Cannot access ACL for new shared folder

I can't answer your question because I don't know the answer. But may I ask why do you need ACL permissions?

Zitat von stinkycheese

For granular control over who can access what, and how.

In the vast majority of cases it can be resolved with the standard linux permissions. I would try to stick to that.

I have never needed ACL, I have always been able to solve all situations. ACL is an unnecessary headache.

Zitat von stinkycheese

Let's say I have an Ext4 FS that will only be accessed as an SMB share through Windows as follows:

User A needs Read/Write/Execute access.
User B needs Read access.
User C has no access.

That's very easy. Now I don't have time to give a long answer. In a while I'll explain how to do it.

In the meantime you can read this, maybe it will help you. https://wiki.omv-extras.org/do…misc_docs:nas_permissions

My long answer.

There are three levels of permissions, each more restrictive than the last. If you ban something on Level 1 it won't matter what you do on Levels 2 and 3, they won't accomplish anything.

Level 1.

Linux file and folder permissions. Basically it allows you to define:

- An owner user. By default in OMV it is root.

- An owner group. By default in OMV it is users.

- Owner user read write and execute permissions. By default in OMV all three are allowed: reading, writing and execution.

- Permissions to read, write and execute the owner group. By default in OMV all three are allowed: reading, writing and execution.

- Permissions to read, write and execute the rest of the users (anyone). By default in OMV reading and execution is allowed, not writing.

If you access any file, if you have not modified it you will see the permissions: root users 775

Level 2.

Shared folder permissions. (actually samba has something to do with it, but let's keep it simple, let's forget that). The permissions you set at this level can restrict the permissions set at Level 1, but can never extend them.

In each shared folder created in the OMV GUI you can define read, write and execute permissions for each user you have created in the OMV GUI (attention, this solves your problem).

Level 3.

Service permissions, samba in this case, could be another service. The permissions you define at this level will restrict the permissions granted in Levels 1 and 2, but can never extend them. If at level 1 or 2 you prevent everyone from reading, samba won't be able to do anything against it.

With samba shared folders in the OMV GUI you can define if that folder is read-only (everyone) or write-only (everyone) or public.

_______________________________________________________________________

How to solve your case. I think it has been explained, it is clear that Level 2 is what you need.

How to do it.

Level 1. First make sure that Level 1 does not restrict anything to the other levels, that is, standard OMV permissions. For that the plugin openmediavault-resetperms is useful. Here is a guide to use it. [How-to] Use the openmediavault-resetperms plugin

Level 2. Once the above is done, go in the OMV GUI to Storage>Shared Folders. Select your shared folder and click Permissions. In the window you will see that you can define read/write/execute permissions for user A, read permissions for user B, and no permissions for user C. Accept.

Level 3. Go to Services>SMB/CIFS Select your shared folder with samba and click edit. The standard configuration of OMV is what you need. Make sure Read only is unchecked. Only Browseable and Hide dot files are checked. You accept.

A bonus here, you can add an extra configuration in the last field, Extra options. If you add access based share enum = yes user C will not see the shared folder in his file manager because he does not have access. Only users with access will show the folder.

________________________________________________________________________________

Your problem is solved. With this explanation you can solve the vast majority, if not all, possible situations. You don't need ACL permissions. You could have complications with nested folders (one shared folder inside another), it can still be solved but if you can avoid them better.

If all this does not solve your needs, you still have the linux ACL permissions, but you must learn to use them, they do not work in the same way as the windows permissions. 99.9% of users do not need them.

Zitat von stinkycheese

Thanks very much - it is so kind & helpful of you to take the time to explain this better way of doing things. This is a terrific community to be a part of.

I'll be spending my Saturday afternoon experimenting with your suggested approach.

I am most grateful!!!

Neil

Alles anzeigen

I'm not sure I'd argue permissions are better.. it's just to many here use ACL's improperly. I've used ACL for years and never had a single issue.

Zitat von stinkycheese

I'll be spending my Saturday afternoon experimenting with your suggested approach.

I am most grateful!!!

Happy to help.

When you do it you will see that it is much easier to do it than to explain it. You'll be done in 5 minutes.

And, as I said, using ACL permissions doesn't make any sense if it's not a very special case. You don't need them, you'll just make your server more complicated for no reason.