Enable user to set ACLs for specific shares OMV 2

    • OMV 2.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Enable user to set ACLs for specific shares OMV 2

      Hi, here is my scenario:

      My shares are basically home directories of users.
      Users should be able to share specific folders/files inside ther home folder with other users/groups.
      The users are Windows/Linux users.
      They want to mount their Home folders via SMB or SSHFS.
      --> I decided to create a omv-users group which has read write access on all shares
      --> The basic permission scheme is 700 for the home folders.
      Users should have SSH access on the server.
      But not all users are able to use getfacl and setfacl on the command line.
      From the webui I saw, that there is a configuration window that allows to navigate through a folder structure starting from a configured Share and set the default as well as the more detailed ACLs.

      The user can login to the webui as well but has just a limited amount of options there.
      Is ist somehow possible to add this ACL window for a specific folder for each user?
      Could this probably be achieved by a plugin?

      It would be nice if you could help me with this.
      I'm a linux admin with a fundamental grasp of programming.

      Thank you in advance.
      Images
      • 2018-01-13_024139.png

        29.18 kB, 710×529, viewed 59 times
    • There is only one admin user in Omv. Extended access to normal users for admin features is not possible by default. If you create a plugin it might work, the php socket runs as root. I am not aware that non-admin users are unprivileged as they log in, they are just limited by the ui design.

      Examples on how plugins give some extra access to their configurations (limited btw) is the OpenVPN and if I am not mistaken the cups plugin.

      A better answer maybe given by @ryecoaaron or @votdev
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • It is all possible, but you need to implement this on your own via plugin.
      Absolutely no support through PM!

      I must not fear.
      Fear is the mind-killer.
      Fear is the little-death that brings total obliteration.
      I will face my fear.
      I will permit it to pass over me and through me.
      And when it has gone past I will turn the inner eye to see its path.
      Where the fear has gone there will be nothing.
      Only I will remain.

      Litany against fear by Bene Gesserit
    • subzero79 wrote:

      Examples on how plugins give some extra access to their configurations (limited btw) is the OpenVPN and if I am not mistaken the cups plugin.
      syncthing also has a interface for the user.
      omv 4.1.6 arrakis | 64 bit | 4.16 backports kernel | omvextrasorg 4.1.7
      omv-extras.org plugins source code and issue tracker - github.com/OpenMediaVault-Plugin-Developers

      Please read this before posting a question.
      Please don't PM for support... Too many PMs!
    • I thought of another solution using inotify/incron to monitor changes on the directory and set setfacl permissions recursively. For this I have a small file in the home dir of every user, where the permissions can be entered. But I still need to test out how exactly this needs to be configured and if this is working with lots of files. I will keep you up to date when I continue with this. currently I try to move all my custom configurations into separate docker containers...
    • Users Online 1

      1 Guest