Posts by omv-freak

    Just to add another hint to the topic "security":

    If you create a new samba share with default options/parameters, user2 still can edit/delete files/folders of user1. Steps to reproduce (assumption two users exists with default parameters):

    • shared folders -> Add
    • Enter name: "samba" and choose a volume
    • Save
    • SMB/CIFS -> Shares -> Add
    • Enter shared folder: "samba"
    • Save
    • mount the new share "samba" on one client as user1 and on another client as user2.
    • create a file as user1 (in main folder of share!)
    • try to edit or delete this file as user2
    • file will be edited/deleted

    This does not work for files in subfolders of the share. Also deletion of folders does only work if they are empty. I tried this with linux clients (cifs) and win7 clients and both behaved the same way.

    Now we are back to our office situation. How can I make sure that files which user1 has created (in main/root folder of the share) can't be modified or deleted by user2?

    Alternatively you could add those parameters to the "extra options" of the share. These parameters are added below the "default parameters" so that the defaults are ignored.

    For testing I changed extra options to:


    create mask = 0775
    force create mode = 0664
    directory mask = 0775
    force directory mode = 0775

    Seems to work so far.

    I did a new installation of omv 1.0 (I was using omv 0.4 until today). I also stumbled over the permissions when using a share for multiple users.

    Actually I have to agree with der_Typ. Why do we have "groups", "privileges" and "acl" when we are forcing the share to 0755/0644? That makes no sense. Effectively it doesn't make sense to use groups, privileges and acl for samba shares anymore!

    Talking about an office... it seems that 0755/0644 imitates the functionality of a browsable "home share".
    Sorry, but I don't get the point why this new "feature" does improve security.