think you can't from the UI. the group 'users' is the primary group of a user.
from the shell: usermod -g <new_primary_group> <user>
Ok thank you Zoki, thus it's correct to do that from shell.
Does the group "users" have to be the primary group of a user, or it's correct to change GID in "/etc/passwd" file as I did for "test2" user account in my example above?
Use one of these:
Yes I had done that, but home directories were also created for "nologin" or "false" Shell users accounts when I had enable "User home directory" in OVM ("Settings" tab of "Acces Rights Management > User").
I've just done a new test right now to see if creating "nologin" or "false" Shell users accounts after enable "User home directory" in OVM, change something, but not, home directories are created for new "nologin" or "false" Shell users accounts.
FYI my OMV is up to date (5.6.26.-1).
Hello,
I would like to get out some users accounts (used as service account) from "users" group (GID 100), about "users" group permissions and ACL are not applied on them.
What is the good way to it in OMV?
I tried by unchecking "users" group in OMV GUI (when I edit an user users account), but it's not applied after save it.
I've uncheck "users" group and check "nogroup" group in OMV GUI, but "users" group stays applied after save:
in groups list (getent group) user "test2" is moved from "users:x:100:" to "nogroup:x:65534:"
users:x:100:test1
nogroup:x:65534:test2
but "users" group is always present in OMV GUI, and in /etc/passwd file :
test2:x:1001:100::
I've manualy modified /etc/passwd file :
test2:x:1001:65534::
"users" group is no more present in OMV GUI :
I've checked result after rebooting OMV, and changes stay applied (I've no update to apply to check result after OMV update).
Is it correct or not recommended to do that?
Thank you,
Chris
Hello,
I would like to remove home directory for some users accounts (which are used as service like docker user account), because I've enable "User home directory" in OVM ("Settings" tab of "Acces Rights Management > User"). and I've enable "Home directories" in SMB ("Services > SMB/CIFS") too.
What is the good way to it in OMV?
I didn't see option in OMV GUI, then I've manualy modified /etc/passwd file.
I've tried two way:
- removing home directory path (username:x:UID:GID:Comment::/usr/sbin/nologin)
- replacing home directory path by /nonexistent (username:x:UID:GID:Comment:/nonexistent:/usr/sbin/nologin)
Is there a best way between them?
I've checked result after updating OMV or creating a new user account, and changes on /etc/passwd file stay present.
FYI if "User home directory" is disable/enable in OVM ("Settings" tab of "Acces Rights Management > User"), all changes on /etc/passwd file are removed.
Thank you,
Chris
Ok thank you for your help Zoki, I'll test it.
Do you really want everyone to read / write your private files?
Thank you Zoki, I undestand your security advices.
I think I've established a correct strategy :
- It's a Home NAS, with four users only.
- I've created a dedicated/exclusive user and group for Filerun docker, with limited right (no home, no ssh, no login, no password reset allowed...).
- With the inherit ACLs, I plan to push the Filerun docker group only (not the Filerun docker user account).
- The inherit ACLs would be applied at the root of each user home directory, and a "no access" ACL will be applied for all other user accounts.
I think (but I may be wrong) that it'll be not less secure than the default setup : by using Filerun (ou NextCloud) to sync and manage personal data, I already give full right to these third part app on data.
If I'm not mistaken...
- files and subfolder created from the third part app (like Filerun or NextCloud), obtain the default permissions :
docker-user as Owner with "Read/Write/Execute"
docker-group as Group with "Read/Write/Execute"
- files and subfolder created from SMB, obtain the default permissions :
user-account as Owner with "Read/Write/Execute"
users as Group with "None"
With inherit ACLs, I would like that...
- files and subfolder created from SMB, obtain the default permissions :
user-account as Owner with "Read/Write/Execute"
docker-group as Group with "Read/Write/Execute"
I don't want to create a shared folder "above" the homes folder and set the ACLs / permissions on it, because this shared folder will have to be added in SMB (to set inherit ACLs) and it'll be seem from (exposed on) the network.
