FreeNAS Users can read each each others home directories via SMB

[ovizii]

I've created 2 users and 2 shares via the wizard. I then set these 2 directories as their home directories and now they can simply mount each others directories and read them.

I went to edit my users and have edited the users, down in the home directory mode, I have unticked all 3 boxes for "other" but every time I open the user properties again, those boxes are back.
=> http://screencast.com/t/NwcBtdouxDq

I manually checked one such home directory and it looks like this:

Code:

freenas# ls -al Ovi
total 236
drwxrwxr-x+  4 ovi   ovi       10 May 19 19:04 .
drwxr-xr-x  10 root  wheel     10 May 19 18:24 ..
-rwxrwxr-x+  1 ovi   ovi    14340 May 19 19:04 .DS_Store
-rwxrwxr-x+  1 ovi   ovi     4096 May 17 23:46 ._.DS_Store
-rwxrwxr-x+  1 ovi   ovi       80 May 19 18:18 .histfile
-rwxrwxr-x+  1 ovi   ovi        0 May 17 22:44 .windows
-rwxrwxr-x+  1 ovi   ovi    36559 May 17 23:50 .zcompdump
-rwxrwxr-x+  1 ovi   ovi      381 May 17 23:50 .zshrc
drwxrwxr-x+  3 ovi   ovi        5 May 19 19:04 Documents
drwxrwxr-x+  6 ovi   ovi       10 May 18 11:05 _temp storage

How do I correct this via the GUI or alternatively via the command line?

###edit###
NOT blaming freeNAS, I'm sure I made a booboo, actually I can remember at least one:
While fiddling with this one share I checked the box "Use as home share:" and only later did I realize that this would be a general share holding ALL home folders so I unticked the box. I guess this could be one of the reasons why this is messed up?

 

[ovizii]

Solved it myself but I'm unsure if this is the best solution:

Code:

getfacl Alex
# file: Alex
# owner: alex
# group: alex
            owner@:rwxpDdaARWcCos:fd----:allow
            group@:rwxpDdaARWcCos:fd----:allow
         everyone@:r-x---a-R-c---:fd----:allow
freenas# setfacl -x everyone@:r-x---a-R-c---:fd----:allow  Alex
freenas# getfacl Alex
# file: Alex
# owner: alex
# group: alex
            owner@:rwxpDdaARWcCos:fd----:allow
            group@:rwxpDdaARWcCos:fd----:allow

 

[SweetAndLow]

You are using ACL's so you need to modify the permissions of each share using the windows gui or by using the cli like you did.

 

[ovizii]

Thanks for confirming. I don't have Windows handy (please don't ask why I am using smb then) but as long as what I did wasn't detrimental its all good.