Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision |
docs_in_draft:nas_permissions [2024/04/24 01:36] – [Adding LAN Users to OMV] crashtest | docs_in_draft:nas_permissions [2024/04/24 02:17] – [Permissions Notes:] crashtest |
---|
===== Shared Folder Permissions ===== | ===== Shared Folder Permissions ===== |
\\ | \\ |
By default, the majority of files and folders on the OMV file server are owned and accessed solely by the **root** user account. Since that is not useful in a networked environment, user access to a NAS server storage location is changed by the creation of a “**Shared Folder**”. Creating a shared folder is covered in the New User's Guide under [[https://wiki.omv-extras.org/doku.php?id=omv7:new_user_guide#setting_up_a_shared_folder|Setting up a Shared Folder]]. This process physically creates the folder and assigns usable permissions to the folder, that allow regular user access.\\ | By default, the majority of files and folders on the OMV file server are owned and accessed by the **root** user account. Since that is not useful in a networked environment, user access to a NAS server storage location is changed by the creation of a “**Shared Folder**”. Creating a shared folder is covered in the New User's Guide under [[https://wiki.omv-extras.org/doku.php?id=omv7:new_user_guide#setting_up_a_shared_folder|Setting up a Shared Folder]]. This process physically creates the folder and assigns usable permissions to the folder, that allow regular user access.\\ |
\\ | \\ |
The default permissions assigned to a new Shared Folder, in OMV's GUI, are (in this case **Test** is the Shared Folder):\\ | The default permissions assigned to a new Shared Folder, in OMV's GUI, are (in this case **Test** is the Shared Folder):\\ |
**In the interests of clarity**: | **In the interests of clarity**: |
* The field that is labeled **File, owner and group** (above) assigns **Standard Linux permissions**. | * The field that is labeled **File, owner and group** (above) assigns **Standard Linux permissions**. |
* For home server use and to keep server permissions simple, use **Standard Linux Permissions**. | * For home server use and to keep server permissions simple, use only **Standard Linux Permissions**. |
* Under Standard Linux Permissions, “**Others**” means any user that is not **root** or any user that is NOT in the Group **users**. This includes members of other Groups and **anonymous** login's. **Others**, in this example, have **Read/Execute**. | * Under Standard Linux Permissions, “**Others**” means any user that is not **root** or any user that is NOT in the Group **users**. This includes members of other Groups and **anonymous** login's. **Others**, in the above example, have **Read/Execute**. |
* The field that is labeled **File access control lists** (above) are **ACL's - (Access Control List)**. | * The field that is labeled **File access control lists** (above) are **ACL's - (Access Control List)**. |
* **DO NOT** not mix **ACL's** with **Standard Linux Permissions**, without understanding the **//exact//** effects. When using **Standard Linux Permissions**, the boxes under **File access control lists** should __NOT__ be checked. | * **DO NOT** not mix **ACL's** with **Standard Linux Permissions**, without understanding the **//exact//** effects. When using **Standard Linux Permissions**, the boxes under **File access control lists** should __NOT__ be checked. |
**In the following; Samba**, under **Services**, **SMB/CIF**, in the **Settings** tab is assumed that the **Enabled** box is checked.\\ | **In the following; Samba**, under **Services**, **SMB/CIF**, in the **Settings** tab is assumed that the **Enabled** box is checked.\\ |
\\ | \\ |
Under **Services**, **SMB/CIF**, click the **Shares** button. Then click on the **+Add** button. | Under **Services**, **SMB/CIF**, click the **Shares** button. Then click on the **+Create** button. |
| |
* **Shared Folder:** | * **Shared Folder:** |
Warning | Warning |
</span></strong></td></tr><tr><td style="background-color:#FFE4A6;height:25px;width:380px;"> | </span></strong></td></tr><tr><td style="background-color:#FFE4A6;height:25px;width:380px;"> |
Below the list of admin created user accounts are <b>System Accounts</b>.<br> | In the ACL field, below the list of administrator created user accounts, are <b>System Accounts</b>.<br> |
System Accounts are defaults that are created for server operations. Admin's should <b>NOT</b> change permissions or ACL settings for System accounts. Doing so may render the server installation inoperable. | System Accounts are defaults that are created for server operations. Admin's should <b>NOT</b> change permissions or ACL settings for System accounts. Doing so may render the server installation inoperable. |
</tr></table></body></html> | </tr></table></body></html> |
* In the Shared Folder, the group **users** have **write**. This is necessary so that **Fred**, who is the family server administrator, can **write** to the share from his client. | * In the Shared Folder, the group **users** have **write**. This is necessary so that **Fred**, who is the family server administrator, can **write** to the share from his client. |
* Samba Public access is set to **Guests allowed** which works with the Shared Folder permission **Others: Read** These permissions and Samba settings will allow visitors **read** access to media shares such as music or movies. | * Samba Public access is set to **Guests allowed** which works with the Shared Folder permission **Others: Read** These permissions and Samba settings will allow visitors **read** access to media shares such as music or movies. |
* **Read Only is ON**. This will further restrict the Group users down from **Write** to **Read only** access. With young children accessing a share, **Read only** is a good idea to prevent the possibility of an accidental deletion of media files. | * **Read Only is ON**. This will further restrict the Group users down from **Write** to **Read only** access. With young children accessing a share, **Read only** is a good idea to prevent the possibility of the accidental deletion of files. |
* The Samba **''write list''** bypasses the Samba **Read Only** setting for one user, allowing **Fred** to **write** to the share for admin purposes.\\ | * The Samba **''write list''** bypasses the Samba **Read Only** setting for one user, allowing **Fred** to **write** to the share for admin purposes.\\ |
\\ | \\ |
\\ | \\ |
* The Group **users** have **write**. | * The Group **users** have **write**. |
* While **Others** have **read**, at the Shared Folder, SMB **Public** is set to “**NO**” which stops all users who are not in the Group **users**. Guests are not allowed. (The same effect, no Guest users, could be achieved at the Shared Folder level with **Others – None**.) | * While **Others** have **read**, at the Shared Folder, the SMB **Public** setting is set to “**NO**” which stops all users who are not in the Group **users**. SMB Guests are not allowed. (The same effect, no Guest users, could be achieved at the Shared Folder level with **Others – None**.) |
* **Read only** is **OFF** so Shared Folder permissions allow all members of the Group users to write to the share.\\ | * **Read only** is **OFF** so Shared Folder permissions allow all members of the Group users to write to the share.\\ |
\\ | \\ |
\\ | \\ |
* Additions of new users or changes to existing user accounts, such as password changes, would need to be replicated at the server. | * Additions of new users or changes to existing user accounts, such as password changes, would need to be replicated at the server. |
* Some use cases may benefit from using the [[https://pureinfotech.com/credential-manager-windows-10/|Credential Manager]] built into Win10. | * Some use cases may benefit from using the [[https://pureinfotech.com/credential-manager-windows-10/|Credential Manager]] built into Win10 and 11. |
\\ | \\ |
---- | ---- |