Permissions - others can read, not write


Recommended Posts

unRAID 6.3.5

Mac OS X Sierra 10.12.5 (shouldn't matter)

SMB shares

 

I have an unRAID SMB share for my family called "Family".

 

Export: Yes

Enhanced OS X interoperability: Yes

Security: Private

 

All members have Read/Write permissions.

 

Now, if I create a folder in that share with my OS, it gets the permissions: drwxr-xr-x and is owned by me:users.

If I create a folder on my desktop and drag/drop it into that share with my OS, it also gets the permissions drwxr-xr-x and is owned by me:users.

 

If I create a new file with, say, Microsoft Word and save it into that share, it gets the permissions: -rw-rw-rw- and is owned by me:users.

If I copy an existing file from my computer to that share through my OS, it gets the permissions: -rw-r--r-- and is owned by me:users.

 

The problem is that my other users are not able to edit any of the documents or rename the folders that I create. And vice versa. How do I set unRAID shares up such that the users who have access to the Family share can truly share any document/folder in that share?

 

In the UNIX world I would make them all part of a separate group, change the ownership of the shared folder to that group, and give that group rw access, right? How can I do that with unRAID?

 

Thanks!

 

Link to comment

Let me ask you a few question? 

 

1--  Have a look at the 'Family' share under the tab 'Shares'.  Double click on that 'Family' share name and select ' SMB Security Settings' tab (or move to it if you are using the non-tab setup).   Look at the bottom for the 'SMB User Access'.  You should see all of your family members listed there and dropdown box for the permission that you want to grant them.  Do you have that?

 

2-- What permissions have you give them?

 

As I recall when I did it, you have to setup all of your family members as users on the 'Users'  section and then give them the required permission in the    'Shares'  >>  'SMB User Access' section.  (I assume what is happening behind the scenes is that your users are being assigned to some "group" on the Linux end but on the Windows side, you are giving permission to each user on a case-by-case basis. 

 

I am no expert in this area but let me give you one piece of advice.  Don't assign user names which are the same as their user name under Windows or assign a user name that is the same as the name of one of the Windows computers.  What I would suggest it to do this.  If one of your users is sam on his Windows computer, assign him a name of sam1 on your unRAID server.  (This can save you from some very confusing issues where people are able to log on the server one time and not the next time!!!)

Edited by Frank1940
Link to comment
  • 4 weeks later...

Login on either the console or PuTTY session and type:

 ls -al  /mnt/user

You should see some thing like this:

drwxrwxrwx 1 nobody users        4096 Aug 13 16:20 Media/

Note the the owner is "nobody" and the group is "users".  As you go deep into the tree, these owner and group settings should consistent for all of the data files and directories in this section of the file system.  Is this what you are finding?

Link to comment
  • 2 weeks later...
On 8/27/2017 at 10:05 AM, ksignorini said:

Running Docker Safe New Permissions (part of the Community Applications Fix Common Problems suite) seems to have fixed this.

 

Then again.

 

After running New Perms, anything that is now nobody:users is modifiable by any user. However, if user A now creates a folder in the root of the share, it's owned as such: userA:users but is not modifiable by any other user. If User A places a new file in the root of the share, it's the same situation: userA:users and not modifiable by anyone else.

 

Is this what's supposed to happen?

 

Is there any way in unRAID to truly have a share who's files and folders are completely modifiable by any user who's privilege is read/write, regardless of who created the files?

Link to comment

I just tried this.  Created a file in the root of a share.  Its permissions were

-rw-rw-rw- 1 andrew users   0 Aug 31 17:24 test.txt

 

Created a directory in the root

drwxrwxrwx 1 andrew users    29 Aug 31 17:24 test/

 

Logged out of my user and logged in as my wife who normally does not have any write permission to the share.  It would not allow her to modify the file or create one.

