shared folders - acls and privileges problem

doguibnu · 2. Juni 2017

Hello!
How are you?

We have OMV production server. There are many users - groups with ACLs for access about each group.
The server is working nice a long time.
Yesterday I nedded add other user from other group in "x" group for that user can works inside x group (share folder group).

Ok, I made user folder inside "x" group set the ACL and right, works.....But, today morning, one of user from "x" group told me that have no more access to save yours files inside server.
I did not do any change for this user (the user that told me about have no access) when set acl to the new user.

After try any sets ACL by the day, because I do not know what happened I find one solution, but I need to know if is right?

I go to share folder from x group and set Privilege to the group: READ/WRITE (see the attach example figure)
For now, this solve the problem but, is the only share folder set with Privilege Mode

The user access OMV by windows 8.1 64 bits

Now, I do not know fix the problem to work before or as all share folders working

What can be wrong?

Thanks attention and Help and sorry English

Douglaa

donh · 2. Juni 2017

What version are you running? Is it updated? There have been smb updates in the last week or two.

doguibnu · 2. Juni 2017

Zitat von donh

What version are you running? Is it updated? There have been smb updates in the last week or two.

Hello donh

My version samba is:
ii samba 2:3.6.6-6+de amd64
ii samba-common 2:3.6.6-6+de all
ii samba-common-b 2:3.6.6-6+de amd64

openmediavault information
Release: 2.2.14
Codename: Stone burner

OS/Debian information:
Distributor ID: debian
Description: Debian GNU/Linux 7 (wheezy)
Release: 7.11
Codename: wheezy

I did update last week

Thank you attention

subzero79 · 2. Juni 2017

Can the user log in (password accepted ) to the samba shared folder ?
If that's correct this is a permission issue....for the amount of users I see there (not much) I don't really see the need of using acl. Remember privilege will get you access and control read and write(password protect at the end), but if the permissions in the files and folders are closed for the users logging in then it will not work as expected.

Can you drop down to command line and post this command from the folder you're trying to share.

la -la

donh · 3. Juni 2017

Or maybe ls -la.

doguibnu · 5. Juni 2017

Zitat von subzero79

Can the user log in (password accepted ) to the samba shared folder ?
If that's correct this is a permission issue....for the amount of users I see there (not much) I don't really see the need of using acl. Remember privilege will get you access and control read and write(password protect at the end), but if the permissions in the files and folders are closed for the users logging in then it will not work as expected.

Can you drop down to command line and post this command from the folder you're trying to share.

la -la

Hello!

Before add the user for group "x" have not set Privileges, was set only ACL how all our scenario from groups and users and it was working and the users can log in (password accept) to the samba shared folder. After add user, nobody can access the shared folder (that folder). Only after Privilege set as I show you in figure example.

Here is the post from now (real scenario) after Privilege set:

tributac# ls -la
total 60
drwxrwsr-x+ 8 root users 4096 Jun 1 15:09 .
drwxrwsr-x 23 root users 4096 Jun 1 15:05 ..
drwxrwsr-x+ 6 root users 4096 Set 22 2015 gabriela
drwxrwsr-x+ 2 root users 4096 Mai 31 12:01 joelma
drwxrwsr-x+ 2 root users 4096 Fev 21 11:48 mariane
drwxrwsr-x+ 6 root users 4096 Mai 22 14:33 marina
drwxrwsr-x+ 20 root users 4096 Jun 2 14:41 pubtributacao
drwxrwsr-x+ 8 root users 4096 Jun 1 16:40 zeni

thanks attention

doguibnu · 5. Juni 2017

Zitat von subzero79

I am sorry
the post go 2 times because give me error screen, sorry

doguibnu · 12. Juni 2017

Zitat von subzero79

Can the user log in (password accepted ) to the samba shared folder ?
If that's correct this is a permission issue....for the amount of users I see there (not much) I don't really see the need of using acl. Remember privilege will get you access and control read and write(password protect at the end), but if the permissions in the files and folders are closed for the users logging in then it will not work as expected.

Can you drop down to command line and post this command from the folder you're trying to share.

la -la

Hello!

Before add the user for group "x" have not set Privileges, was set only ACL how all our scenario from groups and users and it was working and the users can log in (password accept) to the samba shared folder. After add user, nobody can access the shared folder (that folder). Only after Privilege set as I show you in figure example.

Here is the post from now (real scenario) after Privilege set:

tributac# ls -la
total 60
drwxrwsr-x+ 8 root users 4096 Jun 1 15:09 .
drwxrwsr-x 23 root users 4096 Jun 1 15:05 ..
drwxrwsr-x+ 6 root users 4096 Set 22 2015 gabriela
drwxrwsr-x+ 2 root users 4096 Mai 31 12:01 joelma
drwxrwsr-x+ 2 root users 4096 Fev 21 11:48 mariane
drwxrwsr-x+ 6 root users 4096 Mai 22 14:33 marina
drwxrwsr-x+ 20 root users 4096 Jun 2 14:41 pubtributacao
drwxrwsr-x+ 8 root users 4096 Jun 1 16:40 zeni

thanks attention

hello!

Any Ideia about this error or what can be wrong?Thank you

Thanks

subzero79 · 12. Juni 2017

From what I understand those are suppose to be private folders ? Only the folders name person should see their own folder and not each other ? I guess there is a common public folder there that all users should see also?
If that's the case you should rethink your scenario maybe use one share per user. Also is hard to debug this when we cannot see the acl applied for each share.
It will help if you describe what you really want to achieve, maybe acl should not be used here and this can be resolved at basic permission and privileges.

Jetzt mitmachen!