After a week of struggling with permissions I'm hoping for some pointers/suggestions?

  • :?:I've recently just built a server and loaded OMV 6.6 on it. Pretty slick. I've also copied my entire old NAS content to the OMV which seemed to go quite well. The issue I have is as follows:


    All the files on the OMV have ownership as root:users and assigned permissions as 0644.


    I've read as many guides and articles as I could find on the subject for OMV and my config either matches what's recommended -OR- it doesn't work/change anything.

    On the OMV I have three hdd's; 1)150GB as the system drive and 2)5000GB defined in a unionfs. I've set my permissions for the shared drive and tried setting the ACL accordingly but as of now the ACL has been removed to try this.


    My main desktop client is running LinuxMint 20.1 and I have a mount entry in my fstab to mount the OMV. I can see the mounted device and actually access it. That's were I see the ownership as all root and while I can usually open anything, writing is denied of course. I also have several Windoze based devices that require access as well but that's perhaps a different issue.


    As I see it I must first change all file ownership to something other than root and any method that I tried looks like its running but when done nothing is changed.

    I also can gain ssh access to the OMV as root if needed (and yes, I've tried using that approach to no avail).


    Now, I just want to mention that I'm no newbie as I'm a retired enterprise Unix/Linux developer and sysadmin and a retired IT instructor and certified LPIC qualified. The only reason I mention these is to establish that this is NOT my first rodeo so to speak. And I am coming from my own Linux based NAS to the OMV.


    For starters (newbies and oldies both) perhaps it would be beneficial to have a guide that describes how to define/establish a fairy open access policy to allow immediate access and then allow the admin to tighten things up over time. And this definitely would benefit anyone with a small personal Intranet and even SMB's. Just sayin'


    So, I hope I'm not overstepping but can some experienced OMV user(s) please advise as to how one (and I'm sure others as well) can modify/establish access to the OMV to allow things to move forward?


    Any pointers, ideas, suggestions, documents anyone can provide wild be greatly appreciated.


    And, by the way, having installed, implemented, administered and used numerous "brand name commercial" NASes, I have got to say that I really appreciate the approach and completeness of the OMV product really is. Honestly, if my issue with access can be overcome, OMV will be my first recommendation to anyone else, private or commercial, looking for a NAS solution.


    Thanks

    :thumbup:

  • Really by default, it is "open".. as when you create a new directory, it automatically gives users read/write access to shared directories. The biggest issue in permissions that I've found (and Im assuming with your credentials this isn't the case)... is people using root for EVERYTHING, then they are amazed they run into permission issues. ACL's are not popular with most here.. I've personally used ACL's for a long time on OMV and never have an issue.. but it seems the key is to not use permissions AND ACL.. use one or other. Also, when using ACL's, I do not set permissions by user, I set them by group, so maybe that is why I don't have the constant problems I read about. This usually requires me setting up several custom groups, etc.. but I don't find it difficult .. It seems most users give up on this fairly simple process and go the complete opposite direction and simply set every directory to "Everyone", which I think is a terrible idea.


    Maybe this will help you, maybe it will help someone else.. who knows as it comes up constantly. On a virtual install I have I created 4 users (ben, bill, bob, brian). Ignore joe, as he's a user who actually does things on this install and isn't part of this. For now, "the killer b's" have only been added to ssh and users



    Next, I created a directory called "Permissions" and made the following changes in the drop down

    Code
    admin root:r/w/e
    users: r/e
    guest:none

    Next I created some custom groups, and added the new users to them. ben and bill are in groups 1 and 3. bob is in Group 2 and 3. brian is in Group 2.




    This next parts are really easier to show via SSH... I SSH'd the server, became root and changed to the Permission directory.. and created 3 sub directories (Test_1, Test_2, Test_3)

    Next, in the ACL's section of the webUI, I set "group1" (ben and bill) to have r/w access to the "Test_1" folder, and changed nothing else. After saving I went back to SSH, changed to brian and attempted to "touch test", brian is not in group 1, so permission was denied


    Code
    root@omv5-test:/srv/dev-disk-by-uuid-b984d520-5c3b-4771-88c9-b542cf7a0704/Permissions#
    root@omv5-test:/srv/dev-disk-by-uuid-b984d520-5c3b-4771-88c9-b542cf7a0704/Permissions# su brian
    brian@omv5-test:/srv/dev-disk-by-uuid-b984d520-5c3b-4771-88c9-b542cf7a0704/Permissions$ cd Test_1/
    brian@omv5-test:/srv/dev-disk-by-uuid-b984d520-5c3b-4771-88c9-b542cf7a0704/Permissions/Test_1$ touch test
    touch: cannot touch 'test': Permission denied
    brian@omv5-test:/srv/dev-disk-by-uuid-b984d520-5c3b-4771-88c9-b542cf7a0704/Permissions/Test_1$

    Next, I changed to ben, who is in group1, and he was able to write the file "test-ben" to the directory.. I then changed to another group1 user bill, and was again able to write the "test-bill" file to the directory

    Code
    ben@omv5-test:/srv/dev-disk-by-uuid-b984d520-5c3b-4771-88c9-b542cf7a0704/Permissions/Test_1$ touch test-ben
    ben@omv5-test:/srv/dev-disk-by-uuid-b984d520-5c3b-4771-88c9-b542cf7a0704/Permissions/Test_1$ ls
    test-ben
    ben@omv5-test:/srv/dev-disk-by-uuid-b984d520-5c3b-4771-88c9-b542cf7a0704/Permissions/Test_1$
    ben@omv5-test:/srv/dev-disk-by-uuid-b984d520-5c3b-4771-88c9-b542cf7a0704/Permissions/Test_1$ su bill
    Password:
    bill@omv5-test:/srv/dev-disk-by-uuid-b984d520-5c3b-4771-88c9-b542cf7a0704/Permissions/Test_1$ touch test-bill
    bill@omv5-test:/srv/dev-disk-by-uuid-b984d520-5c3b-4771-88c9-b542cf7a0704/Permissions/Test_1$ ls
    test-ben test-bill
    bill@omv5-test:/srv/dev-disk-by-uuid-b984d520-5c3b-4771-88c9-b542cf7a0704/Permissions/Test_1$


    I then repeated the process on Test_2 only this time using the "group2" users (brian and bob), with no permission issues on creating the test files. If I try to create a file with bill, who is not in group2, as expected I get a permission denied.


    Finally I repeated the process on the 3rd Folder... and again as expected, only the users in group3 (bill, bob, ben), have permission on this folder. brian was left in the cold on this one.



    Next, when you set up your SMB shares, just set it up to "Honor Existing ACL", and you should be golden.


    Not sure if that helps or not, but that is more or less the explanation I gave someone on reddit a year ago and it ended up helping him quite a bit, so maybe it will help people with this issue here.

    Air Conditioners are a lot like PC's... They work great until you open Windows.


    Edited once, last by KM0201 ().

  • SOLVED!!! I want to thank all who provide some insight and direction with this problem. I was too focused on using CIFS because that's what my old NAS only supported and as a result I ran into many, many ownership and access permissions. As some suggested and because I found out now Windoze now supports NFS version 4+ natively, I replaced all usage of CIFS with NFS and guess what? It works like a champ. I am ONE happy camper.


    So thanks again all and I'm anticipating many years of using OMV.


    Bob:thumbup::thumbup:

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!