Permissions issue - other users cannot write but can delete

[ChewAhSoon]

Hi All,

Setting up shares on SMB, I am having a problem with a user (B_user) being denied write permissions to a dataset (A_dataset) and yet able to delete the files created by other users (A_user). The said B_user is unable to write anything as expected though. Is this behavior expected?

Explaining my dataset structure and permissions as below:

A_dataset is created and should be access by only A_user.
B_dataset is created to be access by both A_user and B_user.

In the permissions set from the ACL of A_dataset and B_dataset, we have:
A_user Read | Write | Execute
home Read | Write | Execute
other Read | Execute

B_user Read | Write | Execute
home Read | Write | Execute
other Read | Execute

In the credentials settings,
A_user is part of groups A_user and home
B_user is part of group B_user only
(doesn't really matter as I have also tried not using home group at all)

 

[ChewAhSoon]

Not sure if it's recommended, but after going through and understanding share ACLs more, I see that by default "everyone@" is given "FULL CONTROL"

I have done the following:

A_dataset_share (2 ACL entries)

1. Who - group (home), permission - READ, type - ALLOWED
2. Who - User (A_user), permission - FULL, type - ALLOWED

B_dataset_share

1. Who - group (home), permission - FULL, type - ALLOWED

Add both A_user and B_user to "home" group

Works now.

 

[PhilD13]

While on a home setup it does not usually matter much. Generally (not an expert and there are books on the subject) in simple terms you would create user groups with the permissions you want the group to have for a dataset. Users are then added to the desired groups and would have permissions for the groups they are added to. Removing a user from a group would remove those group permissions from the user but not affect the permissions for any other groups they are in. Adding the user to a different group would give the user permissions associated with that different group. So if User1 needs access to group1 only, then User1 is added to groupA. If User2 needs access to groupA and groupB then Add user2 to both groupA and groupB. If User2 can only have read access to groupA, but needs read/write to groupB then make another group called groupA_ro (for read only access to groupA). If User2 changes departments from 2 to 3 and needs access to groupC, then User2 can be moved out of groupB and into groupC reflecting the change in departments. This way as employees move around or need access to a department group it will be a simple matter of adding or removing them from a group or group level. If you try to manage every employees permissions, it can quickly become unmanagable and can result in giving unindended permissions to an employee. The same can work at home. mom, Kids, Dad, kid1, kid 2, etc. Financials dataset = dad, mom only, Kids dataset = all kids, mom, dad; kid 1 dataset = kid1 ,mom, dad; kid2 dataset = kid2, mom, dad