FreeNAS 11.2 user account home directories for SOHO environment

[dpchrist]

FreeNAS -> Help & Support -> New to FreeNAS?

I have a server with a fresh install of FreeNAS 11.2 that I plan to use for my SOHO network of Linux, Windows, macOS, and/or FreeBSD clients. I have created a pool. I would like to create private SMB/CIFS shares for each of four users, plus a common SMB/CIFS share that all users can read and write.

I appears that I need to create FreeNAS user accounts for each user. The Accounts -> Users -> Add dialog shows a default Home Directory of /nonexistent. I would like to follow the FreeBSD convention -- /home/user1, /home/user2, etc..

I have noted that the directory /home does not exist on my FreeNAS 11.2 system.

ZFS allows specifying the mount point of a dataset via the mountpoint property. However, I do not see this option in the Storage -> Pools -> Add Dataset dialog (basic nor advanced).

Also, the Storage -> Pools -> Add Dataset dialog appears to require sharing. I do not want sharing.

I considered using the shell to issue 'zfs create...' and 'zfs set mountpoint...' commands [1], but that seems like the wrong approach.

What is the FreeNAS 11.2 best practice for creating user home directories in a SOHO environment?

David

[1] https://docs.oracle.com/cd/E19253-01/819-5461/gayog/index.html

 

[Chris Moore]

I have a server with a fresh install of FreeNAS 11.2 that I plan to use for my SOHO network of Linux, Windows, macOS, and/or FreeBSD clients. I have created a pool. I would like to create private SMB/CIFS shares for each of four users, plus a common SMB/CIFS share that all users can read and write.

Most of the tutorials are written for the previous version of FreeNAS. The GUI has had a makeover but the underlying intent is still the same.

Here are some guides that might help you get where you need to be:
https://thesolving.com/storage/how-to-create-a-windows-share-with-freenas/

https://thesolving.com/tag/freenas/

Uncle Fester's Basic FreeNAS Configuration Guide
https://www.familybrown.org/dokuwiki/doku.php?id=fester:intro

 

[dpchrist]

Most of the tutorials...

Thank you for responding.

How do you deal with user accounts and home directories on your FreeNAS machines?

David

 

[Chris Moore]

The default is that users don't get separate home directories on the NAS but they can, you just make them under the ZFS pool, which is mounted under /mnt and you shouldn't try to change that.

 

[KrisBee]

... I have noted that the directory /home does not exist on my FreeNAS 11.2 system.

You need to create a home dataset on your main pool

ZFS allows specifying the mount point of a dataset via the mountpoint property. However, I do not see this option in the Storage -> Pools -> Add Dataset dialog (basic nor advanced).

Answered elsewhere, but the FreeNAS design imports main pool(s) with -R option at start up, using /mnt as the ALTROOT.

Also, the Storage -> Pools -> Add Dataset dialog appears to require sharing. I do not want sharing.

Answered elsewhere, but no it doesn't. The "share type" option just sets the "aclmode" property of the dataset.

I considered using the shell to issue 'zfs create...' and 'zfs set mountpoint...' commands [1], but that seems like the wrong approach.

Mountpoints are not user configurable in FreeNAS.

What is the FreeNAS 11.2 best practice for creating user home directories in a SOHO environment?

A good question, perhaps the answer is one that simply meets your needs. Do you want your users all to be given logins on your FreeNAS box, or not? Do you want the advantage of each user's home directory being on a separate child dataset within the home dataset or not? Are you going to create a SMB share with the "use as home share" option based on your home dataset? Will clients have their own local home directories, or not? You mentioned working in a mixed OS environment, how will you deal with windows type ACLs versus POSIX ACLs?

With a small number of users to share data to, do you need to use home directories at all?

 

[dpchrist]

The "share type" option just sets the "aclmode" property of the dataset.

Thank you for the clarification.

aclmode is documented here:

https://docs.oracle.com/cd/E19120-01/open.solaris/817-2271/gbaaz/index.html

I would prefer that the FreeNAS project use canonical terminology.

I have also noted that the FreeNAS web UI does not provide access to all ZFS properties. This is disappointing.

Do you want your users all to be given logins on your FreeNAS box, or not?

