Should the groups you create in FreeNAS be visible to Windows when trying to set permissions?
Scenario: Dataset called "Media", FreeNAS group called "media_users". Media_users is the group owner of the dataset, Windows ACLs. Dataset shared as a CIFS share.
"media_users" shows up in the Windows permissions list for the share (as "Unix group FREENAS/media_users" or something similar), and can be removed. However, it cannot be re-added via Windows. I am unsure if this is intended behavior and me being confused, or something else. I'm likely trying to do something the wrong way....
In any case, what I'd like to do (unsure if possible, and certainly set up wrong currently on my system):
1) Control top level access to the "Media" dataset based on membership of FreeNAS users (matching Windows logons/password) in the FreeNAS "media_users" group.
2) Restrict access to certain subdirectories in the "Media" dataset to certain users, based on their FreeNAS accounts, which I can add via Windows permissions dialogs (adding FreeNAS user accounts to directory permissions via Windows works fine), and removing access to the restricted directories by the whole group by removing the "media_users" group or restricting it's permissions to those directories.
Example use case: UserA and UserB are both part of "media_users" group, and by default have full access (via group ownership of the share and/or setting the group permissions via Windows) to the data. Create a new directory (or modify an existing directory) within the Media dataset, and edit it's permissions such that all members of the group do NOT have access to it, by explicitly denying the "media_users" group traverse (I'm forgetting the windows term) access to the directory, and adding specific FreeNAS users (UserA) and setting their permissions via Windows permissions dialogs.
Is this possible (I'm rather certain is it somehow, but I'm not sure how to accomplish it, and if I can do it using Unix groups on FreeNAS in combination with setting the directory/file permissions in Windows).
Thanks!
EDIT: I think I may have screwed something up while experimenting on this yesterday - I did what this issue (http://support.freenas.org/ticket/1892) says not to, and used the GUI to set the permissions recursively on my media dataset set to Windows ACLs. It took forever, and generated ton of log traffic in the console (mainly syntax errors?), but allowed me to then set the permissions directly in Windows, which for some reason I was unable to do before this for some reason despite being the owner of the share (permission denied on all subdirectories when trying to set them). Is there some way I can check if these ACLs are now damaged? And am I really going to have to recreate the entire volume, or just the dataset? Or can I fix them?
Scenario: Dataset called "Media", FreeNAS group called "media_users". Media_users is the group owner of the dataset, Windows ACLs. Dataset shared as a CIFS share.
"media_users" shows up in the Windows permissions list for the share (as "Unix group FREENAS/media_users" or something similar), and can be removed. However, it cannot be re-added via Windows. I am unsure if this is intended behavior and me being confused, or something else. I'm likely trying to do something the wrong way....
In any case, what I'd like to do (unsure if possible, and certainly set up wrong currently on my system):
1) Control top level access to the "Media" dataset based on membership of FreeNAS users (matching Windows logons/password) in the FreeNAS "media_users" group.
2) Restrict access to certain subdirectories in the "Media" dataset to certain users, based on their FreeNAS accounts, which I can add via Windows permissions dialogs (adding FreeNAS user accounts to directory permissions via Windows works fine), and removing access to the restricted directories by the whole group by removing the "media_users" group or restricting it's permissions to those directories.
Example use case: UserA and UserB are both part of "media_users" group, and by default have full access (via group ownership of the share and/or setting the group permissions via Windows) to the data. Create a new directory (or modify an existing directory) within the Media dataset, and edit it's permissions such that all members of the group do NOT have access to it, by explicitly denying the "media_users" group traverse (I'm forgetting the windows term) access to the directory, and adding specific FreeNAS users (UserA) and setting their permissions via Windows permissions dialogs.
Is this possible (I'm rather certain is it somehow, but I'm not sure how to accomplish it, and if I can do it using Unix groups on FreeNAS in combination with setting the directory/file permissions in Windows).
Thanks!
EDIT: I think I may have screwed something up while experimenting on this yesterday - I did what this issue (http://support.freenas.org/ticket/1892) says not to, and used the GUI to set the permissions recursively on my media dataset set to Windows ACLs. It took forever, and generated ton of log traffic in the console (mainly syntax errors?), but allowed me to then set the permissions directly in Windows, which for some reason I was unable to do before this for some reason despite being the owner of the share (permission denied on all subdirectories when trying to set them). Is there some way I can check if these ACLs are now damaged? And am I really going to have to recreate the entire volume, or just the dataset? Or can I fix them?
