CIFS Shares & Guest Account Access

[Telephonewire]

I have finally, after way to many hours of experimentation, managed to get the shares and guest access working roughly (but not exactly) as I would like.

However, there are many questions that I simple don't know the answers and unfortunately reading the manual provides no additional clues.

Shares and guest access seems to be an area for huge amounts of misunderstanding and confusion.

If someone could help with the answers to these questions then I would be most grateful:

• I know that if you tick the 'Allow Guest Access' checkbox against a CIFS share then no password is required to access the share and users have the permissions of the 'guest account' user defined in the CIFS services. Question is how to I determine what these permissions are (e.g. read, execute, write etc) and more importantly how do I change these permissions? I have been using 'nobody' as the 'guest account' user in the CIFS services but if I look at the user accounts in the groups & users sections there are no permissions associated with users?? So I am totally confused as to how FreeNAS knows what permissions to give the guest users.
• Why doesn't FreeNAS allow you to change mode (read, write, execute of owner, group, other) of datasets if the permission type is Windows?
• If I change the permission type to Unix then then I can change the mode but I assume this is irrelevant for CIFS shares anyway.
• If the permission type is set to Unix and I change any of the mode settings (for example uncheck the read and execute checkboxes for 'Other' and save the changes then when I look at the setting again then revert back to the same as they were prior to me changing them! i.e. I can't save any changes??
• Do owner (user) and owner (group) always have 'full' permission over the dataset shares or can you choose if they have read, right, execute permissions?
• I have two shares which have owner (user) and owner (group) settings without guest access but when I looks at the shares' permissions using my Windows 7 client both shares have 'Everyone' with 'Read & execute', 'List folder contents' & 'Read' permissions set in addition to full permissions for the user and group I specified. Why is this and can remove the 'Everyone' permissions??

Many thanks.

 

[SweetAndLow]

I know that if you tick the 'Allow Guest Access' checkbox against a CIFS share then no password is required to access the share and users have the permissions of the 'guest account' user defined in the CIFS services. Question is how to I determine what these permissions are (e.g. read, execute, write etc) and more importantly how do I change these permissions? I have been using 'nobody' as the 'guest account' user in the CIFS services but if I look at the user accounts in the groups & users sections there are no permissions associated with users?? So I am totally confused as to how FreeNAS knows what permissions to give the guest users.

The way you tell is by looking at the permissions on the dataset or folder you are sharing. If the owner of the dataset or fonder is the guest user then you get those permissions, same goes for group and other.

To change the permission type for windows you use the windows GUI. Or you can use getfacl and setfacl from the cli.

You can use posix permissions with cifs shares, this is how I do it and I don't have issues other than a couple log messages about translation problems. Behavior is correct though.

You can change the owner and group permissions to be anything you want.

If you are using Windows permission ignore everything you see when looking at the mode bits. The only thing that matters is what windows GUI shows you.

 

[Telephonewire]

The way you tell is by looking at the permissions on the dataset or folder you are sharing. If the owner of the dataset or fonder is the guest user then you get those permissions, same goes for group and other.

'Then you get those permissions' - what exactly are those permissions?

'Same goes for group and other' - the dataset has an owner (user) and owner (group). The guest user can't be a group or other so don't understand what you mean here?

To change the permission type for windows you use the windows GUI. Or you can use getfacl and setfacl from the cli.

You tell me to ignore all the mode bits when using Windows permissions but then you tell to change the permissions using the GUI?? Surely the modes bits are pare of the GUI?

Exactly what GUI bit should I be using to change the Windows permissions?

You can change the owner and group permissions to be anything you want.

Yes but how?? Using the GUI?? But I don't know how...

Please can you explain very clearly and carefully??

Thanks.

 

[SweetAndLow]

'Then you get those permissions' - what exactly are those permissions?

'Same goes for group and other' - the dataset has an owner (user) and owner (group). The guest user can't be a group or other so don't understand what you mean here?

It's pretty simple but permissions are complicated. Since your guest user is 'nobody' you can look at that user and see that it has a group of 'nogroup'. This is how you get group permissions. To explain more it works like this, if the owner of the dataset is 'nobody' then when you auth using guest account cifs the permissions you get are the ones that are associated with the owner of the dataset.

Next if you are not the owner but you belong to the group that has group ownership for the dataset then you get what ever those group permissions are.

If you are not the owner and are not part of the group that owns the dataset then you get the 'other' permission.

You tell me to ignore all the mode bits when using Windows permissions but then you tell to change the permissions using the GUI?? Surely the modes bits are pare of the GUI?

Exactly what GUI bit should I be using to change the Windows permissions?

Pretty sure i said to use the windows gui. Right click and go to security tab and change them there.

Yes but how?? Using the GUI?? But I don't know how...

Please can you explain very clearly and carefully??

Thanks.

For this you can just use the freenas gui. Modify the dataset you created and make the owner and group be whatever you want.

Hope this helps.