SSH overwrites Shared Folder Permissions

1st Official Post

    Shared Folder with Permission: Admin r/w, Users r/w, Other noneHi,


    I'm having trouble using the shared folder permission restriction between users and the ssh service.


    My setup:

    • Shared Folder with Permission: Admin r/w, Users r/w, Other none
    • Shared Folder2 with Permission: Admin r/w, Users none, Other none
    • Shared Folder Privileges: User A: r/w, User B: none
    • SSH: User A in group ssh, User B in group ssh


    The problem:

    If I login with User B via ssh I am able to see and write in the shared folder, because I choosed User r/w while creating.


    If I exclude the group Users even User A is not allowed to see the folder because the permissions are:

    Code
    30932993  4 drwx--S---   2 root users  4096 Dez 19 20:50 shared-folder2


    If I allow Users to read/write my user and every other user in the group users is able to read/write via ssh:

    Code
    10223617  4 drwxrws---   3 root users  4096 Dez 19 15:00 shared-folder


    Is ssh suposed to reveal every shared folder to every created user ?

    Why is the privilege window not working via ssh ?


    I also did not found any warning in the documentation: https://docs.openmediavault.or…tration/services/ssh.html


    Can someone please enlight me ?

    Edited once, last by jonnytischbein ().

  • macom

    Approved the thread.

  • macom

    Approved the thread.

    @jonnytischbein The top of the privileges page says this:


    "These settings are used by the services to configure the user and group access rights. Please note that these settings have no effect on file system permissions."


    But it doesn't say to which services they apply. As you've found out, ssh is not one of them. See:


    Thread
    Privileges and permissions explained under OMV
    Privileges and permissions explained under OMV

    The current guide is provided to explain how OMV controls user access to the remote shares.

    OMV provides in their default core four file sharing subsystems. These subsystems are:

    NFS Network File Sharing, standard *nix network file sharing since very old times

    Samba (CIFS/SMB) – Server message block (SMB)is a file sharing protocol developed by IBM in the eighties to provide read/write files to remote shares in a LAN environment.
    Common internet file…
    subzero79

    Thank you!
    I missed that.


    Do you think users should be warned about it before enabling SSH service ?

    I think I ran into this issue too. I was trying to move files between shared folders and attempted to do so with WinScp (windows SSH client). It didn't work, and afterwards I couldn't open any folders inside my public folder. I wasn't getting the prompt asking for a username and password. I was just getting a popup warning from windows saying that I didn't have permission to access those internal folders.


    So for anyone with a similar problem finds this: Check if you can create a new folder inside your shared folder. If you can, you probably have read/write access working properly in the shared folder. Thus your problems are probably the result of some chmod related shenanigans.


    I was able to resolves this by using the "reset permissions" plugin feature for the affected shared folder.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login