For a variety of reasons triggered by the current almost mandatory home-office model around here I’ve found myself in the need to provide some users with access to a server that is actually an OpenVPN client (and not a server) in a satellite office.
Being in a hurry, I opted for installing sshfs-win in the two laptops requiring it and managed to have the users mount the appropriate remote folders.
Now, the problem is that when users create a folder it’s group ownership is that of the user (actually the group automatically created with the username) and not that of the group the user belongs to in NS’s admin panel.
Basically, folders created by ssh access are owned by the ‘primary’ group of the users (while folders created through samba are owner by the users ‘secondary’ and ‘common’ group) and my efforts to change that have been futile…
None of this is solving the issue for me:
Nor “chmod g+s .” or “setfcals” are making the “common” group ownership inheritable.
I am unable to change the user`s primary group with “usermod” because what that changes is not what NS is using to manage groups. (BTW, I am not using LDAP.)
I realize this is not an NS fault but rather a consequence of how I am trying t achieve this, yet I need to have this working somehow.
EDIT: I forgot to mention that I need users to be able to run a batch script on the filesystem, so AFAIK they need to mount the folder as the did through samba, so I don’t think nextcloud, webdav or the like will fit that…
Any pointers on how I could solve this?
Thanks in advance.
I forgot to mention that I need users to be able to run a batch script on the filesystem, so AFAIK they need to mount the folder as the did through samba, so I don’t think nextcloud, webdav or the like will fit that…
Well, the nextcloud client app creates a “mirror image” of the folder (filesystem) locally, so a batch can and will run there. Only question is, does the batch job do things outside of that folder (like a “net use”)?
The batch script reads data from a file and then renames files in subfolders according to that data, so no actions outside of the “top folder”.
The issue with this is that when the users rename 500 MBs worth of files (which is what the script does) everything will be retransferred unless the sync system is smart enough to detect the changes as renames.
I could be an option, but maybe there is something else I can do at the filesystem level.
A long while ago I had asked if it was at all possible to have a client OVPN server act as a server for direct connections.
The answer I got, for which seems I didn`t get the notification and wasn’t aware of, was that I could look into “tunnels” to have users VPN to the master and the access the secondary server through it… But the Docs say little to nothing as to how I could achieve this.