Managing user rights

    • OMV 4.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Managing user rights

      Hello everyone,

      after setting up my Raspberry Pi running the latest version of OMV I followed the tutorial on how to create a "samba" share for use with Windows.
      So far so good. I can create shared folders that are open to everyone on my network. How do I go about creating a shared folder that requires credentials of some sort (username+password?) to be used. I have some files that I would like to store on my NAS that shouldn't be available (not even with read only permission) to general users in my network.
      I hope that I have stated my problem clearly enough and I hope that you can help me.

    • In the unlikely event that something goes severely wrong, have you backed up your SD-Card?

      (Note that this is not the most secure way to setup - however.)

      If all of the users, on your network, log into their PC's with unique User names and passwords:

      Under Access Rights Management, Users, you'd need to set up the same exact user names on OMV, with the exact same passwords, as they are set on the Windows PC's. (Note: Linux is sensitive to the capitalization of user names and passwords. They must be an exact match, Cap's and all, to the Windows user name and password.) This sets the stage to allow users to access OMV shares, automatically, using their Windows credentials.

      All users entered during the above process will be, automatically, added to OMV's "users" group.

      In Access Rights Management, Shared folders, click on a share and the ACL button.
      (Ignore the top window - those are extended permissions that can cause access conflicts to the Linux basic "Owner" "Group" and "Others" permissions settings in the bottom pane.)

      In the bottom pane, you can set Owner to root, and Group to users. (These are likely to be already set.) Finally, Others is changed to read only or none. (BTW: Read only is a reasonable option for media shares) Set the Replace and Recursive options to Green (or on), and Apply.

      Finally, you'd need to set options on the SMB share, layered onto the Shared Folder above.
      Go to Services, SMB/CIF, in the Shares tab, and click on the appropriate SMB share. In the Public line; Guests Allowed would match the Shared Folder permission Others - read only from above, and Public - No would match Others - none.

      (**Side note - SMB network share permissions, set on the Public Line, can not override the permissions set on the Shared Folder under it. It can only further restrict.**)

      If you use Public - NO; in extra options, I use the statement write list = @users to insure users have access to the SMB share and can write to the share, despite the setting of the SMB Read Only option. (**Note: this "write list" statement in extra options is not necessary for what you're trying to do. I use it as a preference for other things I do with SMB shares, like setting "Read Only" when allowing temporary guest access.**)

      If you want exclusive access to a network share, under Access Rights Management, Group, you'd need to create a new group and add only your user name to it.
      Create your own personal Shared folder and using the ACL button, change the Group setting to the new group you just created, and Others - none.
      Finally, create a new SMB/CIF share, on the shared folder created above, and set Public to NO .

      If something goes wrong, you can undo permissions settings by changing Shared folders to Others - Read/Write , and SMB/CIF shares to Public - Guests Allowed.

      (I hope this helps to get you on track.)
      Good backup takes the "drama" out of computing
      Primary: OMV 3.0.99, ThinkServer TS140, 12GB ECC, 32GB USB boot, 4TB+4TB zmirror, 3TB client backup.
      Backup: OMV 4.1.9, Acer RC-111, 4GB, 32GB USB boot, 3TB+3TB zmirror, 4TB Rsync'ed disk
      2nd Data Backup: OMV 3.0.99, R-PI 2B, 16GB boot, 4TB WD USB MyPassport - direct connect (no hub)

      The post was edited 3 times, last by flmaxey: edit2 ().