Folder permissions, ACL, again

    • OMV 4.x
    • Folder permissions, ACL, again

      Just getting into folder permissions and I have a few questions so far.
      When adding a shared folder I have to set its basic permissions of owner/group/others. That is clear. Right after creating the folder I can go to ACL extra options. Do these options correspond to what I've setup when adding the folder? So I could for example change the folder group here from users to lets say 'mediaUsers' and give all of them the permission they should have? Am I correct?

      I furtheremore noticed that I somehow cant access a folder via SMB share what I have read/write privileges for. As soon as I grant myself execution privileges, I can. Could anyone explain that behavior?

      Thanks! :)



      EDIT:

      So for what do U guys actually use the privileges Button? I read many of you are using only that, but that means that you must grant everyone all privileges on system permission level don't you? Wouldn't it be way more secure to grant only the privileges needed for every user/group on system level?

      Example1: I have a shared folder called 'user2'. Only user user2 should be able to access that folder.
      So I would set system permissions to Admins: read/write; Users: no access; others: no access; And in ACL settings I would grant only user2 full privileges. No further settings in the "Privileges" box needed since system privileges totally match my needs.(?)

      Example2: I have a shared folder called 'media'. Only users in the group mediaGroup should have access to it. So I create that folder setting system permissions to Admins: read/write; Users: read/write; others: no access; And in the ACL settings I would change the assigned group of that folder to mediaGroup with full privileges. No further settings in the "Privileges" box needed since system privileges totally match my needs.(?)

      What are your thoughts on that?

      The post was edited 1 time, last by HannesJo ().

    • None of your examples seem to need any use of ACLs, just the old traditional mechanisms for access rights.

      Just assign the right ownerships, group memberships and access rights, and you are done.

      But then I don't use Windows or CIFS, so I could be wrong?
      OMV 4: 7 x Odroid HC2 + 1 x HC1 + 2 x RPi4

      The post was edited 1 time, last by Adoby ().

    • Adoby wrote:

      None of your examples seem to need any use of ACLs, just the old traditional mechanisms for access rights.

      Just assign the right ownerships, group memberships and access rights, and you are done.

      But then I don't use Windows or CIFS, so I could be wrong?

      Okay but you agree that using that Privileges Box for omv services is basically not needed this way?
      And how could I assign ownership and group membership? I can find it only at ACL settings.

      Thanks!
    • Shared folders have owner "root" and group "users" when created in the GUI of OMV.
      Users are members of the group "users" when created in the GUI of OMV.

      So for SMB and other services it is enough to use privileges, to give the users read/write or only read privileges to shared folders.
      Odroid HC2 - armbian - OMV4.x | Asrock Q1900DC-ITX - Intenso SSD 120GB - OMV4.x
      :!: Backup - Solutions to common problems - OMV setup videos - OMV4 Documentation - user guide :!:
    • I use the OMV GUI to add or modify users and groups and group memberships. I use the command line or Midnight Commander to set owner and access rights on files and folders, other than the OMV defaults. If I really need to. I very rarely need to.

      I have never used ACLs.

      The plugin resetperm is handy sometimes, to reset the default permissions.
      OMV 4: 7 x Odroid HC2 + 1 x HC1 + 2 x RPi4
    • macom wrote:

      Shared folders have owner "root" and group "users" when created in the GUI of OMV.
      Users are members of the group "users" when created in the GUI of OMV.

      So for SMB and other services it is enough to use privileges, to give the users read/write or only read privileges to shared folders.

      Yeah but there is that powerful linux permission system, so why should one just set almost everything to "users read/write" and then using an additional "privileges" manager? In the manner of security I totally get the point of using linux permission system, so why getting almost rid of it and its advantages by saying "it is enough to use privileges"?
    • HannesJo wrote:

      why getting almost rid of it and its advantages by saying "it is enough to use privileges"?
      Many users have messed up their system by mixing privileges and ACL


      HannesJo wrote:

      In the manner of security I totally get the point of using linux permission system
      Where do you see an issue regarding security?
      OMV is designed to have one admin and several users. Users are intended to access data via services like SMB, not by CLI. Access rights for services are managed by privileges per user.
      Odroid HC2 - armbian - OMV4.x | Asrock Q1900DC-ITX - Intenso SSD 120GB - OMV4.x
      :!: Backup - Solutions to common problems - OMV setup videos - OMV4 Documentation - user guide :!: