Default/empty privileges

  • Am I correct in seeing that if you don't set any privileges, then the default samba share will allow everyone r/w (filesystem perms notwithstanding)?

    Programmatically I can see why nothing set --> no directives created in the smb.conf, but it also seems strange that:

    no privileges on folder --> both foo and bar have r/w to folder
    foo rw on folder --> no change to foo's access, but bar no longer has any access

    It also means that when adding a new user they would automatically get access to folders that were left unset (during the time when r/w for all was appropriate),

    Is there a setting to make the default more prudent and have "nothing set --> no permissions"?

    A related issue perhaps: how can I give one group rw on a share and everyone else r? I can't see a "users" entry in the privileges table.

  • Is there a setting to make the default more prudent and have "nothing set --> no permissions"?

    You can disable the share, also is mentioned here to at least give one user privileges otherwise happens what you said

    Samba Share Types in OMV

    You can assign groups in privileges, they have to be groups created in the ui, gid > 1000

  • So I guess the best practise is to always assign some privilege (even if they are redundant)?

    In that vein, how can we use the "users" group in privileges? For example if we want to restrict a share to read only for everyone?

  • Okay, so a vacuous group to which we manually add new members by default, and leave the "users" system group as an internal mechanism.

    I guess this is the most prudent and correct approach to take, and also solves the "absent privileges" issue as long as you always set an appropriate on shared folders creation - perhaps enforcing this can be an idea.

    Thanks for the insight.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!