CIFS permissions w/Jails

[Chip Sprague]

I'm trying to implement this: https://docs.google.com/spreadsheets/d/1criI2T-QcnrCCbBzlTME-8hK5C1VFd7XckFzKgA952w/edit?usp=sharing

I want my "elite" user to be able to read/write everywhere.

I also want:

• A limited user, "grunt", to:
  • Not see some
  • Read some
  • Read/Write some
• My Plex server to be able to share out several of the sub directories.
• Apps to be able to read/write some

What I did first go round was go in and make the dataset for Elite, share for Elite and then go in and make the wide open directories read/write for "Everyone" That worked for the apps. The problem with that approach though is that I want say, "Purgatory" to be "Read/Write" by Elite and Apps but read only for Grunt.

Questions:
1. Best way to go about this?

...these may be moot if the answer to 1 is to do it FreeNAS side:
2. If I'm setting up permissions from Windows (across the network) what "user" do I set permissions up for for the app?
3. If I'm setting up permissions from Windows how do I give the users a password? E.g. If I want Grunt to be able to read /music how do I authenticate Grunt?

 

[dlavigne]

Were you able to figure this out?

 

[Chip Sprague]

Maybe almost there? I understand more but if what I understand is all there is then this is a pretty clunky situation.

I’ve learned:

1. The user/password combo only exists on the FreeNAS side. If you give the Windows side an “object” (user) that doesn’t exist on the server side it will be rejected. In other words, create “grunt” on the FreeNAS server with a password and then just tell Windows you want to give “grunt” permissions on that folder. Then the password is FreeNAS side.

2. Once you give “Everyone” full access on the windows side you can’t limit permissions for “grunt”. So, just opening any directory up to “Everyone” eliminates the possibility of limited users on a directory.

3. FreeNAS side - You have to make a user with the same UID/GID as the user from the jail. That means you have to Google around for UID/GID information on the various plugins. Then go create a user that matches those. Then go give custom permissions for that user from the Windows side. I did this successfully for one jail last night and I think I just need to repeat that process for the other jails.

I don’t understand why the plugin can’t ask for what user to run as when you’re setting them up. And/or why can’t that info be displayed in the FreeNAS GUI…. That would save a lot of random searching.

And I don’t understand why their aren’t CIFS sharing UI elements on the FreeNAS side (users/permissions, etc). All that information is being stored on the server when you set it from across the network so why require it be set from the Windows side of the equation? If it was set FreeNAS side there could be lists of users/groups that could be visible during the setup stage. As it is you’re kind of blind doing it from the Windows side. If all that was there in the UI you could even add permissions for the plugins/jails/CIFS shares all right there in the UI.

I mean, I can probably get that to work. But we're talking about having to: Set some things up in the GUI. Either SSH in to the jails or search that information down from random forum posts. Go back in to the UI and create "bogus" users with the same info as that searched out information. Go back in to Windows and add that bogus Windows info.