doesn&#8217;t necessarily mean it does; samba acts a front end to Windows and the configuration tells samba, essentially, how to present your server to the rest of the network.<\/p>\n<p>To resolve this, we just create a new folder with <em>mkdir<\/em>\u00a0and it should now work:<\/p>\n<pre class=\"lang:sh decode:true\">mkdir \/home\/share\/test1\r\nmkdir \/home\/share\/test2<\/pre>\n<h2>Restricting shares to specific users or groups &#8211; Samba permissions<\/h2>\n<p>The next thing we can do is to restrict who can actually access the share. We can specify that &#8220;test2&#8221; can&#8217;t be accessed by anyone who isn&#8217;t called &#8220;testuser1&#8221;<\/p>\n<pre class=\"lang:sh decode:true\">[test2]\r\ncomment = Read only, access only Staff group\r\npath = \/home\/share\/test2\r\nvalid users = testuser1<\/pre>\n<p>Alternatively, we can specify a group name by prefixing it with an @, as below:<\/p>\n<pre class=\"lang:sh decode:true\">[test2]\r\ncomment = Read only, access only Staff group\r\npath = \/home\/share\/test2\r\nvalid users = @domain^admins<\/pre>\n<p>Now\u00a0we are giving a whole group &#8211;\u00a0<em>domain^admins &#8211;<\/em>\u00a0access to the share instead. You&#8217;ll notice that, if you aren&#8217;t logged in, you cant access it; but you can still see it if you browse to the address of the samba server.\u00a0By default, without <em>valid users<\/em> specified,\u00a0everyone is able to access the share.<\/p>\n<p>The last thing to put in, which we will need later, is to make any new files created by a user to be\u00a0given a specific group association with\u00a0<em>force group<\/em>.<\/p>\n<pre class=\"lang:vim decode:true\">[test2]\r\ncomment = Read only, access only Staff group\r\npath = \/home\/share\/test2\r\nvalid users = @domain^admins\r\nforce group = domain^admins<\/pre>\n<p>Normally, in our domain, it seems that any files created from within Windows by an authenticated user will\u00a0be created with<em> &#8220;domain^users&#8221;<\/em> as the group; but the problem is that this would include anyone who isn&#8217;t in the group of <em>domain^<strong>admins<\/strong><\/em> if they were a member of both. The above change in the configuration forces all files to take on their group membership of<em> domain^admins<\/em> and, if necessary, <em>&#8220;force user&#8221;<\/em> can be added, too, to force ownership of the file by another user.<\/p>\n<p>Edit: There is an important thing to note here. If you want a share to only be accessible by a specific group &#8211; say domain^admins &#8211; you may have to prefix it with a plus sign (+domain^admins) if you don&#8217;t also specify &#8220;valid users&#8221;:<\/p>\n<blockquote><p>In Samba 2.0.5 and above this parameter has extended functionality in the following way. If the group name listed here has a &#8216;+&#8217; character prepended to it then the current user accessing the share only has the primary group default assigned to this group if they are already assigned as a member of that group. This allows an administrator to decide that only users who are already in a particular group will create files with group ownership set to that group. This gives a finer granularity of ownership assignment. For example, the setting <code class=\"filename\">force group = +sys<\/code> means that only users who are already in group sys will have their default primary group assigned to sys when accessing this Samba share. <strong>All other users will retain their ordinary primary group.<\/strong><\/p>\n<p>&nbsp;<\/p><\/blockquote>\n<h2>Restricting shares to specific users or groups &#8211; Unix\u00a0permissions<\/h2>\n<p><em>(For a quick explanation of Unix permissions, see my <a href=\"http:\/\/www.troliver.com\/?p=217\">previous article<\/a>\u00a0on Unix permission<\/em>s.)<\/p>\n<p>As I mentioned earlier, Samba relies on the underlying Linux system to have directory availability and permissions to match that which it advertises; in other words, the Linux file system is what really counts here. You can create a share to anywhere, but if that folder doesn&#8217;t exist\u00a0on the system,\u00a0then it won&#8217;t ever be accessible. Similarly, even if you restrict access to a share through Samba&#8217;s permissions, there is no guarantee that somebody might not gain access via SSH and access folders that way.<\/p>\n<p>Since you\u00a0have to ensure that the underlying shares that Samba can access have the right permissions anyway, you\u00a0might as well restrict who can access a folder this way too.<\/p>\n<p>First of all, we need to change the group that owns the folder, which isn&#8217;t a Samba-specific thing. You can check the owner and the group of a file or folder with\u00a0<em>ls -l.