Guidance/best practice on app storage and SMB sharing

[Whiskey]

I have successfully installed Scale on my brand new (second hand) server and I'm now playing around with the applications. I understand the concept of creating data sets and folders for the applications and providing access to the apps, but I can't find any pointers on how to set things up (properly) so that I can also access that storage via SMB.
For example, is it better to use the Share Type Generic or SMB. What users and groups are usually configured (a separate user for each app and part of the apps group or just use the apps user, and then separate Windows users with SMB authentication enabled also part of the group etc.) Do I need to read up on ACL? (was hoping to avoid that...)
I'll probably will be able to get things working one way or another, but I like to take some guidance and avoid potential problems, so all advise is much appreciated. Thanks!

 

[indivision]

This all depends on your needs. But it sounds like you are looking for "common use".

In that case, I would suggest using SMB. No need to use ACL. You can manage Unix-like permissions.

Regarding users and groups it really depends on how secure you want to be and how granular you want your security to be. In other words, are you ok with simplifying it all and just having one user that can access all data? Or, do you have levels of security where you dont want a security event to impact some other area of data?

 

[mervincm]

I initially tried ACLs and docker apps, never could troubleshoot my permission sand performance issues. I moved to simple linux permissions and chart apps, and its been very straight forward since. I only use SMB, even for backup between my NAS devices.

 

[Whiskey]

Thanks both. So SMB datasets is the way to go for me. I'm not too fussed about security yet, it is a home server with maybe some family members accessing the data, but mostly just me.
I'll keep it simple and setup a dataset for app storage and a data set for media, respectively owned by the apps group and media group. And then give the apps users and media users access to both by setting the secondary groups.

 

[djronh1]

I initially tried ACLs and docker apps, never could troubleshoot my permission sand performance issues. I moved to simple linux permissions and chart apps, and its been very straight forward since. I only use SMB, even for backup between my NAS devices.

Hi Mervincm.

I've switched my apps source over to charts. Can you share how to for "moved to simple linux permissions"?

TIA

 

[mervincm]

Things have changed in recent versions bluefin so maybe someone else can comment on how to apply them. But once they are applied they work fairly simple. Everyone that has access to a file/folder needs to be one of three things. Either the owner, a member of the owner group, or other. The chown command is useful for changing the ownership. You assign permissions to each of those three separately, using the chmod command. There are only a few permissions that are possible Write,Read, and eXecute. Google will tell you more details on what they mean and the numerical scheme to apply them. The owner is always going to be the last person to modify the file, or who you manually set w chown. The owner group is what you use to grant entitled permissions with. If you want to assign some ID lesser permissions like read only, you can grant that to all ids via granting that to other w chmod. Basically membership in the owner group is the important step.
Others with more experience and expertise that me can correct or present some best practices, but this works for me.

 

[Daisuke]

I like to take some guidance and avoid potential problems

See this thread.