SMB permissions on public folders not working?

    • OMV 2.x
    • SMB permissions on public folders not working?

      I have my OMV box set up with three users; each user has a private shared folder (not advertised, ACL effectively set to 700), then within their private share is a "public" folder that is separately shared as "<name>-public" (advertised, ACL effectively set to 744). I've checked both the ACL settings on the shared folder as well as the "privileges" setting, and they both show that the owner should have RW permissions on both their private share and the "public" subfolder -- which they do -- and that the other registered users as well as guests should have RO permissions on only the "public" subfolder -- which they do not. Whenever user A tries to access the public folders for user B or C (or any other combination therein), Windows barfs up the "You do not have permission to access this folder" error.

      Any ideas why? As far as I can see, both the filesystem permissions and the ACL/privileges in the GUI look right.
    • Here is what I have set. The user I'm looking at is "red" and his folders (I blanked them out because the usernames/share names are our real names). Red, green, and blue each represent a distinct user or their shared folders, and the light shades represent their "public" folders (which are subfolders within the private shared folder). As far as I can tell, what I have should work... but it doesn't :/

      If you need more info please let me know.
      • cifs_shares.jpg

        41.61 kB, 661×247, viewed 469 times
      • red_private_acl.jpg

        57.46 kB, 694×448, viewed 473 times
      • red_private_cifs.jpg

        124.29 kB, 698×461, viewed 494 times
      • red_private_perms.jpg

        21.08 kB, 547×156, viewed 475 times
      • red_public_acl.jpg

        57.65 kB, 694×448, viewed 505 times
      • red_public_cifs.jpg

        126.14 kB, 698×461, viewed 509 times
      • red_public_perms.jpg

        20.8 kB, 547×156, viewed 480 times
    • This is kinda of complex you're setting a share inside another share. Smb protects read-write on login, so if the share is the public share is inside the other one users already by-passed security.
      I would suggest you to rethink this an avoid the usage of ACL, you can achieve the same with privileges and basic POSIX permissions. Is this what you want? sort of?

      Source Code

      1. root@nb:/opt/scratch/test# tree -dpug
      2. .
      3. ├── [drwxrwxr-x root users ] user1
      4. │ └── [drwxr-xr-x root users ] public
      5. ├── [drwxrwxr-x root users ] user2
      6. │ └── [drwxr-xr-x root users ] public
      7. └── [drwxrwxr-x root users ] user3
      8. └── [drwxr-xr-x root users ] public
      9. 6 directories
      Display All
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10 broadcast channel
      openmediavault discord server
    • This is more what I'm looking for:

      Source Code

      1. ├── [ drwx------ user1 users ] user1
      2. │ └── [ drwxr-xr-x user1 users ] public
      3. ├── [ drwx------ user2 users ] user2
      4. │ └── [ drwxr-xr-x user2 users ] public
      5. └── [ drwx------ user3 users ] user3
      6. └── [ drwxr-xr-x user3 users ] public

      I wasn't aware I could just avoid using ACLs, I thought it went hand-in-hand with the sharing... doh!

      The reason I'm specifically trying to have the public folder be a subfolder of the main one is so that the users only have to map one network drive (their private folder) and they can easily access both; meanwhile, other users can only see the public folders when they browse to the NAS.