NethServer Version: NS7 RC3
Module: Fileserver

I am a bit struggling with accessing samba shares on my NS7 RC3 server.
I created the share, set an owning group and allowed it write access.

On the ACL tab I added that group and set read and write permission.
But when I try to add the share to Nautilus, I can not add the share.

Now I add the user on the ACL tab and i CAN add the share.

The user is member of the group that has sufficient permissions. Did I hit a (known?) bug?
I can work around it by adding the useraccounts in the ACL list, but when there are many users, this is not a nice way to handle access to shares.

Hi Rob,

same problem here. I can do what i want. Access to a share is not possible via group.

Regards and good luck in the coming new year.

Uwe

I think it relates to this bug:

This looks like the same problem yes. I created 5 shares and all 5 had this problem. As soon I added a useraccount to the ACL tab, that user could access the share. With only adding the group where the user is member of, the user can not access the share.

Hello community!

Is there already new knowledge, or even a solution approach?

greetings

This is already in our todo list ( https://github.com/NethServer/dev/projects/2 )
Please be patient, most of us are away for Christmas holidays

I hope this gets solved rather quickly. I was about to set a server out with NS7 installed, but after some more testing on the filesharing module, I came to the conclusion I couldn’t use it as it is now. Only the OWNER of the files can access the files in the share. So if you need multiple users to access files on a share as I have, current situation is a no go.

Maybe I have to install NS6.8 instead for the time being…

You can still give access by using ACL at filesystem level using setfacl command.

Ok, but that is on ‘local’ groups right? Are local users created through pam when I create samba4 accounts? Or can I add Samba4 accounts to local groups?

You can consider all groups as local thanks to SSSD.
I’m trying to reproduce the problem.

Could you please provide the output of these commands (of course replace share1 with the name of your share)?

db accounts show share1
ll -d /var/lib/nethserver/ibay/share1/
getfacl /var/lib/nethserver/ibay/share1/

Edit:
I also opened the issue ( Shared Folder ACL applied to a group sometimes not respected · Issue #5186 · NethServer/dev · GitHub ), if you have time, please try the proposed patch

output for db accounts show renm:

db accounts show renm
renm=ibay
    AclRead=renm@interlin.lan,rob@interlin.lan,monique@interlin.lan
    AclWrite=renm@interlin.lan,rob@interlin.lan,monique@interlin.lan
    Description=
    GroupAccess=rw
    OtherAccess=
    OwningGroup=renm@interlin.lan
    SmbAuditStatus=enabled
    SmbGuestAccessType=none
    SmbRecycleBinStatus=enabled
    SmbRecycleBinVersionsStatus=disabled
    SmbShareBrowseable=enabled

ll -d /var/lib/nethserver/ibay/renm/
drwxrws—+ 1 administrator@interlin.lan renm@interlin.lan 268 Dec 31 06:12 /var/lib/nethserver/ibay/renm/

getfacl /var/lib/nethserver/ibay/renm/
getfacl: Removing leading ‘/’ from absolute path names

file: var/lib/nethserver/ibay/renm/

owner: administrator@interlin.lan

group: renm@interlin.lan

flags: -s-

user::rwx
user:rob@interlin.lan:rwx
user:monique@interlin.lan:rwx
group::rwx
group:renm@interlin.lan:rwx
mask::rwx
other::—
default:user::rwx
default:user:rob@interlin.lan:rwx
default:user:monique@interlin.lan:rwx
default:group::rwx
default:group:renm@interlin.lan:rwx
default:mask::rwx
default:other::—

If you give write access to the renm group, all users inside the group can write to the directory.
You don’t have to set the ACL.

Use the ACL only if really really necessary (and most of the times ACL can be avoided with a good group/users organization).