You need to change the ownership and permissions on the folder in the shell.
You need to change the ownership and permissions on the folder in the shell.
gdert, thank you for the quick response. Is there no way to do it from the GUI?
a simple example
I don't disagree w/ you ACL's, (although I don't agree w/ how you handled it here). You have to be careful recommending ACL's here, as 1. Nobody does them right. and 2. They always seem to try to mix them with permissions, which leads to disaster.
gdert, thank you for the quick response. Is there no way to do it from the GUI?
If I were going to suggest how to do this... I would also use ACL's, but I would instead use a control group (rather than users) on who could access the folder. If in the future you decide to give others access to this folder (or revoke access to this folder) it is as easy as adding/removing them from the control group
Create your folder with default settings in the webUI
In the webUI, click on Groups under User Management
Create a custom group name, and then make sure the user you want access to that folder, is the only one in that group.. Example below, I created a group called "control" and then made sure my user "ken0201" was the only one in that group.
Now go to Storage/Shared Folders
Click on the folder you want to restrict access to and click the ACL button
At the top, all of the buttons should not be highlighted.
At the bottom.
owner: root read/write/execute
groups: control (or whatever you name yours) read/write/execute
others: none
Check the recursive and replace boxes at the very bottom
It should look something like this.
Save
Now users you create and put in the "control" group, will have access to that folder. Anyone else will have permission denied.
Alles anzeigenIf I were going to suggest how to do this... I would also use ACL's, but I would instead use a control group (rather than users) on who could access the folder. If in the future you decide to give others access to this folder (or revoke access to this folder) it is as easy as adding/removing them from the control group
Create your folder with default settings in the webUI
In the webUI, click on Groups under User Management
Create a custom group name, and then make sure the user you want access to that folder, is the only one in that group.. Example below, I created a group called "control" and then made sure my user "ken0201" was the only one in that group.
Now go to Storage/Shared Folders
Click on the folder you want to restrict access to and click the ACL button
At the top, all of the buttons should not be highlighted.
At the bottom.
owner: root read/write/execute
groups: control (or whatever you name yours) read/write/execute
others: none
Check the recursive and replace boxes at the very bottom
It should look something like this.
Save
Now users you create and put in the "control" group, will have access to that folder. Anyone else will have permission denied.
This method has excellent security.
This method has excellent security.
My bad, I didn't mean to edit your post. I saw some spelling errors in my post and accidentally edited your quote rather than my post.
I like this approach a lot better when using ACL's. Just from a standpoint of how easy it is to grant/remove access to the folder when needed. That is far more difficult when trying to do this via user permissions. A LOT of people on this forum disagree w/ me on ACL's, but I will always preach using them PROPERLY. Most of the issues we have with them here, are people using them improperly
OP, also.. it should be noted.. when you go to add this share to SMB (I'm assuming)... Don't change anything.. Keep all default settings, and it will work exactly like you want it to.
OP, if you're interested also... I don't use Windows, so I had to do this in a Linux client environment (but everyone tells me they are basically the same)...
Here's a thread where I explained how I would do this with 3, 4.. or really as many users as you could dream up... It's just a matter of creating yoru control groups for your folders (or using one group for multiple folders, etc.)
a simple example
Nullndent, thank you for the quick response and help. I'm reading the thread and all who contributed to see what my next steps are. But I didn't want to wait to thank you for contributing. I always learn so much from people like you.
I don't disagree w/ you ACL's, (although I don't agree w/ how you handled it here). You have to be careful recommending ACL's here, as 1. Nobody does them right. and 2. They always seem to try to mix them with permissions, which leads to disaster.
KM0201, I agree with you, in part. I was running into the exact scenario you described: mixing permissions and ACLs. Luckily, I have the perm reset extra plugin. I want to thank you for the quick response and help. I'm reading the thread and all who contributed to see what my next steps are. But I didn't want to wait to thank you for contributing. I always learn so much from people like you. So I will be spending this morning using and testing solutions recommended including yours. I will let you know how it goes. My brain is a bit mush from yesterday after concentrating so hard on the problem and battling it. I think all of you know what I mean 
Alles anzeigenIf I were going to suggest how to do this... I would also use ACL's, but I would instead use a control group (rather than users) on who could access the folder. If in the future you decide to give others access to this folder (or revoke access to this folder) it is as easy as adding/removing them from the control group
Create your folder with default settings in the webUI
In the webUI, click on Groups under User Management
Create a custom group name, and then make sure the user you want access to that folder, is the only one in that group.. Example below, I created a group called "control" and then made sure my user "ken0201" was the only one in that group.
Now go to Storage/Shared Folders
Click on the folder you want to restrict access to and click the ACL button
At the top, all of the buttons should not be highlighted.
At the bottom.
owner: root read/write/execute
groups: control (or whatever you name yours) read/write/execute
others: none
Check the recursive and replace boxes at the very bottom
It should look something like this.
Save
Now users you create and put in the "control" group, will have access to that folder. Anyone else will have permission denied.
KM0201 that seemed to have worked well. I have follow-up questions:
1) Will you check out the SMB Shared folder setting for my "peter" folder to make sure I didn't screw anything up? See attached pic
2) Will you take a look at the Windows Advanced Security settings its reporting on the peter folder? I used my Win10 workstation to map to the OMV shared peter folder. Do you see any security issues that might need tweaking on the OMV side as a result?
Thanks,
Rob
Alles anzeigenKM0201 that seemed to have worked well. I have follow-up questions:
1) Will you check out the SMB Shared folder setting for my "peter" folder to make sure I didn't screw anything up? See attached pic
2) Will you take a look at the Windows Advanced Security settings its reporting on the peter folder? I used my Win10 workstation to map to the OMV shared peter folder. Do you see any security issues that might need tweaking on the OMV side as a result?
Thanks,
Rob
Your smb shares should be default, as I said above. That will restrict it to the group you've given permission to in ACL.
Sorry, I've not really used windows in like 15yrs.. I'm the wrong person to ask anything about Windows Security Settings.
Just a glance... Again I'm windows stupid...
It looks like you are logged in as Peter, and you have everyone access on some share.
Then you have another share that is restricted to petergroup
Your smb shares should be default, as I said above. That will restrict it to the group you've given permission to in ACL.
Sorry, I've not really used windows in like 15yrs.. I'm the wrong person to ask anything about Windows Security Settings.
Thanks.
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!
