OMV/SAMBA – How to set this up correctly?

  • (LogID: OVjj2Yn1)


    Dear all


    I am using OMV since a couple of years now (running on an ESXi VM) and just upgraded to the latest version I guess (1.13). All works fine mostly, but now my kids grow up and get their own PCs. I would like to restrict their access to OMV, so that they can only watch children movies, but not Riddick, Terminator, or new Marvel movies, which get far too (unnecessarily) graphic these days. I had until now free access to the OMV shares from everywhere for everyone. So, what I would like to have now is the following:


    Share Name
    Details
    Videosthere are several folders. Ideally I’d like to have my kids only have access to one folder in there that is called “Kinderfilme”. The rest should not be accessible for them. Additionally I need read-write access and my Sat Receiver (PVR) needs read-only access.
    MusicMusic there are several folders, per album or artist, everyone should have read access to this folder, only I should have read-write access
    Pictureseveryone can have read access here for now, only me read-write
    Storeonly me read-write


    I would also like to tie this down, so that all hosts are denied, except those, that I specify. But I have stopped playing with that smb.conf field, as I need to get the basics working first.


    Now, for the life of me, at the moment, I cannot get this the way I want in OMV. I have the feeling, that while playing with this I messed up the Unix rights (ACLs) on the files and folders. I am not sure, what they should be. E.g., the folder Videos belongs at the moment to the userID 1000 (that is an old user, that I got rid off). So, one question should be, can I somehow reset that part of it? If so how? Who should be the owner and group of thoses shares? root? nobody?


    Attached is some additional pictorial information.


    Thank you for any help!!!


    Thomas
    *I'm sorry, this has surely been asked and answered before, but I couldn't find it in this forum so far*

  • Videos
    there are several folders. Ideally I’d like to have my kids only have access to one folder in there that is called “Kinderfilme”. The rest should not be accessible for them. Additionally I need read-write access and my Sat Receiver (PVR) needs read-only access.


    Before you do anyhting: Use the permission reset on every messed up share!


    Then set up every share like you said, with permissions. The only exception to that is the movies share, you go into the ACL Dialog and to the folders your Kids should have no access you deny the access via ACL.


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • Never mind, I spent another night reconfiguring it, and now it works. I agree with some of my pre-problem-havers - that it would be a good idea to make that part of OMV a lot "easier". Hide the ACL mechanics and all the Samba configuration, at least from the first level interface, because if you touch it once, it breaks it all.
    All one needs really is creating samba shares and users and then give/deny access, using the privileges screen/mechanics. I would think, it covers 90% of people using this.
    (But trying to figure out whether I want the samba to become local master browser ... just freaks me out! Samba and me will never be friends ;)


    As for solving my problems, here is what I did:
    ACLs/Unix Permissions (is that btw the same?) - this here seems to be working for me, I changed the owner to root:users like so:
    chown -R root:users /media/somelonggarblednamewithlotsofnumbers/Videos
    And set the file permissions to 775:
    chmod -R 775 /media/somelongnamewithlotsofnumbers/Videos


    Some posts talk about an "ACL reset utility", I cannot seem to find that. Where exactly should it be and what do I do, if I don't have it?


    This results into this:
    drwxrwxr-x+ 2 root users 4096 Sep 16 2013 somedirectoryname


    I then give access to the shares using permissions. ("papa" = "Read/Write"; "kid1" and "kid2" = "Read-only").


    I then wanted to have certain sub folders in a share accessible by me, but not by my children. For that, I did use the ACL (just set "kid1" and "kid2" to "no access", left "papa" outouched, so there is nothing selected) and that does the trick.


    I haven't tried to play with the host allow / deny fields, I might do that at some point.


    During the process, I lost 4TB of movies by accidentially by deleting a vmdisk through deleting an old omv VM (my own fault, always read dialogs), so at the moment there is nothing to share (or deny), but that'll be filled up in no time :)
    Well, there's nothing better than a good clean up every now and then!


    crayfish

  • Some posts talk about an "ACL reset utility", I cannot seem to find that. Where exactly should it be and what do I do, if I don't have it?


    You have a second tab on shared folders, when you have the omvextrasorg plugin installed.


    I then wanted to have certain sub folders in a share accessible by me, but not by my children. For that, I did use the ACL (just set "kid1" and "kid2" to "no access", left "papa" outouched, so there is nothing selected) and that does the trick.


    Good you figured it out yourself ;)


    Well, there's nothing better than a good clean up every now and then!


    If you say so :P


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • @'ryeconaaron' Thats weird, permission reset doesn't show up.


    @crayfish Whats the output of ls -la /var/www/openmediavault/js/omv/module/admin/privilege/sharedfolder/


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

    • Offizieller Beitrag

    Clear the browser cache...

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • @crayfish Whats the output of ls -la /var/www/openmediavault/js/omv/module/admin/privilege/sharedfolder/


    Greetings
    David


    root@omv:/etc/apt/sources.list.d# ls -la /var/www/openmediavault/js/omv/module/admin/privilege/sharedfolder/
    insgesamt 40
    drwxrwxr-x 2 openmediavault openmediavault 4096 Mär 6 14:10 .
    drwxrwxr-x 5 openmediavault openmediavault 4096 Feb 27 22:30 ..
    -rw-r--r-- 1 root root 5760 Mär 2 19:45 ResetPerms.js
    -rw-rw-r-- 1 openmediavault openmediavault 22178 Jan 19 12:57 SharedFolder.js
    root@omv:/etc/apt/sources.list.d#


    (browser cache claering is going on here every day, because of some other work related stuff, so that doesn't help)

    • Offizieller Beitrag

    Somehow the file's owner is root. That tells me something very strange is going on...


    chmod 664 /var/www/openmediavault/js/omv/module/admin/privilege/sharedfolder/SharedFolder.js
    chown openmediavault:openmediavault /var/www/openmediavault/js/omv/module/admin/privilege/sharedfolder/SharedFolder.js

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • did that:


    root@omv:/var/www/openmediavault/js/omv/module/admin/privilege/sharedfolder# ls -la
    insgesamt 40
    drwxrwxr-x 2 openmediavault openmediavault 4096 Mär 6 14:10 .
    drwxrwxr-x 5 openmediavault openmediavault 4096 Feb 27 22:30 ..
    -rw-r--r-- 1 openmediavault openmediavault 5760 Mär 2 19:45 ResetPerms.js
    -rw-r--r-- 1 openmediavault openmediavault 22178 Jan 19 12:57 SharedFolder.js
    root@omv:/var/www/openmediavault/js/omv/module/admin/privilege/sharedfolder#


    But I still don't see a reset tab (could smbdy please post a picture, so that I konw what I am looking for?). I did clear the browser cache.


    any further ideas?


    cray

  • Ok, now ... I have tried a hundred times to check for updates in the recent weeks, and was wondering why there weren't any. For some reason, it has now found several updates - looks like I was running an old version of a few things.


    So, I do now see the additional tab.


    Thanks for your help, I think I am good for now!


    crayfish

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!