Multiple Groups/Users to a Dataset

[Skyfox]

I've had good responses from this group, and with luck this will be my final issue. I am having some difficulty with permissions.

I have three shares.

Private
Media
Share

two groups:
FullAccess
&
Limited

Users:
Skyfox (and a few others)
Visitor

In FullAccess I have users I would like to have full access to Private and Media

However, I would like the 'Limited' group to only have Read Access to Media and I am struggling to see how to do this as I cannot set the 'Owners' as they are already set to Full Access and Skyfox.

How do I go about this?

Any help would be greatly appreciated!

Cheers!

 

[Krutet]

Someone correct me if I'm wrong here but if you set 'other' (next to group under permissions) to 'read' then anyone who can login, like your limit group, can read the drive..

 

[Skyfox]

You seem to be bang on, thank you!

I ended up delving into the world of IRC chat as I was so desperate to an answer to this and someone suggested the same thing.

It doesn't work with 'other' set to read, it doe work with it set to read and execute.
It seemed to work then, except for one thing. The 'visitor' account can read, it cannot create, however it CAN delete files. Any idea what I could be missing here?

Incidently, when creating shares, do the options 'Inherit Owner' and 'Inherit Permission' require checking?

Thanks for the reply!

 

[Krutet]

You seem to be bang on, thank you!

I ended up delving into the world of IRC chat as I was so desperate to an answer to this and someone suggested the same thing.

It doesn't work with 'other' set to read, it doe work with it set to read and execute.
It seemed to work then, except for one thing. The 'visitor' account can read, it cannot create, however it CAN delete files. Any idea what I could be missing here?

Incidently, when creating shares, do the options 'Inherit Owner' and 'Inherit Permission' require checking?

Thanks for the reply!

Great, a bit closer to a solution!
That does sound weird.
I think, that when you change permissions on the dataset, other permissions can still be inside the folders and files in that dataset, so when you've got permission to the dataset you might be able to do whatever inside the folders further down the tree. I'm not sure though and it is a bit of a jungle and my permissions is a bit of a mess, I've gotta do something about it.

I tried that execute thingy and it's the same here, I have to check both execute and read to be able to read the dataset and I can delete files within the folders of that dataset but what i can't do is to delete folders in the root of the dataset folder if you understand what I mean. The dataset folder got it's own permissions and the folder inside the dataset got their own set of permissions which is something that the guide recommend that you change at the client side. You can check the "set permissions recursivly" (meaning permissions will be set for all the folders and files in that dataset) in the dataset but the guide advice against it because it could give you a performance lag, but maybe you can make a dataset and just play around with the settings.

And I don't think that checking does two would affect your problem.. they explain it pretty good here: http://doc.freenas.org/index.php/Windows_(CIFS)_Shares

 

[Krutet]

I found this very helpfull for a noob like me:

< Understanding file ownership >

Every file on your Linux system, including directories, is owned by a specific user and group. Therefore, file permissions are defined separately for users, groups, and others.
User: The username of the person who owns the file. By default, the user who creates the file will become its owner.
Group: The usergroup that owns the file. All users who belong into the group that owns the file will have the same access permissions to the file. This is useful if, for example, you have a project that requires a bunch of different users to be able to access certain files, while others can't. In that case, you'll add all the users into the same group, make sure the required files are owned by that group, and set the file's group permissions accordingly.
Other: A user who isn't the owner of the file and doesn't belong in the same group the file does. In other words, if you set a permission for the "other" category, it will affect everyone else by default. For this reason, people often talk about setting the "world" permission bit when they mean setting the permissions for "other."

< Understanding file permissions >

There are three types of access permissions on Linux: read, write, and execute. These permissions are defined separately for the file's owner, group and all other users.
Read permission. On a regular file, the read permission bit means the file can be opened and read. On a directory, the read permission means you can list the contents of the directory.
Write permission. On a regular file, this means you can modify the file, aka write new data to the file. In the case of a directory, the write permission means you can add, remove, and rename files in the directory. This means that if a file has the write permission bit, you are allowed to modify the file's contents, but you're allowed to rename or delete the file only if the permissions of the file's directory allow you to do so.
Execute permission. In the case of a regular file, this means you can execute the file as a program or a shell script. On a directory, the execute permission (also called the "search bit") allows you to access files in the directory and enter it, with the cd command, for example. However, note that although the execute bit lets you enter the directory, you're not allowed to list its



From: http://www.tuxfiles.org/linuxhelp/filepermissions.html

 

[Krutet]

update on recursively check box:
I just used it and it was no problem.. it took about 30 sec and it was done and I have alot of files in that dataset. It surely cleaned up my permission mess.

 

[Skyfox]

Thanks for the research. I will try this myself when I get home tonight. Sounds promising.

 

[Skyfox]

Just tried it, and it worked perfectly. Nice one, thank you!