Windows Samba file owners permissions

[JRascagneres]

As seen in the below screenshot whenever I make a file it gets created with my 'windowspc' user which is a user created through UNRAID and then used to access my share through windows. However, this means that when I want to view the file from another user I don't have permission to access it. Anyway to allow all users to access this?

 

[Frank1940]

Are you using SMB to write these files? 

 

IS this computer a VM running under Unraid OS?

[JRascagneres]

I wrote the C file from an NFS share on my ubuntu machine. 
The New Folder was created from my SMB share on my windows machine.

The computer is not a VM. Personal machine on the network.

[Frank1940]

Did you map this share as a Drive?    (example:   \Z:  )

 

Or did you create it with Windows Explorer?

[JRascagneres]

I mapped the drive

[John_M]

On the Shares page of the GUI you'll see two columns, labelled SMB and NFS. For that particular user share (backups) it is behaving as though it is set to Public for NFS sharing and Private for SMB sharing. If that's the case you need to change the SMB sharing to Public.

 

 

Edited May 30, 2021 by John_M
Added screenshot

[JRascagneres]

Can I not keep it private but somehow make sure all users can access it?

[John_M]

There's the Secure option that might fulfill your requirements. Turn on Help in the GUI for more information on that.

 

[JRascagneres]

How would secure affect how other users can read / write a file written by another user?

[John_M]

From the online help:

 

Quote

Security modes:

• '-' -- user share is not exported and unavailable on the network
• Public -- all users including guests have full read/write access (open access)
• Secure -- all users including guests have read access, write access is set per user (limited access)
• Private -- no guest access at all, read/write or read-only access is set per user (closed access)

 

[JRascagneres]

Yeah I know but still not sure how that helps anything? Still doesn't affect write access?
My problem:
user1 writes a doc on SMB
user2 attempts to access doc - Doesn't have permission as doc owner is set to user1

[Frank1940]

10 hours ago, JRascagneres said:

 

 Look at the '+' sign at the end of the permissions.  That should normally not be there.    You can find more information about this if you google :

 

what is "+" in drwxrwxrwx+

 

I do know that running either the   Docker Safe New Perms  or the    New Permissions  scripts found on the   Tools      tab will set the owner, group and permissions correctly on the Share.    You only want to run either of these utilities on the directory/folder that has the issue.  What I am not sure is if either one will fix that "+" attribute...

 

Question:  When you mapped the drive on your Windows computer, did you play with the permissions in the Properties on the mapped drive?  

Edited May 31, 2021 by Frank1940

[John_M]

24 minutes ago, Frank1940 said:

what is "+" in drwxrwxrwx+

 

It means ACLs are in use, which is how Unraid manages Private and Secure user shares, giving different users specific read/write permissions, which is not possible using basic Unix permissions.

 

[John_M]

2 hours ago, JRascagneres said:

user2 attempts to access doc - Doesn't have permission as doc owner is set to user1

 

He does if you've given him permission in the user share's configuration:

 

2 hours ago, John_M said:

access is set per user

 

[John_M]

In the GUI go to Settings -> Users. Add a user to Unraid for each Windows user you have. If you make the names and passwords identical to how they are in Windows, you'll save yourself a lot of grief.

 

In the GUI go to Shares. Create a new user share. In SMB Security Settings make it Private or Secure, depending on whether you want to allow guest read access. In SMB User Access set up for each user whether he has read and/or write access.

 

If you want guest write access, just make it Public instead.

 

Each file/directory is owned by its creator and additional read/write permissions for other users are stored in ACLs.

[Frank1940]

@John_M, Interesting.  I have never seen this and I do use 'Secure' Shares.   I have no doubt that is because of the way that I actually implement its use.

 

Most of my shares are actually 'Secure'.  As I basically use my two Unraid servers in a 'write once-read many' type of operation.  In fact, these Secure Shares have no users assigned to them to prevent direct write access to them using SMB.  (This basically prevents Malware from having write access from a Windows client!)  But it does allows 'Public' access to able to read the files.   (New files are added by having the cache drive being shared as 'Public' Disk Share.  Files are transferred to the cache drive and placed into a folder on that drive that mimics the Share that the file is to end in.  Unraid's Mover will then transfer the file to the Secure Share on the array.) 

 

 

[John_M]

12 hours ago, Frank1940 said:

Most of my shares are actually 'Secure'.

 

That's a clever use of the options available to you. I haven't done a lot of testing but I think the ACLs are set up when a second user is given permissions to access a share in the SMB User Access section (ie. when Unix permissions are no longer sufficient). They are simply applied to the top level directory and propagated to its contents. I think the majority of users settle for Public shares because they are the default, they usually "just work" and because Windows networking is already more fraught with difficulties than it needs to be.