How to set simple user permissions?

[meshsmith]

Hi there

I've installed FreeNAS 8.01 on a HP Microserver (using a live USB) and everything seems to be working fine.

I've made a single volume (named "storage") out of 5 x 2TB hard drives, using RAID-Z.
On that volume I'll make a number of folders (Music, Movies, Series, Books, etc.)

However, I want to set up a simple user scheme whereby some users can only read the folders, and others can both read and write.

All the users would be accessing the same folders (Music, Movies etc.) but only able to read/write depending on the permissions assigned to them.

I've tried various methods using groups/shares/datasets but to no avail.

Anyone have any help to offer?

Thanks,
M

 

[ProtoSD]

Take a look in the HowTo section of the forums, I wrote a piece on permissions that you might find helpful.

 

[meshsmith]

Thanks for the reply protosd

I took a look at your article, and others like it, but I still can't figure this thing out.

I have no problem creating datasets and folders that can be accessed only by certain users (using the "owner" and "group" permission settings of a volume, or via command line). What I can't figure out is how to let all users access the same folders, but letting only certain users have full read/write permissions. The examples I've seen all revolve around making home and private folders, or common read/write folders. But I haven't come across a scenario where one common folder is accessed by both read users and write users.

In my case, I need Users A and B to have full r/w/x access to the "mnt/storage" volume, and Users C, D and E to have only r/x access.

Any advice?

Thanks again.

 

[kakureru]

I ditto meshsmith's issue.

Im trying to move away from a terrible nas thing that was as reliable as the state lottery.
BUT the setup of users groups and shares was a pinch which is why I took the gamble in the first place.

now I simply can not figure it out even with the "piece"
I pretty much want to do what meshsmith wants to do. (without any command line)
since this pretty much will determine if I move forward using this nas software.

 

[ProtoSD]

Well with Unix/Linux there are always many ways to accomplish the same task, some better than others.

@Meshsmith, what you want to do is quite common/simple, but probably a little difficult to understand.

Simply create a group, any group, make users A & B members of that group.
Now create another group, make users C, D, and E members of THAT group.

You can do both from the GUI.

Now from the command line, 'chown -R firstgroup-name /mnt/storage'
Then 'chmod -R 750 /mnt/storage'
Now 'chgrp -R second-group-name /mnt/storage'

That's it!

@kakureru - Sorry, you're gonna have to deal with the command line, if you can't do those simple tasks, maybe NAS is not right for you. Give it a try, what do you have to lose?

Anyone else? Did I miss anything?

 

[meshsmith]

Thanks protosd - that made things a lot clearer.

In the end, I managed to figure it out using the GUI alone, and it's working like a charm! Here's what I did:

I wanted two shared folders - a Private share that only I can access (for network backups, etc.) and a Media share that a visitor can read, but only I can write to (for movies, music etc.)



So I set up a single 8TB RAID-Z volume called "storage".

I made two datasets - "Media" and "Private".

So I have:
mnt/storage
mnt/storage/Media
mnt/storage/Private

Then I made a single group called "NASusers"...

...and two user accounts: "Me" and "Visitor". I give the "Me" user a private password, and gave the "Visitor" user a guest password that I don't mind giving out.

I assign both of these users to the "NASusers" group. (In the GUI -> Groups -> View All Groups -> Members).
I also assign the "Me" user to the "wheel" group, to ensure that I have full read/write access throughout the system.

I then set sharing permissions for the datasets (the little volume and key icon in the View All Volumes tab):

* For the Media dataset, I set the Owner to "Me" and the Group to "NASusers".
I set Owner to have read/write/access permission (all three checkboxes), while the Group has read/--/access permissions set (1st and 3rd checkboxes).
This ensures that the Me user has full access to the folder, and everyone else who is a member of the "NASuser" group has only read access (i.e. the Visitor user).

* For the Private dataset, I set the Owner to "Me" and the Group to "NASusers".
I set Owner to have all three r/w/x permissions, and the Group to have none.
This ensure that only I can access my Private folder.

I make two Samba/CIFS shares, (Sharing -> CIFS -> Add), calling them "Private" and "Media" to match the folder/dataset names.
I make the Path of each share point to it's relevant folder (so the Media share points to mnt/storage/Media).

Now, using either a Mac or a PC I can connect to the share (smb://servername on a Mac, or \\servername in Windows), and depending on whether I'm signed in as "Me" or as the "Visitor" I can either write files to Media (Me) or only read/copy them (Visitor). And Visitor cannot access Private at all.

Whew!