 

I changed her security to allow RW access to the share, and I was able to have her user successfully modify files in the share that were owned by myself, and create new ones that I (andrew) could modify no problems.

root@Server_A:/mnt/user/Movies/test# ls -al
total 4
drwxrwxrwx 1 andrew users  48 Aug 31 17:28 ./
drwxrwxrwx 1 nobody users 100 Aug 31 17:24 ../
-rw-rw-rw- 1 tracey users   0 Aug 31 17:28 blah.txt
-rw-rw-rw- 1 andrew users   6 Aug 31 17:28 test.txt

Perhaps you're hitting credential caching by windows?

Link to comment
8 minutes ago, ksignorini said:

Is there any way in unRAID to truly have a share who's files and folders are completely modifiable by any user who's privilege is read/write, regardless of who created the files?

 

Could you explain exactly by what process the folders and files are being created.   Walk us through the entire procedure.  I assume that it is being done on a network but what protocol ---SMB, NFS, AFP.  What OS is that user using and what application is being used.  Remember that Linux has provision for three different classes of users ---- owner, group and other.  As @Squid  showed these permission in his file listing.   IF you are not familiar with Linux permission setup, you can google for an explanation of what this listing means.  

 

I do not use Mac but I do know that it is UNIX/Linux based so I would suspect that it has a very similar setup. 

Link to comment

So I just created a new share called FamilyTwo. You can see the SMB setup in the screenshots. To test, here's what I did:

 

  1. Logged into computer as Kent and created folder "MadeByKent" in FamilyTwo. The computer's Kent account connects to unRAID via SMB with the credentials for the unRAID "Kent" user.
  2. Logged into computer as Allison and created folder "MadeByAllison" in FamilyTwo. The computer's Allison account connects to unRAID via SMB with the credentials for the unRAID "Allison" user.
  3. On a Mac, when you right-click on a folder for the context menu, if you have write access to a file or folder, one of the options in the menu is "Rename." I logged back into the computer as Kent and checked both the "MadeByKent" and "MadeByAllison" folders for writability by right-clicking on each. You can see the results in the screenshots--Kent can rename the "MadeByKent" folder but not the "MadeByAllison" folder. Again, remember, this is done as the computer user Kent who has credentials for the unRAID user "Kent."

I suppose I'll try this from a Windows VM next and see what happens.

 

 

Screen Shot 2017-08-31 at 3.42.05 PM.png

Screen Shot 2017-08-31 at 3.41.32 PM.png

Screen Shot 2017-08-31 at 3.39.46 PM.png

Screen Shot 2017-08-31 at 3.39.58 PM.png

Link to comment

The permissions on the created files are incorrect.

 

I just have no idea if this is a Mac issue, or OSX Interoperability issue, so unfortunately I'm unable to help any further.  Hopefully someone with a Mac will chime in and be able to determine where the issue actually lies.

Link to comment
1 minute ago, Squid said:

The permissions on the created files are incorrect.

 

I just have no idea if this is a Mac issue, or OSX Interoperability issue, so unfortunately I'm unable to help any further.  Hopefully someone with a Mac will chime in and be able to determine where the issue actually lies.

 

Can you throw up a quick screenshot of folder permissions (ls -la) so I can compare. You say they're incorrect, but I'm not sure in which way.

 

Thanks again.

Link to comment

Well I'll be damned.

 

So I started up a Windows 7 VM using Parallels on the Mac (kind of like VMWare but arguably better on the Mac) and connected to FamilyTwo using SMB and the Kent credentials on unRAID.

 

I created a new folder.

 

It's 777. I'll be.

 

It looks like it's something with how the Mac is connecting to SMB that's causing this. How can no one ever have noticed this before?

 

Next step... test out that Enhanced OS X Interoperability flag that got introduced in 6.3.x

Link to comment

So.

 

After much testing, I'm convinced it has to do with the Enhanced OS X Interoperability and what's called VFS Fruit. Unfortunately, I don't have a solid understanding of VFS Fruit. I do know that it's more complicated that just turning a flag on/off in the Samba implementation if you want it to work correctly.

 

 

I will try to reach the unRAID developers to discuss how this is implemented. I know when I briefly tried FreeNAS, there were multiple VFS flags to set if you set Fruit on (which was optional).

 

For now, it seems, that if I leave it off, it operates like Windows as far as permissions are concerned. Performance, speed, and enhanced operability be damned.

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.