User can only access one share

  • Been using the latest release version of OMV on a raspberry pi.


    I decided to try using Apple Filing instead of Samba (mostly because Samba never seems to be very stable...try to copy too much at once and it invariably crashes). I created two shares and two users (myself and my wife) . Read/Write permissions have been granted for both of us for both shares. Went into the shares and set the ACL the same way on both. I even created a group and joined both of us to it and gave the group the same read/write permissions. problem is that I can see both shares and she can only see one. I turned on Samba and tried that and we both can access both shares. Tried FTP and got the same result...both users have access.


    As far as I can see the two shares are set up identically, although they are each on a separate file system/drive.


    I am out of ideas as to what is wrong. I have even tried setting her as the owner of the share. Same result, I can see it, she cannot.

    • Offizieller Beitrag

    I would remove the ACL entries. (They're of no help.)


    I'm going to assume that the usernames and passwords that you entered into OMV, for you and your wife, are identical - cap's and all, to the usernames and passwords that you're using to logon to your clients. If they're not the same, make them the same, and be sure to access shares from those same clients.


    When adding a user in OMV, by default, that user will be entered in the default Linux users group "users". In your shared folder, make sure that "users" have read/write. (This is in the lower half of the window, Owner, Group, and Others settings are located.)


    More info and a pic is available in this thread.

  • The user/password created on the OMV is not the same as that used on the two MacBooks. It doesn't seem to matter when I connect, since it will ask what credentials I would like to connect with.


    However, just to know, I created a user with the identical name and password as my Macbook and tried that. Then I tried creating several user accounts and they all have one thing in common...my original account is the ONLY one that can access the share in question. I can use those credentials on my wife's computer and it will access both shares just fine.


    Must be some sort of bug, since I have checked every setting available and there are no differences whatsoever for the accounts. Each share has identical permissions set (each user account has read/write access). Yet one share will appear for my account and mine alone. Each account has identical settings as well.


    I deleted the ACL settings...made no difference.

  • Oh, and just for the hell of it, I created several other shares and added them to the Apple Filing. Permissions set for all accounts. Only I can see any of them.


    If I add these shares to Samba, any account can see any of them.


    Must be a bug


    Of course, there is one work around that solves the problem. Both of us use the same account. Mine. Not the most elegant solution...but it works. If I login on her laptop using her name and password (for the laptop) and then access the shares with my username/PW, they show up just fine.

    • Offizieller Beitrag

    Alternate user credential logon's are fine. (Full disclosure, I know nothing about Apple Filing.)


    Where Samba is concerned, assuming that the user database has not been modified, SMB follows file permissions set on shared folders. Samba can be more restrictive than the base shared folder it's layered on, using switches in OMV (like "read only"), but it can't loosen restrictions set on files and folders.


    You could try watch smbstatus on the command line to see if Samba is the cause for the deny.


    Assuming something is going on with Samba, you could try the following in the SMB GUI dialog's Extra Options, to see if it opens up:
    write list = @users (this is a group example) or
    write list = username (this is an individual user example)
    ___________________________________________________


    You also mentioned 2 different data drives. What's your folder arrangement?


    I've found permissions are easier to deal with when setting shared folders at the root of a data drive.
    If a shared folder is nested inside of a parent folder, with the parent folder set at the root of the data drive, permissions on the parent folder can deny user access to the shared folder, even if access on the shared folder is set correctly.


    Something similar to this is mentioned in this thread.
    ____________________________________________




    As for a bug in the Debian OS or OMV, that's unlikely. This behavior would have to be repeatable to classify it as a bug. But there may some slight corruption in your installation. The only sure way to eliminate that possibility is a rebuild.

  • I only enabled Samba long enough to see that the fault did not lie with the setting at the shared folder level, since this is independent of whatever service is being used (Samba, apple, FTP, etc..). As I said, Samba doesn't seem to have this problem. All user accounts can see all shares that they have permissions for. At this point, one would be tempted to say screw it then and use Samba. But I have learned the hard way to never trust a Samba system with my data.


    The two shares are on two separate ext4 file systems, each on a separate SSD drive. The two shares are nested inside parent folders, since that is the default when you are setting these things up within OMV. Just to see what happened, I created a new share, at the root of one of the file systems and added that to the apple filing share list. All that did was create yet another share that only i can see.


    The only difference that I can see between the user account that works and those that don't is that only my user account was created prior to enabling the apple filing system. I am feeling a bit too lazy today to test this by wiping the raspberry pi SD card and starting over


    If I am remembering correctly, it has not been that long since Apple Filing was added to OMV...before it was an add-on. Probably too soon then to be considered bug free.

    • Offizieller Beitrag

    I am feeling a bit too lazy today to test this by wiping the raspberry pi SD card and starting over

    You don't have a 2nd card? That (a 2nd card) is recommended. Once all is configured and working correctly, if the working OS is cloned to a second card, you'd have OS backup. If something goes wrong, you can back out. In Windows, to clone SD-cards and thumbdrives I use win32diskimager. I'm not sure what the equivalent Mac utility might be.


    The two shares are nested inside parent folders, since that is the default when you are setting these things up within OMV.

    This is not the case. In the shared folder dialog below, you pick the device (a drive) name it, set permissions and the path (Test/) is filled in by default.




    As is shown below, the shared folder appears at the root of the data drive with the permissions set above. Anyone in my user group can write to this share.
    (dev-disk-by-label-URBACKUP represents a physical drive. This is a path to the drive - it's not a parent folder.)



