Hide Shared Folders that a User can't access (workaround for access based share enum)

  • "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • Great guide by TechSmurf. This is exactly what I was looking for to not display shares a user cannot access.


    I think I'm about 99% there, but I ran into a snag. The %U variable (as in "include = /etc/samba/.browseable/ShareName.%U.conf") isn't being substituted in properly.


    The variable %U is supposed to substitute in the user's home directory name, but I think the substitution isn't occurring properly. If I manually substitute in the user's name it works correctly and I can see the shares list properly.


    Prior to trying this I had home directories disable. As this relies on home directories I enabled the setting in SMB and then I created a 'homes' shared folder and turned on 'User home directory' and I used 'homes' as the location. I think the home directories are now setup properly, but the %U variable still isn't working.


    I tried turning on log level 10 in the smb.conf file, but it didn't show any errors that I could identify. Does anyone know what setting I'm missing for %U to work correctly?

  • Correction for my statement above:
    %u = Current Unix username
    %U = Requested client username (not always used by Samba)


    Also solved it. It was that my user names started with a capital letter. When I changed them to all lower-case letters it worked perfectly. Although it was tricky viewing this from Windows. To flush settings and view it with different users I had to do the following:
    1) Close any open explorer windows showing the network location.
    2) net use \\OPENMEDIAVAULT /delete
    3) net use \\OPENMEDIAVAULT * /user:reed


    I could then cycle through the accounts and confirm each saw only the shares for which they had permissions.


    I noticed and fixed a small oversight in the original shell script. It would fail because .browseable doesn't initially exist. I made a small modification adding in a check/creation of the directory:


    Code
    browse_dir=/etc/samba/.browseable
    if [ ! -d "$browse_dir" ]; then
    mkdir $browse_dir
    fi
  • Is this still the way to go?
    I don't have the folder /usr/share/openmediavault/mkconf/samba.d .
    I tried adding access based share enum = yes under [global] in /etc/samba/smb.conf as this is how I did it on other systems.


    I know it says to not edit the file, but that would be the easiest solution, unfortunately it doesn't work probably for the reasons explained in the guide.


    So does somebody have this working?


    Edit:
    Turns out access based share enum = yes does work, it just gets removed again after any folder change inside OMV.
    So the question ist how can I edit smb.conf in a way that it sticks?

  • So I just found the solution:
    Add access based share enum = yes in OMV to SMB/CIFS -> Advanced settings -> Extra options
    Then set every share you create to Public -> No
    And everything is working as intended, folders just show up for users that have access rights :)

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!