NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
User and group broken permissions
Hi, I am using latest OS 6.5.1 I setup a share called "torrents" I have two groups: users and famille famille group has one user: enfants In SMB Network access: users: r/w - famille: no acces...
Setup case 1:
test_share: a new share
test_group: a new group
test_user: a new user member of the test_group (no other groups membership)
GUI Network Settings:
test_group r/w
users r/w
admin r/w
test_user no_access
all others: no_access
GUI File Access
Folder owner (jack) r/w
Folder group (users) r/w
test_group r/w
users r/w
admin r/w
test_user no_access
all others: no_access
samba.conf
root@RNDU2000-1:~# cat /data/._share/test_share/samba.conf [test_share] path = /data/test_share comment = "" admin users = "+admin","Administrator" write list = "@test_group","@users","+admin","Administrator" valid users = "@test_group","@users","+admin","Administrator" follow symlinks = 1
getfacl
root@RNDU2000-1:~# getfacl /data/test_share getfacl: Removing leading '/' from absolute path names # file: data/test_share # owner: jack # group: users # flags: --t user::rwx user:admin:rwx group::rwx group:admin:rwx group:users:rwx group:test_group:rwx mask::rwx other::--- default:user::rwx default:user:admin:rwx default:group::rwx default:group:admin:rwx default:group:users:rwx default:group:test_group:rwx default:mask::rwx default:other::---
ls -al
root@RNDU2000-1:~# ls -al /data/test_share total 36 drwxrwx--T+ 1 jack users 50 Jul 12 22:41 . drwxr-xr-x 1 root root 254 Jul 12 20:32 .. -rwxrwx---+ 1 admin admin 11 Jul 12 22:41 test_access.txt
Access from a remote machine with test_user login
test_user can access the test_share folder, read its contents and open the text file
it has full read only access
expected: test_user should have no access to the share
Setup case 2
So that test_user stops being able to access test_share, we must uncheck all access rights from test_group from Network and File access tabs.
I couldn't reproduce the situation where setting the group users to r/w would force test_user to have r/w access even if it was give ro or no mount access
Setup case 3:
GUI Network Settings:
test_group ro
users r/w
admin r/w
jack r/w
test_user r/w
all others: no_access
GUI File Access
Folder owner (jack) r/w
Folder group (users) r/w
test_group ro
users r/w
admin r/w
jack r/w
test_user r/w
all others: no_access
samba.conf
root@RNDU2000-1:~# cat /data/._share/test_share/samba.conf
[test_share]
path = /data/test_share
comment = ""
admin users = "+admin","Administrator"
read list = "@test_group"
write list = "jack","test_user","@users","+admin","Administrator"
valid users = "jack","test_user","@test_group","@users","+admin","Administrator"
follow symlinks = 1
ls -al
root@RNDU2000-1:~# ls -al /data/test_share total 36 drwxrwx--T+ 1 jack users 50 Jul 12 22:41 . drwxr-xr-x 1 root root 254 Jul 12 20:32 .. -rwxrwx---+ 1 admin admin 11 Jul 12 22:41 test_access.txt
Actual behavior:
test_user still has read only access
expected: it should have r/w access
Variant:
to this case 3 setup, if I add rw access to test_group in both Network and File Access, it still has read only access
so, in this case, I found no was to give test_user the r/w access. Sounds like things are stuck for a wired reason
All above commands show a proper output as setup in GUI
Conclusion: the access rights behave randomly and are difficult to reproduce, but are always broken in some way
chopin70 wrote:
Setup case 3:
...
Actual behavior:
test_user still has read only access
expected: it should have r/w access
I set up two different systems exactly as you described here, but it's not reproducing for me on either one. Permissions are consistently correctly enforced.
Wired,
The problem is that the issue is constant, what ever I do.
There is something probably wrong, but what ?
Any way so that we can debug it. As you see, many users are affected and noticed the exact same behaviour.
It is beyond the no access setup I thought: I couldn't get the test_user having a rw access, where some other times I cannot force a ro access and the user will always have rw even if it is configured ro
I understand the current state where you cannot set a no access for user, but it should be more clear in the GUI, like I sugested a few posts above: having an inherit group defaults checked by default or adding a no access option in GUI. I mainly access folders through windows and Android. Fixing the permissions on clients is not a solution. I prefer a solution where I know a given username will have the access I want him to have, whatever the device/machine/os he uses to connect!
I am far from being a novice, the issue is reported by many and seems non constant (groups and users permissions not correctly set), so I'd like to have a way to report it so that you can fix what's going wrong. Also, please consider the GUI changes so that things are more explicit
Many thanks
Setup case 4:
test_share: a new share
test_group: a new group
test_user: a new user member of the test_group (no other groups membership)
GUI Network Settings:
test_group r/w
users r/w
admin r/w
test_user nothing checked
all others: nothing checked
GUI File Access
Folder owner (jack) r/w
Folder group (users) r/w
test_group r/w
users r/w
admin r/w
test_user nothing checked
all others: nothing checked
result: test_user has rw access, as expected following your assumptions of the user inheriting group permissions
Setup case 5:
test_share: previously created
test_group: previously created
test_user: previously created, member of the test_group
GUI Network Settings:
test_group r/w
users r/w
admin r/w
test_user ro
all others: nothing checked
GUI File Access
Folder owner (jack) r/w
Folder group (users) r/w
test_group r/w
users r/w
admin r/w
test_user ro
all others: nothing checked
Reboot NAS and Clients (Android and Windows)
result: test_user has rw access
expected: test_user should have ro only access
Setup case 6:
test_share: previously created
test_group: previously created
test_user: previously created, member of the test_group
GUI Network Settings:
test_group nothing checked
users r/w
admin r/w
test_user ro
all others: nothing checked
GUI File Access
Folder owner (jack) r/w
Folder group (users) r/w
test_group nothing checked
users r/w
admin r/w
test_user ro
all others: nothing checked
Reboot NAS and Clients (Android and Windows)
result: test_user still has rw access
expected: test_user should have ro only access
Setup case 7:
test_share: previously created
test_group: previously created
test_user: previously created, member of the test_group
GUI Network Settings:
test_group nothing checked
users nothing checked
admin r/w
test_user ro
all others: nothing checked
GUI File Access
Folder owner (jack) r/w
Folder group (users) r/w
test_group nothing checked
users nothing checked
admin r/w
test_user ro
all others: nothing checked
Reboot NAS and Clients (Android and Windows)
result: test_user now has ro access
I had to uncheck all access settings from the group users again despite test_user is not member of that group
It is clear that something is broken and again, I am not alone in this case!
I am obviously sure (and I verified) that I am accessing with proper user id
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
