Native smb (not Nextcloud) plus External (Local) storage - allow access to www-data group, restrict for native linux auth smb?

Nextcloud version: 12.0.0
Operating system and version: Ubuntu 16.04
Apache or nginx version: Apache 2.4.25
PHP version: 7.0

Hi guys. Just a quick query here, it will take a little to explain however:

We’re looking to setup native smb shares for our users at the company. They mostly use macOS for work and would like to use the native ‘Connect to Server’ finder function to use a samba share. Fine, this isn’t a problem, authenticating with Ubuntu under a username and setting file permissions on folders is pretty easy to setup.

The problem we have is when we introduce Nextcloud, for the small amount of people that are wanting to access files on their phones. Apache and therefore Nextcloud require that group www-data ownership is set on the share, which is where we run into the issue.

If a user creates a folder in the share under their native samba, the permissions www-data are not set, therefore when a user tries to add/edit/modify that folder in Nextcloud it says that they don’t have the permissions to do that.

What we can do is add all users to the www-data group, however, this solution is far from perfect as if we want lower-level employees to have access natively to only a few folders, when they connect natively they have access to everything www-data has access to. (If this makes sense)

The problem isn’t really a problem as it is more of the way each system works, has anyone tried to setup their server similar to this? Realised it isn’t a good idea and gone another route? Is it worth us trying a completely different method?

I have looked into setting up ACLs, but for the life of me - getting my head round it is proving difficult and I don’t really know if this is the solution.

Any thoughts/tips/recommendations would be a godsend!

Many thanks
Chris

You’ll need to use the external storage plugin with Nextcloud, where you can mount shares like Samba with their own Auth account (defined in the mount settings) into Nextcloud as a.n.other folder.

Sharing the Nextcloud data folder for direct access isn’t supported and can lead to data loss. External storage however will work fine for this.

Hi Jason,

Thanks for your reply. This is what we have been doing, using the Local type. However this r/w as www-data. The SMB shares appear not to work when attempting to connect them via nextcloud.

I can authenticate on macOS, Windows and Linux native but never with Nextcloud’s adapter of the SMB protocol

Have you tried setting ‘force user’ and ‘force group’ on the shares in question?

https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#FORCEUSER

www-data shouldn’t be set for external shares, ideally you’ll mount the folder as a user with r/w permissions to the files all users upload.

What errors do you see trying to connect samba? Logs should help here.