ACL settings at linux file level -- should it always be Owner: root Group: users?

Trying to wrap head around permissions in OMV....

Our plan is 2 groups for each share will cover access:

SHARENAME_ro gives read-only access
SHARENAME_rw gives read-write access

So imagine we have group names as such...

GRP_SHARENAME_RO
GRP_SHARENAME_RW

We want to make it so if you are not a member of either of these groups, you will never see "SHARENAME",
and if you are a member you will see it in WIndows environment and have the appropriate access level.

-------------

So some questions about how to set this up

when creating the new share in menu....

Access Rights Management > Shared Folders:

We create (+Add) share first with following for "permissions":

Administrator: Read/write
Users: Read/write
Others: None

NEXT... we click on [ACL] button....

-------------

Here we have:

In the "User/Group permissions" section...

GRP_SHARENAME_RW [x] Read/Write
GRP_SHARENAME_RO [x] Read-only

(Everything else unchecked.)

In the "Extra Options" section...

Owner = root
Permissions: read/write/execute

Group = users
Permissions: read/execute

Others = none
---------------------

Is that correct?

Also, specifically wondering, is there ever a situation where "Group" in ACL should be owned by group other than the group "user" ? Somehow I wound up with one share owned by group "root".

Zitat von crashtest

Take a look -> here . I you scroll up, in the same thread, there's a link to another explanation.

Thanks. I have used linux for many years. I understand linux level permissions of owner/group/other within the linux system itself.

What is confusing is what OMV is doing on top of this.

Specifically in the "Extra options" area, which again references "Owner" "Group" and "Others" *BUT* appears to affect something other than those same-named permissions on the system level. This can be confirmed when in "Extra Options" you set....

Owner: root = rwx
Group: users = None
Others: none

and replace + recursive.

After it processes, everything on the actual file system is still chown root:users with mask like -rwxrws---+

Where I would expect it to become -rwx------+

Confusing.

Zitat von crashtest

Take a look -> here . I you scroll up, in the same thread, there's a link to another explanation.

Ok... problem is in your example imaged linked...

If the share was a PRIVATE share (which all of our shares should be, until a user is given access) hen at the "standard" permission level (the green box)... Read/Write/Execute would for Group="Users" would give every OMV user full access to the share. Nevermind "Others" having Read/Execute. As I understand it, the GROUP "users" in OMV includes every single user created in OMV. Therefore, if in the greenbox you have anything other than "none" Group=users, then those users will be able to see and read private files.

What I am asking is if there are any tutorials out there for OMV to set up simple READ-ONLY, READ-WRITE, NONE access to every share created in OMV based on membership to a correspondingly named group,

i.e. if you are member of either group:

grp_CONFIDENTIAL_SHARE_ro
grp_CONFIDENTIAL_SHARE_rw

Then you can see and have access to share name CONFIDENTIAL_SHARE.

Otherwise you can not.

I mean I can look at /etc/group and /etc/passwd and file permissions on linux, and kind of see what is happening, but I can not get it to function simply as I have described - because there are so many confusing permission levels and windows within OMV.

As I'm reading more, it seems people are suggesting to never touch the permissions in the red box up there ("User/Group Permissions") and instead manage access to the files in....

Access Rights Management > Shared Folders > Privileges

Haven't had much luck with that yet either though.