docs_in_draft:nas_permissions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revisionBoth sides next revision
docs_in_draft:nas_permissions [2024/04/24 01:36] – [Adding LAN Users to OMV] crashtestdocs_in_draft:nas_permissions [2024/04/24 02:17] – [Permissions Notes:] crashtest
Line 95: Line 95:
 ===== Shared Folder Permissions ===== ===== Shared Folder Permissions =====
 \\ \\
-By default, the majority of files and folders on the OMV file server are owned and accessed solely by the **root** user account.  Since that is not useful in a networked environment, user access to a NAS server storage location is changed by the creation of a “**Shared Folder**”.  Creating a shared folder is covered in the New User's Guide under [[https://wiki.omv-extras.org/doku.php?id=omv7:new_user_guide#setting_up_a_shared_folder|Setting up a Shared Folder]]. This process physically creates the folder and assigns usable permissions to the folder, that allow regular user access.\\+By default, the majority of files and folders on the OMV file server are owned and accessed by the **root** user account.  Since that is not useful in a networked environment, user access to a NAS server storage location is changed by the creation of a “**Shared Folder**”.  Creating a shared folder is covered in the New User's Guide under [[https://wiki.omv-extras.org/doku.php?id=omv7:new_user_guide#setting_up_a_shared_folder|Setting up a Shared Folder]]. This process physically creates the folder and assigns usable permissions to the folder, that allow regular user access.\\
 \\ \\
 The default permissions assigned to a new Shared Folder, in OMV's GUI, are (in this case **Test** is the Shared Folder):\\ The default permissions assigned to a new Shared Folder, in OMV's GUI, are (in this case **Test** is the Shared Folder):\\
Line 112: Line 112:
 **In the interests of clarity**: **In the interests of clarity**:
   * The field that is labeled **File, owner and group** (above) assigns **Standard Linux permissions**.     * The field that is labeled **File, owner and group** (above) assigns **Standard Linux permissions**.  
-  * For home server use and to keep server permissions simple, use **Standard Linux Permissions**. +  * For home server use and to keep server permissions simple, use only **Standard Linux Permissions**. 
-  * Under Standard Linux Permissions, “**Others**” means any user that is not **root** or any user that is NOT in the Group **users**.  This includes members of other Groups and **anonymous** login's.  **Others**, in this example, have **Read/Execute**.+  * Under Standard Linux Permissions, “**Others**” means any user that is not **root** or any user that is NOT in the Group **users**.  This includes members of other Groups and **anonymous** login's.  **Others**, in the above example, have **Read/Execute**.
   * The field that is labeled **File access control lists** (above) are **ACL's - (Access Control List)**.     * The field that is labeled **File access control lists** (above) are **ACL's - (Access Control List)**.  
   * **DO NOT** not mix **ACL's** with **Standard Linux Permissions**, without understanding the **//exact//** effects.  When using **Standard Linux Permissions**, the boxes under **File access control lists** should __NOT__ be checked.   * **DO NOT** not mix **ACL's** with **Standard Linux Permissions**, without understanding the **//exact//** effects.  When using **Standard Linux Permissions**, the boxes under **File access control lists** should __NOT__ be checked.
Line 133: Line 133:
 **In the following; Samba**, under **Services**, **SMB/CIF**, in the **Settings** tab is assumed that the **Enabled** box is checked.\\ **In the following; Samba**, under **Services**, **SMB/CIF**, in the **Settings** tab is assumed that the **Enabled** box is checked.\\
 \\ \\
-Under **Services**, **SMB/CIF**, click the **Shares** button. Then click on the **+Add** button.  +Under **Services**, **SMB/CIF**, click the **Shares** button. Then click on the **+Create** button.  
  
   * **Shared Folder:**    * **Shared Folder:** 
Line 189: Line 189:
 Warning Warning
 </span></strong></td></tr><tr><td style="background-color:#FFE4A6;height:25px;width:380px;"> </span></strong></td></tr><tr><td style="background-color:#FFE4A6;height:25px;width:380px;">
-Below the list of admin created user accounts are <b>System Accounts</b>.<br>+In the ACL field, below the list of administrator created user accountsare <b>System Accounts</b>.<br>
 System Accounts are defaults that are created for server operations.  Admin's should <b>NOT</b> change permissions or ACL settings for System accounts.  Doing so may render the server installation inoperable. System Accounts are defaults that are created for server operations.  Admin's should <b>NOT</b> change permissions or ACL settings for System accounts.  Doing so may render the server installation inoperable.
 </tr></table></body></html> </tr></table></body></html>
Line 239: Line 239:
   * In the Shared Folder, the group **users** have **write**.  This is necessary so that **Fred**, who is the family server administrator, can **write** to the share from his client.   * In the Shared Folder, the group **users** have **write**.  This is necessary so that **Fred**, who is the family server administrator, can **write** to the share from his client.
   * Samba Public access is set to **Guests allowed** which works with the Shared Folder permission **Others: Read**   These permissions and Samba settings will allow visitors **read** access to media shares such as music or movies.   * Samba Public access is set to **Guests allowed** which works with the Shared Folder permission **Others: Read**   These permissions and Samba settings will allow visitors **read** access to media shares such as music or movies.
-  * **Read Only is ON**.  This will further restrict the Group users down from **Write** to **Read only** access.  With young children accessing a share, **Read only** is a good idea to prevent the possibility of an accidental deletion of media files.+  * **Read Only is ON**.  This will further restrict the Group users down from **Write** to **Read only** access.  With young children accessing a share, **Read only** is a good idea to prevent the possibility of the accidental deletion of files.
   * The Samba  **''write list''**  bypasses the Samba **Read Only** setting for one user, allowing **Fred** to **write** to the share for admin purposes.\\   * The Samba  **''write list''**  bypasses the Samba **Read Only** setting for one user, allowing **Fred** to **write** to the share for admin purposes.\\
 \\ \\
Line 249: Line 249:
 \\ \\
   * The Group **users** have **write**.   * The Group **users** have **write**.
-  * While **Others** have **read**, at the Shared Folder, SMB **Public** is set to “**NO**” which stops all users who are not in the Group **users**.  Guests are not allowed.  (The same effect, no Guest users, could be achieved at the Shared Folder level with **Others – None**.)+  * While **Others** have **read**, at the Shared Folder, the SMB **Public** setting is set to “**NO**” which stops all users who are not in the Group **users**.  SMB Guests are not allowed.  (The same effect, no Guest users, could be achieved at the Shared Folder level with **Others – None**.)
   * **Read only** is **OFF** so Shared Folder permissions allow all members of the Group users to write to the share.\\   * **Read only** is **OFF** so Shared Folder permissions allow all members of the Group users to write to the share.\\
 \\ \\
Line 306: Line 306:
 \\ \\
   * Additions of new users or changes to existing user accounts, such as password changes, would need to be replicated at the server.   * Additions of new users or changes to existing user accounts, such as password changes, would need to be replicated at the server.
-  * Some use cases may benefit from using the [[https://pureinfotech.com/credential-manager-windows-10/|Credential Manager]] built into Win10. +  * Some use cases may benefit from using the [[https://pureinfotech.com/credential-manager-windows-10/|Credential Manager]] built into Win10 and 11
 \\ \\
 ---- ----