user can access share he should not be able to access (SMB/AFP)

**Laxity** · 10-14-2009, 11:19 PM

Hi

I have a really simple setup with a open-E DSS box (Version: 5.0.DB49000000.3278):

2 SMB/AFP shares
2 Users
1 Group (users)

I set share 1 to be only accessable by user 1 and share 2 only to be accessable by user 2.
I did this by setting the share security to "user with password" and added only the respective user at CONFIGURATION -> NAS resources -> shares-> [share_name] -> Function: Users share access (SMB/FTP/AFP).

Also I have enabled "force user and group" at each share.

Now I was pretty amazed when I saw that user 2 can access share 1 and vice versa.

Any idea what could have gone wrong here?

Thanks in advance
Philipp

**Laxity** · 10-14-2009, 11:20 PM

Oh and I did NOT enable group access to either share!

**To-M** · 10-16-2009, 08:28 PM

I just verifeid this and it works creating the same share names with the users even in the defualt group called "Users" the users where in there. When you tested did you use different systems and does the Share have the "Users with password" enabled?

Also you dont need to use the "Force" options for this.

**Laxity** · 10-16-2009, 11:23 PM

Hello Todd,

thank you for testing this!
Yes I do have "Users with password" enabled and yes I did use different systems for testing.
Also I did disable the "Force" option for testing - no luck..

The only thing I can think of is that this open-E System was previously used in a datacenter, with iSCSI failover, some SMB share and so on.
But I did a complete factory reset before I deployed it in the office..

I am quite confused..
Maybe you guys could have a look at it?
If so please PM me with what you need (username / password)

Regards
Philipp

**To-M** · 10-19-2009, 01:43 AM

Sending you an email...

**Laxity** · 10-19-2009, 09:49 PM

Originally Posted by To-M

Sending you an email...

Hi To-M
I havent received your email so far.
But I made a some further tests:

I added the user "test" and gave this user access to share 1
instantly the user also had access to share 2 (although I did not grant him permission to that share)

Then I added the user "test2" and gave this user no access rights at all
-> user "test2" is not able to access any share

I am confused..

**To-M** · 10-20-2009, 03:26 AM

Check your Forum inbox should be there- I got your message and will give you the info there.

**Laxity** · 10-23-2009, 11:15 PM

Hi,

Issue solved.
I removed all users and re-created them.. voilá

I guess some UID/GID mapping was incorrect.. but who knows..

Also big kudos to open-E Support in germany providing DSS v6 as we ran into a "1229" error while updating V5 making the DOM unusable. Updating to v6 worked and it was also possible to recover all configuration.

Thread: user can access share he should not be able to access (SMB/AFP)

Thread Tools

Display

user can access share he should not be able to access (SMB/AFP)

Posting Permissions