In the DIY an OpenMediaVault Raspberry Pi NAS Box blog, we introduced SunFounder Raspberry Pi NAS Kit and some easy operating steps on OpenMediaVault interfaces. You may wonder why we should set the permission at both ACL and Privilege when we create the shared folder. In this article, we will explain the detail distrinction between the Access Control Lists(ACL) and the Privileges in Samba.

Firstly, let's check the explanation on OpenMediaVault website.

Privileges

Same as in the user section, the window here is relative to the shared folder. It will display for the selected shared folder all the openmediavault users/groups and their corresponding privileges.

As you can see from the code block in the add section privileges are expressed in the internal database in the same manner as permissions in Linux, simplified using the octal mode: read/write(7), read-only(5) and no access(0).

If a privilege is changed, it means a change in the shared folder database section. This database event will trigger a reconfiguration of SMB, FTP and AFP, it will also restart all the above daemons. A plugin using shared folder, but not the privilege information from the database entry should not get reconfigured/restarted if a change occurs just in privileges.

ACL (Access Control List)

Provides fine grained permission control besides the standard POSIX permissions. The usage of ACL is not recommended for the average home user. If a server is using an extensive list of users then ACL could suit better [1] [2].

The expanded ACL window displays three panels. Left one is a browser of the selected shared folder, so you can see the apply ACL to the current folder or a subdirectory and so on.

The left panel displays all current openmediavault users and system accounts and their current ACL of the selected folder. This panel actually reads ACL from the selected folder.

The bottom panel displays the standard POSIX permission of the selected folder or subfolders in a user friendly interface.

If you want just to reset linux permissions, just use the recursive checkbox and change options only in the bottom panel, and not selecting any ACL user/group in left panel.

The above explanations are quite specialized. To put them briefly:

Access Control Lists

Access Control Lists (called ACL) are an extended means of defining access rights to files and objects. They allow you to specify file permissions in a more fine-grained way, assigning any user or group (besides owner and file's set group) different privileges.

Privileges

The login access in Samba is configured using privileges. This means they will not act in the file system layer, they will run in the Samba authentication layer. From there the access can be controlled to be read only or read/write access and guest account access.

This is done with the PRIVILEGES button in the shared folder section, not the ACL. Privileges only gets login access and from there determines if user can read or write. If write access is enabled but files/folders have restricted permissions then write access is not possible using Samba.

※ Samba allows file and print sharing between computers running Microsoft Windows and computers running Unix.

After reading this article, have you got the differences between them? If you still feel puzzled, you can access the Forum of OpenMediaVault to check it out.

https://forum.openmediavault.org/index.php/Thread/2652-What-is-the-difference-between-Privileges-and-ACL/