One advantage to enabled user home directories in SMB, is that I don't have to create a shared folder.
But the disadvantage is that I can set inherit ACLs on it friendly.
I did some tests, and if I'm not mistaken, to be operational an inherit ACLs under SMB has to be applied on the shared folder, not on a subfolder.
Do you know how I can apply inherit ACLs to all home directory shared folder ?
Thank you for your help 
Chris
Hi,
I had customized location of the home folder in OVM ("User home directory" in "Settings" tab of "Acces Rights Management > User").
And I've enabled user home directories ("Home directories" in "Settings" tab of "Services > SMB/CIFS").
That automaticly add the home directory shared folder of the authenticated user at the root of the NAS.
It's perfect for my need!
Because it's done without I've to add a shared folder in SMB ("Shares" tab of "Services > SMB/CIFS"), I'm not able to set "Inherit ACLs" for this home directory shared folder.
But I need to set ACLs and to activate inherit ACLs to all home directory shared folder, to allow third part app (as Filerun) to be able to ready/write into subfolder created from SMB access (vs created from Filerun).
I can set ACLs on home directory shared folder, from "ACL" tools in "Access Rights Manageemnt > Shared Folders".
But how can I set inherit ACLs as default for all home directory shared folder ?
Thank you for your help
Chris
pydio..?
Hi John, I saw Pydio in my Web searchs, but I've never tried it.
Do you use it?
You can evaluate to use the "remote storage" app in Nextcloud to access any existing smb share.
Ok thank you macom.
I've not used NextCloud recently but I remember something about "remote storage" app in Nextcloud.
But my objective is more to be able to access to my Nextcloud data from SMB.
For example, I would like to access via SMB to pictures that Nextcloud has autmoticly uploaded from my mobile phone (to the Nextcloud docker on my OMV server).
And I'm not sure that it's possible?
With Filerun I can set an OMV shared folder, and I'm able to access to the Filerun data from SMB (with same view as Filerun).
Hi,
OMV is really great.
There are two additionnal features which would bring it to my perfect setup:
- a files syncing app/client
- a file manager app/client (or a Web file manager) with files viewer and editor
both cross platform and with OVM users accounts authentication.
Waiting these features may become native/plugin in OMV a day, I would like your advices.
I've found different combinations to build something close to this.
Seafile looks like a good files syncing app, I didn't try it, but I don't think we can preview and editing files from it.
OwnCloud and NextCloud are good option but they manage files in their own way/db, and data are not friendly readable from SMB/NFS.
The best option I've found, is Filerun with NextCloud app.
File Browser is also a good Web file manager, but I don't think it includes cross platform syncing app.
A combination could be Seafile and File Browser to complete OMV SMB/NFS, but it involves three different accounts by user!
LDAP Directory should be a good option about single users accounts, but it's no more supported on OVM 5, and I don't think its OMV6 support is planed.
Do you have anymore suggestions about other combinations or options?
Thank you for your help
Chris
Hi,
I've installed Docker on another SSD drive, following the guide "How to Prepare OMV to install docker applications".
This SSD drive will contain "docker" and "config" directories/data only
As I read, there is no benefit to do a full backup of this SSD drive.
Thus I plan to create a Scheduled Job in OVM to backup each volume (stopping the containers during backup), as explain in this post.
Can I use rsnapshot plugin to do these volumes backup?
Do I have to backup others files/directories from this SSD drive?
Thank you,
Chris
Great, thanks a lot mi-hol
QuoteTo me it does not make sense to post different smb settings as these settings are serving a purpose. So they might make sense or not depending on the use case.
If you want to check whether or not a setting makes sense for your situation, it might be best to consult the documentation
Ok macom I understand your position.
I forgot to specify this post is to share experience and to give some recommendations about generic extra options which are usually interesting to apply.
Each is free to apply or not them.
Hi,
I found several posts about extra options to tuning and optimize SMB/CIFS services, but many are old posts or replicate the same content.
