Permissions strategy

  • I have used vanilla ubuntu server for my home server for some time. Running network file services (NFS/CIFS/DLNA) and mysql. Then, any additonal services in libvirt/qemu guests (with one acting as a docker host). All virtualised services then access their data on the bare metal host via NFS/MYSQL. The system is LVM based and has no raid/ZFS etc.

    I was thinking of using OMV to serve all media/data files. With OMV, we have the regular file system permissions, then ACL's (this is presumably extended file attributes) and also (share level?) privileges.
    I'm familiar with regular filesystem permissions, less so with extended attributes as I have always avoided them. I am also familiar with samba share level permissions but not share level perm's WRT NFS exports.

    My strategy has always been to lockdown regular filesystem permissions, limit host access in NFS exports, and make sure relevant UIDs match between NFS client and server. That can be problematic. I use samba only to export 'home' directories to a family member's laptop.

    Does OMV ease this kind of NFS permissions config?

    [EDIT] Presumably the 'privileges' dialog within shared folders does not apply to NFS exports? [/EDIT]

    Do OMV users find exteded attributes/ACL particularly useful in general? Is it easy to manage once you have started applying extended attributes across disparate parts of the FS? Or is it something to steer clear of unless you really need fine grained access control?

    Many thanks.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!