Impossible to remove a user from the "users" group

  • Hi,

    My goal here is to link a user to a "guests" group so that he cannot access to some directories the internal users can.
    I have successfully added the user to the group "guests".

    I then was trying to remove a new created external user from the "users" group, and it seems not to work at all. The /etc/passwd file isn't modify too.


    Is it a bug?

    Lian Li PC-V354 (with Be Quiet! Silent Wings 3 fans)
    ASRock Rack x470D4U | AMD Ryzen 5 3600 | Crucial 16GB DDR4 2666MHz ECC | Intel x550T2 10Gb NIC

    1 x ADATA 8200 Pro 256MB NVMe for System/Caches/Logs/Downloads
    5 x Western Digital 10To HDD in RAID 6 for Datas
    1 x Western Digital 2To HDD for Backups

    Powered by OMV v5.6.26 & Linux kernel 5.10.x

    • Offizieller Beitrag

    I then was trying to remove a new created external user from the "users" group, and it seems not to work at all. The /etc/passwd file isn't modify too.


    Is it a bug?

    No, this is by design. You will have to remove the user from the group using the command line (or create the user from the command line). OMV depends on the user being a member of the users group when setting permissions.


    What is your use case for the user not being in the users group?

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • My main goal is to have :
    - familly users that can read/write on all folders.
    - external (guests) users that can only read in some folders.


    All the external users can access the NAS with SFTP to download files from musics and videos.



    With those rights, only the users in the "users" group can read and write.


    At the moment, I just change the default group of the external users in /etc/passwd to match /etc/group.

    Code
    sbocquet:x:1000:100:Stéphane BOCQUET:/home/vbocquet:/usr/sbin/nologin
    utest:x:1002:1000:User test:/home/utest:/bin/sh
    Code
    guests:x:1000:utest


    Maybe there's a better way.

    Lian Li PC-V354 (with Be Quiet! Silent Wings 3 fans)
    ASRock Rack x470D4U | AMD Ryzen 5 3600 | Crucial 16GB DDR4 2666MHz ECC | Intel x550T2 10Gb NIC

    1 x ADATA 8200 Pro 256MB NVMe for System/Caches/Logs/Downloads
    5 x Western Digital 10To HDD in RAID 6 for Datas
    1 x Western Digital 2To HDD for Backups

    Powered by OMV v5.6.26 & Linux kernel 5.10.x

    • Offizieller Beitrag

    Maybe there's a better way.

    If you create users from the command line for your read-only guests, they will be put in a group that matches the username and will not be in users.

    useradd -m -s /bin/sh utest1

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Yes.

    But I also want them to be in the same group in order that they can all read/write in some other directory.
    Well, I guest that not a big deal but I wanted to do it all in the GUI and not be forced to use CLI.


    No problemo... but maybe this can be thinked to be done in a future update ;)

    Lian Li PC-V354 (with Be Quiet! Silent Wings 3 fans)
    ASRock Rack x470D4U | AMD Ryzen 5 3600 | Crucial 16GB DDR4 2666MHz ECC | Intel x550T2 10Gb NIC

    1 x ADATA 8200 Pro 256MB NVMe for System/Caches/Logs/Downloads
    5 x Western Digital 10To HDD in RAID 6 for Datas
    1 x Western Digital 2To HDD for Backups

    Powered by OMV v5.6.26 & Linux kernel 5.10.x

    • Offizieller Beitrag

    Until there could be potentially multiple "user" groups, I would guess ACLs (hate saying that since I hate them) would work for you.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • I hate ACLs too ;)
    Never used them... as it's always too complicated once they are set :D


    Have a nice day

    Lian Li PC-V354 (with Be Quiet! Silent Wings 3 fans)
    ASRock Rack x470D4U | AMD Ryzen 5 3600 | Crucial 16GB DDR4 2666MHz ECC | Intel x550T2 10Gb NIC

    1 x ADATA 8200 Pro 256MB NVMe for System/Caches/Logs/Downloads
    5 x Western Digital 10To HDD in RAID 6 for Datas
    1 x Western Digital 2To HDD for Backups

    Powered by OMV v5.6.26 & Linux kernel 5.10.x

  • sbocquet

    Hat das Label gelöst hinzugefügt.
  • I landed here after trying to delete a user from Group users.
    My use case : I have KVM/QEMU hosting a OMV guest.
    OMV is used solely for SMB shares that store backups from networked computers.
    I want to run rsync from the host to sync the SMB share folders to removable storage for offsite backup.
    It works fine, and I'm the only user, only one maintaining the script, but still, following Least Privilege, I was trying to make it impossible for the rysnc user to delete from OMV smb share.

    Before landing here, I looked at documentation for groups, Was wondering if the 'backup' user did anything special for OMV.
    Also notice all the OMV user/group permissions come with a disclaimer: "has no effect on file permissions".
    When I do a test detructive rsync from host to OMV with --delete , it throws an error, but files get deleted from OMV share anyway.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!