Questions about sharedfolders/SMB permissions

  • Hi :)

    When i first started my NAS i created my shared folders "AppData, Downloads, Media" with the permissions "Administrator: read/write ; Users: read/write ; Others: read only".

    If now i want to change that to ""Administrator: read/write ; Users: read/write ; Others: no access"., what's the correct procedure?

    I should edit the ACL for that shared folders for the "Others" to None?

    I see also that when adding the SMB share for that folder there is a series of options for the "Public" field. What are these options for? I see i can allow guests or no, so what's the difference with the permissions i was discussing above?

    Thanks in advance for your time! Hope my question is clear.

  • In the ACL tab you can not only edit ACL but also basic linux file permissions in the lower section. You can also do it via terminal/ssh but if you prefer the gui way, you can use the ACL button in OMV.

    Furthermore, you can change permissions of services via the "Privileges" button at omv/sharedfolders. These are actually no file/folder permissions but every service like SMB/CIFS is being configured with these.

    These are different levels of permission. Some use only service permissions and set file/folder permissions to allow all or some do it vice versa: Allow everyone in the service but set certain perms on file/folder level.

    SMB specific config settings can be found at the smb manpage. See…ml/smb.conf.5.html#public

    If you set public/guest on a smb share it means that no password/credentials are needed to access this share. Everyone connected to your local network can access it as a guest (I am not certain but I think guests can only read). One could use this setting e. g. for movies or so. I actually dont use it at all.

    Obviously you should not use this setting for lets say your very private files.

    If you have a sharedfolder called user1private and you want only that user to have access at all, you should at first change linux permissions to owner:user1 with perms 700. Then go to the privileges tab and set "user1: read/write". In the smb config, set public: no, guests not allowed.

    Then you could just play a bit around:

    For example set the samba share to: public and allow guests. What happens? It is still only user1 allowed to access the files because samba is letting everyone in but linux file/folder permissions not.

    Or change file/folder permissions to let everyone do everything and see how service privileges can be used.

    I recommend to use both permission levels as that is the best way to lern how these work and it is very much more secure.

    One disadvantage of the basic linux file/folder permissions is that it is quite complicated to allow several users and groups to access/edit files at the same time. It is because every file/folder has exactly one owner and group. But maybe you want some other users and group have access but not all. It is possible to do this using thinks like "sticky bits". But that is no fun at all. This is where ACL can be useful. When you click ACL tab, in the upper section you can grant access to multiple users and grous. But it is mostly not needed for home use cases.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!