    If you're using a parent folder, something like or named "Server Folders" and setting shared folders inside it, permissions on the parent folder become a consideration as well.
    _______________________________


    One last consideration might be the groups that you have assigned to your working user, versus the user that doesn't work. You might consider going into Access Rights Management and comparing them.

  • I decided to try using Apple Filing instead of Samba (mostly because Samba never seems to be very stable...

    Samba is stable, if you run into issues on an RPi you should be aware that it's almost always either power supply or SD card related (search the forums, especially read the threads that are linked to from the readme.txt at the download location).


    As for your issues: OMV ships with sane defaults. You can create two or more users and OMV takes care that they're all members of the same group (OMV default group is 'users'). If you create shares, again OMV will take care of the defaults and ensure that those shares are accessible by all members of the 'users' group.


    It's as easy as:

    • Creating users without taking care of any details (only if you want specific users to be able to administrate the system add them optionally to the 'ssh' and 'sudo' groups)
    • Switch to AppleFiling and create there fresh shares with 'Admin: read/write, Users: read/write, Others: read)

    Works out of the box without ever touching any other areas of configuration.

  • I'm going to assume that the usernames and passwords that you entered into OMV, for you and your wife, are identical - cap's and all, to the usernames and passwords that you're using to logon to your clients. If they're not the same, make them the same, and be sure to access shares from those same clients.

    The usual @crashtest BS 'advice'. I still hope that one day you will stop your idiotic behavior refusing to learn so one more time: this is not necessary on any OS. For an ignorant guy like you it seems this would be a good idea on Windows since in certain situations Windows won't ask for logon credentials but tries the ones of the local user. But the thread starter made it obvious that he's not using some fancy OS from Redmond but one where you can specify logon credentials when connecting to servers (as it should be).


    When adding a user in OMV, by default, that user will be entered in the default Linux users group "users".

    BS. There is no 'default Linux users group' since Debian defaults to put each new user into their own group. That's why user management in Linux will end up with a situation where you run into troubles with NAS operation and that's why it's so important to create OMV users from within the OMV UI. Since then 'users' is the default OMV users group and the other OMV defaults result in flawless operation for members of the same group. Unfortunately your compilation of misunderstandings still lacks the most important part when it's about setting up OMV: user creation. But for someone who can't differentiate between authentication and permissions errors or confused POSIX privileges with ACLs most probably it's better to not elaborate on his beliefs about such topics.

    • Offizieller Beitrag

    BS. There is no 'default Linux users group' since Debian defaults to put each new user into their own group. That's why user management in Linux will end up with a situation where you run into troubles with NAS operation and that's why it's so important to create OMV users from within the OMV UI. Since then 'users' is the default OMV users group and the other OMV defaults result in flawless operation for members of the same group.

    Where do you come up with this stuff? Why would anyone running OMV attempt to add users in any other way, other than through the GUI? Similarly, the rest of the above has little to no point and does nothing to help this user.
    ___________________________________________________________________


    @jgbrock your thread had been chosen for pollution of the worst kind - prattling with no practical use and other static. And the amazing part of it is, while this is your thread, your issue won't even be considered and real help is unlikely to be offered.


    If you to want to continue this in a conversation (in the upper left of this page), I'll help you where present company probably won't.


    My Regrets and,
    Regards

    • Offizieller Beitrag

    mother Moses you're making this forum the worst place where to seek for support....fight your own war somewhere else or try to respect each other opinions

    I wholeheartedly agree. If it was just directed at me, that would be one thing, but this moderator does this on more than one forum. To get a bit of perspective, read through this thread on the Armbian forum and note he's an equal opportunity offender - newbies, experienced users and moderators alike. Again, on more than one forum. He's banned on the Raspberry PI forum because, maybe you guessed it, "no one knows what they're doing".


    Advise a user? Fine - that's what this forum is for. But these extended soliloquies of option where the common theme is, "I'm right, everyone else is wrong" (apparently everywhere) are nothing short of tragic. You saw the above - he does this all the time. If you were directly addressed in such a manner, what would you do?


    Unfortunately, it means a PM (a conversation) is necessary to cut out the static.

  • And the amazing part of it is, while this is your thread, your issue won't even be considered and real help is unlikely to be offered

    The usual @crashtest BS. You are still not able to realize how OMV defaults work. I addressed all the issues @jgbrock has in one post above and the BS you originate in another comment. But most probably now you're playing your usual idiotic games, started a personal conversation with the affected user trying to agitate him and so on. The usual sh*t show...

    • Offizieller Beitrag

    And yet, I'm guessing the user who originated this thread has the same problem - that your "advice" broadcast solved nothing. Forum support is not; "this is the way it is" and, essentially, "deal with it". That's not why users post here. A solution to an odd issue may be needed. Usually that requires a dialog, not a broadcast.


    Good grief, the OCD is an overpowering force, uh? New users and actually getting a result in a thread becomes meaningless, because you simply can't help yourself, can you? I mean your "way with people" got you banned from the Raspberry PI forum, but did we learn anything? Umm, No - the answer is "No".


    So as your counter-part on the Armbian forum noted in his post (after he got sick of your string of non-stop prima donna nonsense);
    I'd better take the advice he recommended in his link. (George Carlin's point should be heeded - in this area you have a LOT of experience.)


    Now please feel free continue to babble and blather away - new users may be watching..... Go ahead,, get it out of your system... :)
    Unwatched - done here.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!