<\/em><\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-195\" src=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/share4.png\" alt=\"share4\" width=\"611\" height=\"118\" srcset=\"https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/share4.png 611w, https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/share4-300x58.png 300w\" sizes=\"(max-width: 611px) 100vw, 611px\" \/><\/p>\n<p>Then use the following command to change the group \u00a0to <em>domain^admins:<\/em><\/p>\n<pre class=\"lang:sh decode:true\">chgrp domain^admins \/home\/share\/test2<\/pre>\n<p>Check the ownership again:<\/p>\n<p><a href=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/share6.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-193\" src=\"http:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/share6.png\" alt=\"share6\" width=\"611\" height=\"118\" srcset=\"https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/share6.png 611w, https:\/\/www.troliver.com\/wp-content\/uploads\/2015\/05\/share6-300x58.png 300w\" sizes=\"(max-width: 611px) 100vw, 611px\" \/><\/a><\/p>\n<p>The <em>test2<\/em> share should now be accessible\u00a0by the <em>domain^admins<\/em> group, however nothing will have necessarily changed, since the default permissions for that directory is 755; which means only the owner can modify files, but everybody else can only read and execute them; <i>including the group assigned to it<\/i>.<\/p>\n<p>However, this isn&#8217;t necessarily too\u00a0problematic at the moment because newly created files still are only <em>modifiable<\/em> by their owner, as per the underlying Unix file permissions. But non-authenticated users can view\u00a0the newly made files and\u00a0only the owner can modify them, which isn&#8217;t necessary what we want; we want the owner <em>and<\/em> the group to be able to <em>read <\/em>and<em> write<\/em> and everyone else to have no access at all.<\/p>\n<p>So to do that, we want this changed with <em>chmod\u00a0<\/em>to 770 or 775 &#8211; which means that the group associated with a directory, or file, has the same permissions as the owner, whilst still restricting the access of other users. This is an important step to follow, otherwise your restrictions won&#8217;t apply how you want them to.<\/p>\n<pre class=\"lang:sh decode:true\">chmod 771 \/home\/share\/test1\r\nchmod 770 \/home\/share\/test2<\/pre>\n<p>&nbsp;<\/p>\n<p>This needs to be done for the main directories that you want to act as shares. I would recommend setting them to 775 for public folders and 770 for restricted folders, with the group set to being that of one that you wish to act as administrators for the folders. But there is another issue; even if we have the share folders&#8217; permissions set and the users and groups of new files set to those that should have appropriate access, we don&#8217;t have the default <em>permissions\u00a0<\/em>set to match them.<\/p>\n<h2>Back to Samba again<\/h2>\n<p>However, from within Samba, we can force a set of permissions for files and directories with two sets of commands;<\/p>\n<ul>\n<li><em>create mask\u00a0<\/em>and\u00a0<em>directory mask<\/em><\/li>\n<li><em>force create mode\u00a0<\/em>and\u00a0<em>force directory mode<\/em><\/li>\n<\/ul>\n<p>These can be used to specify what permissions are granted to new files when they&#8217;re created. There are some default behaviours, by default:<\/p>\n<ul>\n<li>Samba\u2019s default <em>create mask<\/em> is <em>744<\/em> and <em>directory mask<\/em> is\u00a0<em>755<\/em><\/li>\n<li>Samba\u2019s default <em>force create mode<\/em> is <em>000<\/em><\/li>\n<li>Samba ignores the system\u00a0<em>umask <\/em>(which is 0022), which is used to give permissions to files normally<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>Logically, the way in which permissions are changed by these two sets of commands are (with <a href=\"http:\/\/www.bodenzord.com\/archives\/53\">this site<\/a> backing it up),<\/p>\n<ul>\n<li><em>force create mode<\/em> will do a logical OR on permissions, so modification should <strong>increase<\/strong> permissions<\/li>\n<li><em>create mask <\/em>will do a logical AND on permissions, so modification should <strong>restrict<\/strong> permissions<\/li>\n<\/ul>\n<p>Therefore, I would likely need a combination of both; <em>force create mode<\/em> to increase permissions for the group and <i>create mask<\/i> to remove permissions for other users. Because the\u00a0<em>create mask<\/em>\u00a0already has a default, we should just be able to change that to remove the restriction that is inherent with its use.