Samba shares types
OMV has the capability of configuring shares accordingly with their defined user access privileges. This means they won't act in the file system layer they will run in the samba authentication layer. From there the access can be controlled to be read only, write access and guest account log in. This is done with the PRIVILEGES button in the shared folder section not the ACL
Remember that this is a two leg thing, if write access is enabled and by any chance your share has a modified system permission of 755 (the default is 2775) the authorized user will not be able to write to the share.
Shares in Samba can be catalogued in OMV into three categories with their most important directives indicated below:
Non-public (Private): login always required, Guest Allowed denied
guest ok = no
valid users = User1, User2, @Group1, @Group2 ## this will deny all none authorized users
read list = User1, @Group1
write list = User2, @Group2
- This means that every user will have to provide valid OMV credentials to access that share.
- Also this type of shares requires at least one definition of a valid user, otherwise the directive would be empty. THIS WILL ALLOW EVERY USER TO LOG INTO THE SHARE
Semi-public: when login is not provided, guest user is used. This is the option Guest Allowed from the samba share option
guest ok = yes
read list = User1, @Group1
write list = User2, @Group2
Notice here if you have a user that you have not set up privileges for (thank means blank tick boxes) he will be able to login anyway and have write access.
Public only: guest user always used. This is the Guest Only option in the samba share configuration
guest ok = yes
guest only = yes
Notes:
- The guest account is mapped to system account nobody, he doesn’t belong to group users, thus he HAS BY DEFAULT NO WRITE ACCESS just READ. This is can be reverted modifying the POSIX permissions of the share to 777.
- These directives are NOT ACL
- The semi public is valid for OMV version 1.10
Questions:
I have setup a semi-public shares how to I enter credentials if the guest will always log in first?
You have to use windows map network drive feature to provide login credentials
In Mac OS X you can use CMD+K (if you are in Finder)
I have guest allowed or guest only enabled, but windows keeps asking for password?
You probably have an identical windows-omv username. Windows is sending windows account credentials before. If you want to login as Guest type nobody in login and no password. Yes, nobody like this :
The login keeps saying login denied?
This is more likely caused by two things:
- Permission issue (ACL or non default POSIX permission mode/ownership). You can use the reset permission utility provided with omv-extras, next to Shared Folder sections to bring back to default permission and flush problematic ACL's. edit: In OMV3 the reset permission utility is a independent plugin
- Out of sync password in between linux and samba. This is very rare but it has happened. Test in ssh the following smbpasswd username enter password and try and login again.
I can't delete files or edit files that other users have created?
- The default umask in samba is 644 for files. So to enable flexible sharing tick Enable permission inheritance in the samba share settings this will force 664 creation mode. Files created previously need to change their permission mode. Use reset permission utility.
- Check that you don't have read only enabled. This option overrides privileges and POSIX