SOLVED Further Admin/root users?

[dyjan]

Hi guys,

I am just new to FreeNAS.
So what is this thread about?
We're going to setup FreeNAS for our shared flat - a big one - and now I want to give some more users than root the right to access the webinterface and change the settings.

I begin to believe that this is not possible after a bunch of google and forum research. That would drive me crazy :-(

If it is possible although, is this possible with a granular right management then?
I mean something like user A has the right to change the ZFS volume settings - and may only see this point.
And another one to change the users.

Cheers,
Florian

 

[Knowltey]

What you are looking for is currently not possible with the FreeNAS system. This would be more in place int he Feature Requests forum rather than the New to FreeNAS forum. In fact there is actually a currently ongoing topic over there that is rouching on the granular rights management as a suggestion: http://forums.freenas.org/index.php?threads/plugin-shell-access-and-firewall-security.22667/

Although I don't believe this is the direction that FreeNAS will be heading in to be quite honest.

 

[DrKK]

Yeah, this won't be possible for any number of reasons.

If a person has access to the ZFS volume settings, then he is root. That is the philosophy.

 

[cyberjock]

No, there really isn't any granularity. To be honest, with the way FreeNAS is designed, you can't really break it down in a way that makes any kind of sense.

Why? Because there's so many ways to kill internet connections, kill ZFS pools, kill ZFS' performance, that unless you plan to have 10000 security settings for all of the aspects of ZFS, networking, and all of the other categories (literally, probably about 10000) then it's just not feasible. FreeNAS is an appliance and either you trust your admin to do what's right or you don't. There is no 'in between'. Admins should also be mature and smart enough to realize that either they know what they are doing or they don't know what they are doing and should therefore not touch what they don't understand.

 

[dyjan]

Ok, thx a lot!
-Solved-

 

[L]

ZFS itself has the ability to do setup access management. zfs allow doesn't look implemented in freenas. You may want to look at one of the zfs management utilities that enables that feature. I haven't looked at the code but it might be a solaris only feature.

 

[L]

I spoke too soon, I do see zfs allow grabbed this from freebsd zfs man page

zfs allow [-ldug] "everyone"|user|group[,...] perm|@setname[,...]
filesystem|volume

zfs allow [-ld] -e perm|@setname[,...] filesystem|volume

zfs allow -c perm|@setname[,...] filesystem|volume

zfs allow -s @setname perm|@setname[,...] filesystem|volume

But again, not sure if this will function with freenas gui.

 

[cyberjock]

That has nothing to do with the WebGUI at all.

 

[Knowltey]

That has nothing to do with the WebGUI at all.

Well yeah it currently doesn't, the user is making a suggestion to make it have to do with the WebGUI.