\u00a0However, even after setting\u00a0<em>create mask<\/em>\u00a0to\u00a0<em>777,<\/em>\u00a0which should get rid of any restrictions, this actually only\u00a0sets the permissions to <em>766 <\/em>for new files instead\u00a0&#8211; and it doesn&#8217;t seem that there is any logic for this to be happening at all. If the system <em>umask\u00a0<\/em>and\u00a0<em>f<\/em><em>mask <\/em>did actually affect these files, then my setting it to 0000 would have had some affect, which it didn&#8217;t. It looks like there is something else restricting the permissions, somewhere else; however this isn&#8217;t a big deal, since we don&#8217;t necessarily want everyone to execute files on the server. So we can stick with the following additions to the file to make files only read\/write by the group assigned to that file or directory with:<\/p>\n<pre class=\"lang:vim decode:true\">create mask = 0660\r\ndirectory mask = 0770<\/pre>\n<p>&nbsp;<\/p>\n<p>Amend for public readable files and folders with:<\/p>\n<pre class=\"lang:vim decode:true\">create mask = 0660\r\ndirectory mask = 0770<\/pre>\n<p>&nbsp;<\/p>\n<p>So no matter what we do with <em>create mask<\/em>, we are restricted to not being able to execute for group members or other users.\u00a0But here\u2019s the thing; you <strong>can<\/strong> force Samba to give you all the permission you want if we then decide to user\u00a0<em>force create mode<\/em> \u2013 you can get the last two bits you need with setting it to <em>011 <\/em>(or\u00a0<em>777, <\/em>for that matter), although\u00a0I don\u2019t see what is preventing you from doing this same thing by removing the <em>create mask<\/em> by setting all permission bits. Feel free to contact me if you have any idea why!!<\/p>\n<p>So with that finally done, here is the resulting <i>smb.conf<\/i> file that should give you access to a shared directory that has had its permissions set to 770 and its group assigned to\u00a0<em>domain^admins.\u00a0<\/em>Note that, if you only need one group to be able to access the share, you\u00a0<strong>don&#8217;t need<\/strong> to include the\u00a0<em>valid users<\/em> line, since this is just a Samba restriction &#8211; if the underlying file system already has that restriction, its redundant. Uncomment or keep commented as necessary.<\/p>\n<p>&nbsp;<\/p>\n<pre class=\"lang:vim decode:true\">[test2]\r\ncomment = Read only, access only Staff group\r\npath = \/home\/share\/test2\r\n#browseable = no\r\n#valid users = @domain^admins\r\nforce group = domain^admins\r\ncreate mask = 0740\r\ndirectory mask 0750<\/pre>\n<p>&nbsp;<\/p>\n<h2>What next?<\/h2>\n<ul>\n<li>These three options shouldn&#8217;t need to be configured, but you might want to if you have a larger group given access that might include other groups, or you want to restrict access without using ACLs:\n<ul>\n<li>guest ok<\/li>\n<li>write list<\/li>\n<li>valid users<\/li>\n<\/ul>\n<\/li>\n<li>For more information on getting started and configuring Samba for Ubuntu, take a look at\u00a0a few of the guides on the\u00a0<a href=\"https:\/\/help.ubuntu.com\/community\/Samba\">Ubuntu page for Samba<\/a>\u00a0as well as\u00a0some of the following links, which helped me too:\n<ul>\n<li><a href=\"https:\/\/www.samba.org\/samba\/docs\/man\/manpages-3\/smb.conf.5.html\">Samba manual &#8211; smb.conf<\/a><\/li>\n<li><a href=\"https:\/\/www.samba.org\/samba\/docs\/using_samba\/ch09.html\">Samba users and security<\/a><\/li>\n<li><a href=\"https:\/\/www.samba.org\/samba\/docs\/using_samba\/ch01.html\">Samba manual<\/a><\/li>\n<li><a href=\"http:\/\/www.linuxquestions.org\/questions\/linux-security-4\/how-to-setup-file-permissions-for-multiple-groups-users-that-use-windows-and-linux-841962\/\">Samba and ACLs<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>If you have any comments or questions, feel free to post them below. I may well have overlooked something!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Since writing this post, these subsequent posts may help with some issues: How to remove .DS_Store and other system-created files in Samba Issues with PBIS Active Directory and Samba Introduction One of the many servers we didn&#8217;t lose was the team&#8217;s\u00a0storage server, called Warehouse. In fact, it was the only remaining survivor of what we [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[2,21],"tags":[10,20,41,42,18],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6PQZ3-33","_links":{"self":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts\/189"}],"collection":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=189"}],"version-history":[{"count":15,"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts\/189\/revisions"}],"predecessor-version":[{"id":309,"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts\/189\/revisions\/309"}],"wp:attachment":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}