New OMV installation, everything looks and works good, but I can't write to the share

  • This is a new OMV installation that I built following this guide: https://wiki.omv-extras.org/do…talling_omv5_raspberry_pi


    I am experiencing a problem where I cannot write to the shared folder (or subfolders) from Windows 10 File Explorer from ssh'd Terminal as my username.


    From Terminal I see this:

    Code
    $ touch temp
    touch: cannot touch 'temp': Permission denied
    $ sudo touch temp
    [sudo] password for jack:
    $

    My OMV user "jack" is a member of Groups _crony, adm, root, ssh, sudo and users.


    The same problem when attempting to write using Windows File Explorer. I mapped my drive Z: to the OMV shared folder, and connected using my OMV username ("jack") and password. But cannot write.


    How can I set the OMV permissions for the shared folder and subfolders to gain read/write priviledges for any member of the Group users?


    Let me know if you need screenshots or whatever. Thank you!

  • Thank you -- here is what I see:


    The root folder is bmp, it is the shared folder

    Code
    $ ls -la
    total 44
    drwxr-xr-x 4 root root 4096 Nov 26 11:31 .
    drwxr-xr-x 6 root root 4096 Nov 26 11:19 ..
    drwxrwsrwx+ 12 root users 4096 Nov 27 13:06 BMP
    -rw------- 1 root root 6144 Nov 26 11:20 aquota.group
    -rw------- 1 root root 7168 Nov 26 11:20 aquota.user
    drwx------ 2 root root 16384 Nov 26 11:06 lost+found

    Dipping down into /bmp is this:


    "temp" (above) is the file I tried to write as user "jack" then had to sudo to do it. See my OP.


    Thank you for looking at this.

  • owner of files is root, you must change to the user that you use in SMB Eg: JackElliott


    please read:


    CIFS/SMB ( the first 5 fixed post)

  • You only need to change the owner if you want to grant different permissions to the owner than to the other users in the group.


    - If you want all users in the users group to be able to read and write use 775, it is equivalent to read and write permissions for owner and users of the group. All other users can only read. In this case it does not matter who the owner is.


    - If you want to grant the owner different permissions than the other users in the users group, for example 755, the owner can read and write and the other users in the group can only read. All other users can only read.

    In this case the owner must change. You can do it with:


    chown -R jack:users /path/to/BMP

    chmod -R 755 /path/to/BMP


    replace jack with your username

    replace /path/to/ with your actual path to the BMP folder

  • I do noth beliefe chente is right this time.


    group has +s (SGID) bit set, so

    • everybody in group users should be able to cd to BMP.
    • every file created in that directory should have group users

    user jack was able to cd to BMP, so this is correct.


    user jack was not able to create a file in /BMP although it should be allowed for all users in group users ( raulfg3 may be incorrect)


    but the + in the files umask indicates, some ACLs are set.


    Would removing the ACLs fix it?


    getfacl BMP


    should tell you

    If you got help in the forum and want to give something back to the project click here and write up your solution for others.

  • group has +s (SGID) bit set, so

    everybody in group users should be able to cd to BMP.
    every file created in that directory should have group users

    That's why I said in post No. 4 to change "s" to "x", this is so that the folder is accessible (executable) to the users of the group.

    but the + in the files umask indicates, some ACLs are set.

    You're right, I didn't notice this. This is the problem with using ACL permissions. Complicate things. The best thing would be to remove the ACL permissions, as you indicate. Unless the OP wants to define permissions for some users besides the owner and not for the rest of the group.

  • s is equal to x plus inherit group.

    If the s is missing, everybody creates files with his primary group and they are not readable by others.

    If you got help in the forum and want to give something back to the project click here and write up your solution for others.

  • Personally, I only assign permissions by groups, never user. Root owns everything on my system, and groups are what restricts/allows users to certain directories. It's much easier IMO... even w/ only 2-3 users, it's just easier IMO.


    I don't use SMB, but I can't imagine this would cause an issue.


    A Group= r/w on everything

    B Group= r/w on some things, r/o only on others.

    C Group = r/o on everything.


    Create a user, throw it in the appropriate group, voila.

    Air Conditioners are a lot like PC's... They work great until you open Windows.


  • In this case, the permissions of the shared folder of the OP are not set correctly. If this is not resolved, nothing will work.

    I never suggested otherwise. You took one line from my post, which basically said how easy it was to assign permissions by group in my setup... and attempted to apply it to his situation.

    Air Conditioners are a lot like PC's... They work great until you open Windows.


  • Thank you everyone, I'm the OP.


    There's been a bit of discussion about the best way to solve my little problem while I was away, and I cannot tell whether a concensus was reached?


    My goal:

    I want any member of the group "users" to have rwx permisions on all files and folders.

