Read and write only with ACL

Good morning. I'm facing a problem. I created a group called "omv-users" and created a user belonging to that group. I created a shared folder and gave read and write permissions to that user and group. But even so that user can only enter the folder, cannot create, delete, move or copy files. I can only give this user full access if I go to the ACL settings and allow him or a group to read and write. My question is if I really need to have ACL enabled on all shared folders. I thought the common permissions would be enough.

Quote from gderf

What are the permissions and ownership of the files and directories themselves (on the filesystem, not on the share)? I suggest staying away from ACLs unless you are sure about what you are doing with them and you really do need them.

I don't know if I understood the question.

My steps were as follows: I installed the system; I entered the web interface using the "admin" user; through the interface I created ext4 file systems; I installed MergerFS and created a pool; I created a group and a user; I created the Downloads, Movies, Series and Cloud shared folders in the MergerFS pool; I gave access to the previously created group and user to read and write to these shared folders; I enabled SMB and shared the four folders without changing any options.

And this is where my problem starts. The common user I created only has full access to these folders if I go to the ACL settings and change the permissions. If I try to access them using the admin or root user, everything is fine. What did I do wrong?

Quote from Netfreak

Double check the following:
Samba shares

Users read write permission
groups previleges

Quote from gderf

Check the ownership and permissions on the files and directories using ls in the shell.

root@omv6:/srv/mergerfs/volume# ls -l

total 68

-rw------- 1 root root 7168 fev 11 13:30 aquota.group

-rw------- 1 root root 7168 fev 11 13:30 aquota.user

drwxrwsr-x+ 2 docker users 4096 fev 11 13:02 Cloud

drwxrwsr-x+ 5 docker omv-users 4096 fev 4 23:35 Downloads

drwxrwxr-x+ 5 root users 4096 fev 4 23:13 Filmes

drwxr-xr-x 13 docker omv-users 4096 fev 4 22:36 jdownloader

drwx------ 2 root root 16384 jan 7 15:31 lost+found

drwxrwxr-x+ 3 root users 4096 jan 7 17:21 Seriados

Quote from gderf

What about the files within those directories? Which of those are you having problems with and what does ls say about them?

No folders currently have any files. I don't understand why the users and groups of the folders are mixed since I created all the folders the same way, through the web interface. I created a "test" folder and it shows up as root root. And putting the permissions for the "omv-users" group (my user and the docker user are in that group) I can't write to it.

Quote from gderf

I don't see the test folder in your listing.

root@omv6:/srv/mergerfs/volume# ls -l

total 72

-rw------- 1 root root 7168 fev 11 13:51 aquota.group

-rw------- 1 root root 7168 fev 11 13:51 aquota.user

drwxrwsr-x+ 2 docker users 4096 fev 11 13:02 Cloud

drwxrwsr-x+ 5 docker omv-users 4096 fev 4 23:35 Downloads

drwxrwxr-x+ 5 root users 4096 fev 4 23:13 Filmes

drwxr-xr-x 13 docker omv-users 4096 fev 4 22:36 jdownloader

drwx------ 2 root root 16384 jan 7 15:31 lost+found

drwxrwxr-x+ 3 root users 4096 jan 7 17:21 Seriados

drwxrwsr-x+ 2 root users 4096 fev 11 13:45 Teste

root@omv6:/srv/mergerfs/volume# ls -l

Quote from gderf

Is the user you want to be able to write to that directory a member of the users group?

Yes, my user is in the "users" group and in the "omv-users" group.

I deleted the test and cloud folders, recreated it and just set the permissions for the omv-users group. Now my regular user can write to it. I disabled the ACL on the other folders and I am still able to write to them. I do not know what happened.

root@omv6:/srv/mergerfs/volume# ls -l

total 56

-rw------- 1 root root 7168 fev 11 13:51 aquota.group

-rw------- 1 root root 7168 fev 11 13:51 aquota.user

drwxrwsr-x 2 root users 4096 fev 11 15:05 Cloud

drwxrwsr-x+ 5 docker omv-users 4096 fev 4 23:35 Downloads

drwxrwxr-x+ 5 root users 4096 fev 4 23:13 Filmes

drwxr-xr-x 13 docker omv-users 4096 fev 4 22:36 jdownloader

drwx------ 2 root root 16384 jan 7 15:31 lost+found

drwxrwxr-x+ 3 root users 4096 jan 7 17:21 Seriados

drwxrwsr-x+ 2 root users 4096 fev 11 15:05 Teste

I have set all permissions settings to default (all unchecked). I checked only the options under Shared Folders and Groups. Now my regular user, who belongs to the "omv-users" group, who has write permission, can write. I didn't understand why it was that mess. The jdownloader and Downloads folders have a different group because JDownloader was started as root and wrote files in the Downloads folder that only root could change. Then I used the chmod g+s command on those two folders to force the new files to inherit the parent folder's group. However I don't know why these two specific folders have the user "docker" as owner. Any tips?

Quote from gderf

Are you running JDownloader as a docker? If so what PUID and PGID is being used by the container?

No. I installed the Java JRE and downloaded the JDownloader. I already had some problems with JDownloader via Docker and decided not to risk it.

I understood what settings I should change to give regular user access to certain folders. Basically I created the group and the user and I only need to give access to the group in "shared folders" and "groups".

But I came across a problem that I don't know how to solve. I installed FileRun via Docker following the tutorial here on the forum. I created the "Filerun" folder for the container to use as storage and as warned in the tutorial, Filerun changed the group and owner of the folder I created. Before it was as "root users" and now it is as "www-data www-data". And in this way my common user, belonging to the omv-users group, cannot write to the Filerun folder.

How do I allow my regular user to write to the Filerun folder? I tried adding my regular user to the www-data group but it didn't work. I looked at other settings but left them as I found them to avoid screwing up.

I still don't understand how these permissions work. They appear to be completely random.

For example, I added my regular user to the "www-data" group, restarted the server, and now I can write to the Filerun folder. I can write to the Nextcloud folder but not the subfolders. Both the owner and the group of the folder and subfolders are the same.

root@omv6:/srv/mergerfs/volume/Nextcloud# ls -l
total 52
drwxr-xr-x 3 docker users  4096 fev 18 23:14 admin
drwxr-xr-x 6 docker users  4096 fev 18 23:19 appdata_ocr4v5wyuq0l
drwxr-sr-x 2 docker users  4096 fev 18 23:14 files_external
-rw-r--r-- 1 docker users     0 fev 18 23:14 index.html
-rw-r----- 1 docker users 33361 fev 19 19:55 nextcloud.log

root@omv6:/srv/mergerfs/volume/Nextcloud/admin# ls -l
total 4
drwxr-xr-x 2 docker users 4096 fev 18 23:14 files

I can write in the Nextcloud folder but not in the admin folder and not in the folders inside admin.

I created a Media folder, shared it, set the permissions for my homegroup (omv-users) and even then, fine, I was able to create subfolders and files. I installed a container called podgrab, indicating the PUID 1000 (the default user I created) and the PGID 100 and the volume ~Media/Podcasts. The container created a subfolder for a specific podcast but I can't write to that folder .I needed to enter the terminal and authorize the user group (100) to write in the folder because the container's default is to create folders where the owner writes but the group only reads. And the owner is not user 1000 but the root user. I don't understand the logic.

I really don't know where I'm going wrong. Need help.