How to set up permissions on smb shared folders

1. offizieller Beitrag
    • Neu

    Hi


    OMV version info:

    Code
    Hostname
raspberrypi
Version
6.9.15-1 (Shaitan)
Processor
BCM2835
Kernel
Linux 5.15.32-v8+



    I have set up an external drive as a shared folder using smb and can mount it using a command like:

    Code
    sudo mount -v -t cifs -o vers=3.0,user=larrycotton //10.45.76.123/seagate5troot /mnt/seagate5t


    However currently if I go to the folder and try to create a directory I get 'Permission Denied'


    Does any one know how I can setup users/permissions such that I have write permissions.


    I have created users on the NAS and given write permissions to them, but when I mount the directory it mounts as 'root' and does not allow me to write (even as root).

    • Neu

    Hi


    Thank you for the link to this document.


    I have now managed to create a shared folder, mount it and write to it as root.

    However I have been unable to mount a shared folder and access it as a user with permissions, so I am still not understanding how the permissions are working


    Here's what I have done:

    create a user 'testuser'11 on the linux machine:

    testuser1:x:1004:1003::/home/testuser1:/bin/bash


    and test group

    testuser:1x:1003


    OMV:

    create filesystem for for my external harddrive (ib /dev/sdv2


    create testuser1 group with gid set to 1005

    testuser1;1005;testuser1


    create user testuser1 on OMV using Import to set uid to 1005

    testuser1;1005;testuser1;;0test1user?;/bin/bash;testuser1,sudo;1


    create shared folder on that file system - relative folder testuser1, permissions for testsuer1 'Read/Write')

    Name: testuser1

    File system: /dev/sdb2

    Relative path: testuser1

    Permissions: Everyone Read/Write


    Set permissions for testuser1 to ReadWrite


    create SMB/CFIS Share for testuser1 shared folder

    Public: No

    Browsable and Hide dot files checked, everything else unchecked


    This gives the shared directory on the NAS the following permissions:

    idrwxrwsrwx 2 root users 4096 Apr 20 15:32 testuser1


    When I create /mnt/testuser1 on a linux machine:

    sudo mkdir /mnt/testuser1

    sudo chmod 777 /mnt/testuser1


    Then mount like this:

    sudo mount -v -t cifs -o vers=3.0,user=testuser1,mfsymlinks //10.45.76.123/testuser1 /mnt/testuser1


    the permisions on /mnt/testuser1 look like:

    drwxr-xr-x 2 root root 0 Apr 14 14:35 /mnt/testuser1


    and when I try to write to /mnt/testuser1 as testuser1 I get permission denied (as root I can write ok)


    Changing the ownership of /mnt/testuser1 on the mounting machine makes no difference

    Manually changing the ownership of yesyuser1 on the OMV also seems to make no difference

    (And trying to change the permissions after mounting does nothing)


    drwxr-xr-x 2 root root 0 Apr 20 15:32 testuser1


    Any idea what I'm getting wrong here ?

    • Neu
    • Offizieller Beitrag

    Why are you working on the command line? OMV assumes that you're creating users, shared folders and SMB shares in the GUI. (I.E., there shouldn't be "sudo" anything, if you're working in the GUI.) If you don't work within the GUI, the server does not make the correct associations and log the changes into it's database.

    For a test, follow this process -> Create a Network Share for creating a new shared folder and a new (SMB) network share, in the GUI. At the end of the process, the network share will be accessible to all users on the local network. This will be your starting point. After that, you could tighten up permissions on the shared folder, if you like, in accordance with the NAS permissions document.

    Finally (assuming you're using a Windows Client), create a user in OMV's GUI that matches the username and password of your Windows client logon and you'll have transparent access, in accordance with the permissions set in the shared folder and SMB share layered on top of it.

    If you're using a Linux client, that's another story altogether..

    • Neu

    OMV is designed around the idea that every user you add is automatically assigned to the "users" group. So the primary group of every user account on OMV has the group id of 100.


    Use the WebUI to add account to OMV, not the CLI. This will ensure user accounts are set up with a corresponding SMB account & password. You can select additional group membership via the WEbUI as you wish/need.


    Shared folders have the normal linux perms, but in addition the underlying directories have setguid applied so that when file/dir are created inside "shared folders" they inherit the folder's group, not the "group" of the creating process.


    A second level of "permissions" applies in the case of SMB shares which can further restrict access to authenticated users.


    In the case of mounting SMB shares in linux, you can make use of additional mount parameters to authenticate as a normal user, e.g:


    mount -t cifs -o user=testuser,uid=xxx,gid=yyy,file_mode=0664,dir_mode=0775 ........

    • Neu

    Thank you for the replies.


    > Why are you working on the command line?

    Apologies I think the post was confusing - I'm not using the command line on the NAS. All the config I do on the NAS side I do from the GUI. I used the User->+->Import because I assumed I would need the user to have the same uid as the uid used on my client machine (from the replies I think this may not be the case as long as user is in the users group?)


    The command line commands in my post relate to the client linux machine, other than manually checking the permissions of the user directory on the NAS (though I confess when I could not get it to work I did try to playing around with the permissions on the NAS from the command line - I understand I am not supposed to do this.)


    > For a test, follow this process -> Create a Network Share

    That indeed looks to be how I am creating the shared folders.


    > A second level of "permissions" applies in the case of SMB shares which can further restrict access to authenticated users.

    I see, that will be the checkbox page when creating SMB share (I left this as default).


    > but in addition the underlying directories have setguid applied so that when file/dir are created inside "shared folders" they inherit the folder's group, not the "group" of the creating process.

    Ah. OK - that's the s bit. Thank you.


    > In the case of mounting SMB shares in linux, you can make use of additional mount parameters to authenticate as a normal user

    Ok. That seems to be the missing piece (pretty obvious to mount as required user now you said it - I did not realise there were additional mount parameters, but should have looked - sorry) - I mount as the correct user/group and I have write permissions.


    Thank you very much for your help and patience.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden