thanks to everybody for the profound knowledge and comprehensable tipps.
The producer of the device I use, based on a Raspberry Pi, confirmed, that the shared directory is to the mounted ssd / NTFS to have Data of the installed apps is also stored here (see below - directories, nexcloud-files). Therefore, I would rather not adjust the background programming and work with what was supplied.
What I understood is, to have stuff i want to share beeing stored on the SSD as well, I need to have subdirectories in the main share. Both subdirectories shall be accessible and readable/writeable by the admin=User1 and only subdirectory2 shall be in addition accessible and readable/writeable by user2. Both Users are in the group users.
To visualize the idea a little bit: I would like to have a structure like
As correctly assumed before, I created directories share1 and share2 using mkdir with full rights. The idea was to then limit the access in the smb.conf.
I first checked on the directory permissions of .../share:
Code: Select all
drwxrwxrwx 10 User1 users 4096 Oct 3 21:07 Share2
drwxrwxrwx 8 User1 users 4096 Oct 2 22:50 Share1
drwxrwxrwx 2 User1 users 4096 Sep 23 00:15 pvc-137db242-912b-4cd4-950d-7237c7c03f43_default_photos
drwxrwxrwx 15 User1 users 4096 Sep 22 23:58 pvc-2a7a25ce-ae85-4bf7-9351-eeb041b9e69b_default_nextcloud-files
It seems everybody has full access by default.
Then, I adjusted the config as proposed by thagrol to:
(here you can also see the actual full path without encryption in root, k3s is a directory of the kubernetes system, that is utilized)
valid users=User1 User2
valid users=User1 User2
Though, using the upper setup, User2 still has NO access to any Share at all, User1 has full access and rights.
"Connection error! Reported error:
Create failed for \\192.168.178.47\Share"
From what I understood, the create mask and directory mask now limit the full access by everybody from the directory creation? Is this limitation by the config becoming active while mounting?
That completely puzzles me, since even if the restrictions from smb.conf would not apply, everybody should have full access, as well as User2, since User2 is in the users group, as extracted from the directory permissions? Where is my mistake?
I first refrained from using wide links since hortimech seemed to reject wide links.
I now try want to find tutorials - how to use "vfs_acl_xattr" and apply "setfacl" as suggested from hortimech since I have no experience and don't want to mess something up.
I will send updates once I achieve anything. If you have further input or corrections, I would be very grateful.