Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
nas_permmissions_in_omv [2021/02/24 00:12] – crashtest | nas_permmissions_in_omv [2021/03/15 01:10] – [Samba (SMB) Network Shares] crashtest | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | {{ : | ||
- | |||
- | |||
< | < | ||
Line 8: | Line 5: | ||
- | ====== NAS Permissions In OMV - A Primer | + | ====== NAS Permissions In OMV ====== |
\\ | \\ | ||
\\ | \\ | ||
Line 92: | Line 89: | ||
===== Shared Folder Permissions ===== | ===== Shared Folder Permissions ===== | ||
\\ | \\ | ||
- | By default, the majority of files and folders on the OMV file server are owned and accessed solely by the root user account. | + | By default, the majority of files and folders on the OMV file server are owned and accessed solely by the **root** user account. |
\\ | \\ | ||
The default permissions assigned to a new Shared Folder, in OMV's GUI, are:\\ | The default permissions assigned to a new Shared Folder, in OMV's GUI, are:\\ | ||
Line 128: | Line 125: | ||
Under **Services**, | Under **Services**, | ||
- | * Shared Folder: | + | |
In this case, we're layering a Samba network share on top of the “Test” Shared Folder, previously created. | In this case, we're layering a Samba network share on top of the “Test” Shared Folder, previously created. | ||
- | * Public: | + | |
In this case, the entry selected is No.\\ | In this case, the entry selected is No.\\ | ||
\\ | \\ | ||
Line 138: | Line 135: | ||
* If the SMB **Public** field is set to “**Guests Allowed**”, | * If the SMB **Public** field is set to “**Guests Allowed**”, | ||
* Beyond **Public access** choices, Samba assumes that appropriate user permissions have been assigned to the bottom layer, at the Shared Folder level. | * Beyond **Public access** choices, Samba assumes that appropriate user permissions have been assigned to the bottom layer, at the Shared Folder level. | ||
- | * As shown below, if **Read only** is **ON** (green), **users** with **write** access to the Shared Folder, will not be able to add (write), modify or delete files. | + | * If **Read only** is **ON** (green), **users** with **write** access to the Shared Folder, will not be able to add (write), modify or delete files. |
\\ | \\ | ||
---- | ---- | ||
Line 148: | Line 145: | ||
Understanding permissions effects, specifically the combination of various settings, is important. | Understanding permissions effects, specifically the combination of various settings, is important. | ||
- | * If a “host is allowed” but the username doesn' | + | * If a “host is allowed” but the username doesn' |
- | * If a host is denied but the username has access, the result is still denied. | + | * If a host is denied but the username has access, the result is still **denied**. |
* Consumer router behavior is not always consistent. | * Consumer router behavior is not always consistent. | ||
* Many consumer routers do not consistently map host names to IP address which may make “allow” or “deny” by host name inconsistent.\\ | * Many consumer routers do not consistently map host names to IP address which may make “allow” or “deny” by host name inconsistent.\\ | ||
\\ | \\ | ||
- | For these reasons and more, host entries should | + | For these reasons and more, host entries should |
\\ | \\ | ||
- | {{ : | + | {{ : |
\\ | \\ | ||
**Extra options: | **Extra options: | ||
\\ | \\ | ||
- | However a “**write list**” will allow an administrator to selectively bypass the Samba **Read only** switch. | + | However a “**write list**” will allow an administrator to selectively bypass the Samba **Read only** switch. |
\\ | \\ | ||
- | The same could be done for the entire | + | The same could be done for the Group **users** |
- | Adding this statement would allow the entire users group, over the network, **write** access while restricting **Others** with the **Read only switch**.\\ | + | Adding this statement would allow the entire |
\\ | \\ | ||
---- | ---- | ||
Line 189: | Line 186: | ||
Note the check marks under **No access** for **Johnny** and **Betty**. | Note the check marks under **No access** for **Johnny** and **Betty**. | ||
\\ | \\ | ||
- | **Johnny** and **Betty** will have no access to the **Test** share, while the remaining users in the Group users will have **Write**. | + | **Johnny** and **Betty** will have no access to the **Test** share, while the remaining users in the Group **users** will have **Write**. |
\\ | \\ | ||
---- | ---- | ||
Line 203: | Line 200: | ||
==== Practical Permissions Examples ==== | ==== Practical Permissions Examples ==== | ||
\\ | \\ | ||
- | (In the following examples, root as the owner is assumed.)\\ | + | (In the following examples root, as the owner, is assumed.)\\ |
\\ | \\ | ||
In the examples, the list of users are as follows: | In the examples, the list of users are as follows: | ||
Line 236: | Line 233: | ||
=== A Restricted Share === | === A Restricted Share === | ||
\\ | \\ | ||
- | This share is for private information, | + | This share is for private information, |
\\ | \\ | ||
A significant point to be made about this example is that one or more users can be set to **Read only** or **No Access** without disturbing the access of the remaining members of the Group **users**. | A significant point to be made about this example is that one or more users can be set to **Read only** or **No Access** without disturbing the access of the remaining members of the Group **users**. | ||
Line 246: | Line 243: | ||
{{ : | {{ : | ||
\\ | \\ | ||
- | After selecting group usernames for No access (or **Read-only**) it's important to turn **Recursive ON** (green), before clicking the **Apply** button. | + | After selecting group usernames for **No access** (or **Read-only**) it's important to turn **Recursive ON** (green), before clicking the **Apply** button. |
\\ | \\ | ||
**Note:**\\ | **Note:**\\ | ||
Line 263: | Line 260: | ||
{{ : | {{ : | ||
\\ | \\ | ||
+ | ---- | ||
===== The Bottom Line ===== | ===== The Bottom Line ===== | ||
\\ | \\ |