    Root can own everything, that's okay by me.

    I don't need ACL.

  • I don't need ACL.

    As zoki said very well in post # 7, first check if your BMP folder has ACL permissions set.

    getfacl /path/to/BMP

    replace /path/to/ with your actual path to the BMP folder


    If you have configured permissions you must delete them with:

    setfacl -b -R /path/to/BMP


    Important! Make sure of the route.

    I want any member of the group "users" to have rwx permisions on all files and folders.

    Root can own everything, that's okay by me.

    For this you can run:

    chown -R root:users /path/to/BMP # This should not be necessary if you haven't modified anything since post # 3

    chmod -R 775 /path/to/BMP

  • Thank you.


    For ACL I find on the drive's root:

    Code
    $ getfacl /srv/dev-disk-by-uuid-1d4d5a04-39e8-4c30-8518-15271f3d1f43
    getfacl: Removing leading '/' from absolute path names
    # file: srv/dev-disk-by-uuid-1d4d5a04-39e8-4c30-8518-15271f3d1f43
    # owner: root
    # group: root
    user::rwx
    group::r-x
    other::r-x

    For the shared folder I find:

    I'm not used to dealing with ACLs. I see "-s-" in the "flags" line. Set SETUID is set, deeper reading than I have time for right now.

    Code
    $ sudo setfacl -b -R /srv/dev-disk-by-uuid-1d4d5a04-39e8-4c30-8518-15271f3d1f43
    [sudo] password for jack:
    $ client_loop: send disconnect: Connection reset

    I got kicked off. So ssh back in and,

    Code
    $ sudo chmod -R 775 /srv/dev-disk-by-uuid-1d4d5a04-39e8-4c30-8518-15271f3d1f43/BMP

    Nothing has changed, so I'm not quite sure what, if anything, setfacl did. Moving on,

    Code
    $ sudo chmod -R 775 /srv/dev-disk-by-uuid-1d4d5a04-39e8-4c30-8518-15271f3d1f43/BMP
    $ ls -la /srv/dev-disk-by-uuid-1d4d5a04-39e8-4c30-8518-15271f3d1f43/BMP
    total 2112704

    Then,


    Well, do I now have write permissions as non-sudo/root? Let's test:

    Code
    $ touch temp2
    $ ls
    '00 KPOV' DS_Homes_Backup 'My Books' inMotrion.xgeq
    0_Household 'Desktop - Shortcut.lnk' 'Plex Media' linuxmint-20.2-cinnamon-64bit.iso
    Audio_Tools 'KPOV FB TSC masked and stickered.png' 'System Volume Information' temp
    Classics LinXPS_Home_Jack 'VST Plugins' temp2
    $


    Couldn't do that before without sudo, AND it works from within Windows File Explorer: I can now copy/paste to the share.


    I think you folk have cracked the case here.


    I canse anyone is wondering how I got myself into this pickle, I let OMV wipe, mount a new disk, and copied all my files from an NTFS disk (created on a Linux machine) temporarily mounted on /media to the OMV share with cp -R


    Probably not the cleanest way to do it, but I'm no wizard at these things.


    Thank you! :) (How do I mark this as "solved"?)

  • The only thing left to do is to remove the executable flag from the files, otherwise Linux thinks the files a executables.

    Often happens when files are copied form windows to linix.

    If you got help in the forum and want to give something back to the project click here and write up your solution for others.

  • Yes, you added th executable flag by the chmod 755 command.


    I prefere to use the more verbose method chmod u+rwX ...


    the capital X will only set the executable flag on directories.


    Nevertheless, if one copies a file from Windows it will get the x flag anyway.

    If you got help in the forum and want to give something back to the project click here and write up your solution for others.

  • s is equal to x plus inherit group.

    If the s is missing, everybody creates files with his primary group and they are not readable by others.

    Zoki , you are a crack. Once again I have to agree with you. Thanks for your input.

    I've never noticed this because I don't use groups for my users. I only used the users group. Therefore, I don't need it. But in case of using different groups it will be necessary to have this flag.

    What this flag does is grant the current user the permissions of the owner user or group, depending on the position in which it is configured. This way, if the s flag is set on the group, when a file is created, it will be created with the group from the parent folder, not the user who is creating it.

    The precaution is to configure it for the group, not for the user. If it is configured for the user and the owner is root, we would be granting the user at that moment root permissions. This allows in some cases access to root permissions.

    In my case, as I said before, it is not necessary, but to use different groups the flag s should be used in the position of the group, this is done by placing a 2 before the definition of the permissions.

    Therefore, the command to use would be in this case:


    chmod -R 2775 /srv/dev-disk-by-uuid-1d4d5a04-39e8-4c30-8518-15271f3d1f43/BMP


    Thanks for forcing me to study! :thumbup:

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!