FreeNAS 9.2 CIFS and shares ...for the millionth time

Status
Not open for further replies.

kjertil

Dabbler
Joined
Mar 16, 2012
Messages
19
Hi, after struggeling with setting up CIFS on FreeNAS, i think i finally found a solution that will work for me. In my scenario, i need users 1,2,3,4 and 5 to have their own personal network folders a,b,c,d, and e accessible, readable and writable only by each user alone.

First my configuration looked like this:
BIGDISK
-FOLDER a USER 1:1 drwxr-xr-x
-FOLDER b USER 2:2 drwxr-xr-x
-FOLDER c USER 3:3 drwxr-xr-x
-FOLDER d USER 4:4 drwxr-xr-x
-FOLDER e USER 5:5 drwxr-xr-x
Then i made a share for each of those folders.
...but then all users could see eachothers files, allthogh they didn't have write rights but i didn't want that!

So, i thought the solution was to set the folders rights to drwx------, which would mean exclusive access, read and write rights for each user to their own share.
How ever, i have a apache webserver set up in a jail that needed access to all folders a,b,c,d and e to serv these publicly and because apache need to be grant access with drwx---r-x, i couldn't find a way to keep each user to not beeing able to read other users folders!

Solution:
In each of the shares, i go edit, click advanced mode and add the following to "Auxiliary Parameters":
valid users = user
...where 'user' is the corresponding username who shall have exclusive access to this share!


Side note:
Because it seems strongly discouraged to modify the smb.conf file manually, this was the only "easy" solution i could find that seem to work. I guess the inbuilt zfsacl is supposed to do this thing of controlling access but i'm too much of a noob to understand it.

Any thoughts?
 

ser_rhaegar

Patron
Joined
Feb 2, 2014
Messages
358
Setup a group per share and add both the user and the apache account to the group. Then give the group rights to the share.
 

kjertil

Dabbler
Joined
Mar 16, 2012
Messages
19
Thanks for the input, ser_rhaegar!
I would like to add some useful information for other noobs like myself desperatly searching for information on the subject:

- on your windows box, as already mentioned on the forum, you should try using the command line tools first to double check things. It will save you tons of time! You can use the command net use to both connect and disconnect to a share. Example: net use * \\yourserver\yourshare See this on how to disconnect and clean up: http://forums.freenas.org/threads/f...up-example-for-dummies.8894/page-2#post-78342

- if you want to test your server before putting it in a production enviroment, you should try using very useful smbclient command (via SSH or the GUI shell) to test the samba server locally. Example: smbclient '\\yourserver\yourshare' -Uyourusername

- avoid trying to debug your shares with windows explorer, it's quirky and maybe even designed wrong: http://social.technet.microsoft.com...system-error-1219-?forum=itprovistanetworking
 
Status
Not open for further replies.
Top