I plan to create a FreeNAS group and a FreeNAS user account for each user, with names and numbers (GID/UID) to match those on my other Linux/BSD machines.

Do you want the advantage of each user's home directory being on a separate child dataset within the home dataset or not?

I plan to create a /home dataset and a /home/username dataset for each user. I do not plan to share the /home dataset. I plan to share each /home/username dataset via CIFS/SMB, with access restricted to only that user.

Are you going to create a SMB share with the "use as home share" option based on your home dataset?

I do not plan to implement the Samba [homes] share.

Will clients have their own local home directories, or not?

Users on Linux, BSD, Windows, and macOS clients should already have home directories on those clients. I am unsure about iOS and Android.

You mentioned working in a mixed OS environment, how will you deal with windows type ACLs versus POSIX ACLs?

My current Debian 9 Samba file and SSH/CVS server has one private shared directory per user and a common 'groupshare' share that all users can read/write. Thus far, I have not needed ACL's.

With a small number of users to share data to, do you need to use home directories at all?

1. I like to have user home directories on multiuser systems.

2. I have some specific use-cases -- accessing a CVS repository over SSH (I would like to migrate this to a jail or VM as I learn more about FreeNAS), long-running file copying operations to/from removable devices (USB), and long-running network downloads.

3. Flexibility for future needs.

David

 

[KrisBee]

@dpchrist There doesn't seem to be anything in your last reply which necessitates the use of /home dirs except your own preferences. I'm curious as to why you have chosen FreeNAS over your current Debian server.

You didn't distinguish between creating user accounts on FreeNAS with or without FreeNAS login ability. So when is a private share really private? A non-root user who can login to FreeNAS via ssh can list all samba shares be simply executing testparm -s. In FreeNAS, creating a user account automatically creates a matching samba password, as listed by pdbedit -Lwv. If the same user can su to root on linux box they can mount any share using their own SMB credentials on the FreeNAS box.

 

[dpchrist]

There doesn't seem to be anything in your last reply which necessitates the use of /home dirs except your own preferences.

You are correct -- I needed to get past some confusion:

https://forums.freenas.org/index.ph...t-with-desired-mount-point.72419/#post-501789

I'm curious as to why you have chosen FreeNAS over your current Debian server.

I want a stable Unix-like platform with robust ZFS support. I ran ZFS on Linux (ZOL) several years ago when it was a download from LLNL. The parts were there, but I had to integrate them into Debian (and recompile after kernel and initramfs updates). My init/ shutdown scripts were brittle and maintenance was a hassle, so I just went back to ext4. Not too long ago, Debian added official ZOL "contrib" packages. ZFS worked and was properly integrated into Debian, but I broke ZFS when I forced a kernel upgrade that Apt had held back (D'Oh!).

I've used various BSD's over the years, and their ZFS support has always been solid. So, I'm trying a BSD again to see if I can live with it.

You didn't distinguish between creating user accounts on FreeNAS with or without FreeNAS login ability.

If you mean users log into FreeNAS via SSH and reach a shell in their home directory, in my confusion I wanted that. But, given my realization that FreeNAS is not intended to provide general-purpose user SSH shell access, it seems I need to research jails/ bhyve/ containers/ whatever, install FreeBSD into that, and provide user SSH shell access into that (?).

So when is a private share really private?

When all copies of the data have been destroyed.

A non-root user who can login to FreeNAS via ssh can list all samba shares be simply executing testparm -s. In FreeNAS, creating a user account automatically creates a matching samba password, as listed bypdbedit -Lwv. If the same user can su to root on linux box they can mount any share using their own SMB credentials on the FreeNAS box.

Yes.

David

 

[KrisBee]

I have used debian 9 with zfs for a basic home file server myself, managing not to break anything. Apart from the obvious lack of a simple implementation of zfs on root, and boot environments, I was uneasy about having to rely on backports to keep up with changes in ZoL. The OS on ext4 and data on zfs has its pros and cons. But you can use docker and/or kvm/qemu as you see fit. Ubuntu may be a better choice for zfs, particularly if you are a heavy lxd/lxc user. As always, its courses for horses.

Using FreeNAS takes a bit of re-orientation, I’m sure you will soon workout what can/needs to be done in a FreeNAS shell without breaking things. I'll leave you to explore jails/ bhyve etc.