Thus I open this post to invite everyone using options to add theirs.
Thank you for your help and advices
Chris
Tuning Samba for more speed (Feb 29th 2016, MV Forum)
socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536
read raw = yes
write raw = yes
max xmit = 65535
dead time = 15
getwd cache = yes
# Optionnal:
min protocol = smb2
# Not required (already applied):
log level = 1
# doguibnu member added seetings definition in his post.Tuning Samba for more speed 2 (Jul 31st 2016, OMV Forum)
# Same as below, with
read raw = yes 1
[How-To] Hide Shared Folders that a User can't access (Jan 19th 2020, OMV Forum)
access based share enum = yesOpen Media Vault SMB performance quick win (June 29th 2020, techie-show.com)
# Same as the first, without
dead time = 15
# sorin added seetings definition in his article.And this post which resumes preview posts
Does OMV5 still benefit from SMB tweak/tuning? (Apr 7th 2020, reddit.com)
Uncheck the browsable flag and the samba homes share will disapear
Thank you Chente and Zoki
Ok thank you Chente, but my question is about another "strange" thing.
As you said, I had customized location of the home folder in OVM (to "testhome" shared folder, under "User home directory" on "Settings" tab of "Acces Rights Management > User").
All run correctly, and a home folder was created in "testhome" for all user accounts (with a home directory set).
But after enable "user home directories" on "Settings" tab from "SMB/CIFS" service, a shared folder named "homes" appears (at the root of the NAS).
When a OVM user account is authentified (in Windows 10) to access into the shared folder "testhome", his personal home folder appears as shared folder at the root of the NAS (\\nas-ip\home-folder), example with user3 authentified:
Folders (and shared folders):
\\nas-ip\hometest\user3
\\nas-ip\user3
\\nas-ip\homes
are the same, as "\\nas-ip\user3" and "\\nas-ip\homes" look like Windows shortcut of "\\nas-ip\hometest\user3" ("\\nas-ip\user3" and "\\nas-ip\homes" are not present on OVM server).
For information, I'm just testing OVM feature "user home directories" on "SMB/CIFS" service.
That a shortcut of the current user appears at the root of the NAS (\\nas-ip\user3), could be interessing.
But I've no interest about the "homes" folder.
I don't why this "homes" folder appears, and what is this role/function?
Does someone know about these both shortcut of users' home folder?
Is it possible to disable "homes" shared folder, or rename it?
I had found a post on the same subject without answer (Confusion with homes sharing via SMB).
Thus I've created this post with my description.
Thank you for your help and advices
Chris
Hi,
When I enable "user home directories" on "Settings" tab from "SMB/CIFS" service, the home directory of the current authentified user appears as shared folder at the root of the NAS (\\nas-ip\home-directory).
But another shared folder named "homes" appears too, and it seems be a shortcut to the home directory of the current authentified user account.
Could you please tell me if we could disable this "homes" shared folder, or rename it?
Thank you,
Chris
Thank you Chente and Zoki
Hi,
I've read the nice guide "How to Prepare OMV to install docker applications" from Chente, and I have some questions please.
Quote2. Create symlinks /SSD and /DATA
- Repeat the process to create the /DATA symlink. The path is found in Storage> Shared folders>
Can I take DATA path from "File system" instead "Shared folders"?
Both paths are the same, but does Chente's comment mean DATA has to be a shared folder?
In my case, I would like to manage distinctly shared folders tree and container volumes, by sharing some specefic folders/data from container volume only.
Thus I don't think DATA symlink need to be created, isn't it?
Quote5. Create the user appuser.
- In the OMV GUI go to User Management> Users> click on + Create and define the name userapp and password, in the groups field we add it to the groups docker and users. Click on save.
Does userapp account can created with shell "user/sbin/nologin" ?
Usually, userapp account should not need to open ssh connexion to OMV server, then it could be more secure that userapp account is created with shell "user/sbin/nologin", isn't it?
Thank you for your help and advices.
Chris