Need help with permission-configuration

Status
Not open for further replies.

gorgel

Cadet
Joined
Nov 13, 2012
Messages
8
Hi,

I just want to configure the user-permissions for my CIFS-share like that:

- User A (me) should be allowed to read, write and execute everything:
home-dir: /mnt/storage
home-dir-permissions: 755

- User B and C should be able to read/execute everything, but only write (for not deleting my files) own files:
home-dir: /mnt/storage
home-dir-permissions: 775

- A, B and C are in the same user-group

- Guests are allowed to read/execute everything, but forbid to write anything.


My CIFS is configured for "Local-User-authentication" (guest-connection is allowed) with file-mask 0664 and folder-mask 0775. Is this the problem? Can somebody explain how to configure my share like I need to?

Thanks in advance
gorgel


P.S.: As I see now, user B and C can delete each others files. If you could tell me, how to prevent this?
 

gorgel

Cadet
Joined
Nov 13, 2012
Messages
8
Ok, now I granted permissions like that:

- User A (allowed to -rwx anything):
home-dir: /mnt/storage (this is the share-dir)
home-dir-permission: 755

- User B ((should be) allowed to -rx anything, -w own files/folders):
home-dir: /mnt/storage/UserA
home-dir-permission: 775

- User C (should have the same permissions as User B):
home-dir: /mnt/storage/UserB
home-dir-permissions: 775

- File/Folder-Mask for CIFS-share:
files: 0664
folders: 0775


With this configuration, User A is allowed to rwx anything in /mnt/storage. User B and C are allowed to -rx anything, but only write/delete in their home-directories. It would be perfect, if they only could write in their own home-directory, but for that, I have to change permissions of their home-directories to 755, and with a configuration like this, User A wouldn't longer be allowed to write in their directories. Or does anybody of you has an idea to solve this problem without using ACL?
 

TDPsGM

Explorer
Joined
Oct 27, 2011
Messages
71
gorgel, did you figure it out? I am looking to do something very similar and I have not been able to figure it out.

Thanks
 

gorgel

Cadet
Joined
Nov 13, 2012
Messages
8
Hi TDPsGM,

yes, I used a configuration like in my 2nd post, but with a few changes. These changes can't be done with the web-gui, I needed to do the following by using the shell:
1. edit the /etc/passwd; set home-directory for users A, B, C to /mnt/storage
2. change umask of the user the way you want to grant permissions. In my case for user A "umask u=rwx,g=rx,o=rx", user B and C "umask u=rwx,g=rwx,o=rx"

Here's the same problem like before. User B and C can change/delete each others files. As far as I know, you can't solve the problem.

Best regards
gorgel
 

TDPsGM

Explorer
Joined
Oct 27, 2011
Messages
71
Thanks gorgel.

I was just wondering - as I recall any changes that we make in shell do not get saved when using the "Save configuration" button in the GUI . . . is that right?

As well, per chance do you have a link to something that shows us how to make those changes in shell?

Thanks again for the response.
 

gorgel

Cadet
Joined
Nov 13, 2012
Messages
8
I was just wondering - as I recall any changes that we make in shell do not get saved when using the "Save configuration" button in the GUI . . . is that right?
Sorry I don't understand that completely, but I try to answer :smile:. Changes you made in the shell are saved automatically. These changes should also be shown in the web-gui, for shell and the web-gui read the same system-informations. With the web-gui you can overwrite changes, you changed in the shell before and the other way around. But the web-gui has some logic in it, that prevent you to set the same home-directory for each user. Because of this, you need to do this with the help of the shell.

As well, per chance do you have a link to something that shows us how to make those changes in shell?
First you have to open the shell with the link down in the web-gui. As editor I think I took vi, because I didn't found any editor that is easier in use on the system. Here is a HowTo for using vi.
Type "vi /etc/passwd" in the shell and press enter. Every row of the /etc/passwd contains the information of a single user. The sixth field of every row contains the path to the home-directory, as you can read here.
When you're done with that, save changes and close vi (:wq).

Because you're root in the shell, you first have to become the user, which "umask" you want to change. Do this with the command "su USERNAME".
Now write "umask ..." (as seen above and as needed for your permissions) and press enter.
Last step is to write "exit" for logging off as the user you turned in and getting root again.
Repeat this for every user, which umask you want to edit.

Thanks again for the response.
You're welcome!
 

TDPsGM

Explorer
Joined
Oct 27, 2011
Messages
71
Sorry I don't understand that completely, but I try to answer :smile:. . .

I'll try rephrasing it . . . this may no longer be the case with the recent releases of FreeNAS so I am not 100% sure it applies anymore.

At one point in version 8.0.2 I seem to remember the manual "Recommended" making any configuration (which I think included Permissions) changes IN the GUI.
If memory serves me correctly, they discouraged doing changes in "SHELL" because if you tried to "Export" your configuration to a file, the "Shell" tweaks would NOT go with the file.

Subsequently, if you 're-imported' that same file immediately, you 'shell' tweaks would be lost, and you'd have to manually go in and change them again.

Does that make sense; sound familiar; or is that even the case anymore?

First you have to open the shell with the link down in the web-gui. As editor I think I took vi, because I didn't found any editor that is easier in use on the system. Here is a HowTo for using vi.
Type "vi /etc/passwd" in the shell and press enter. Every row of the /etc/passwd contains the information of a single user. The sixth field of every row contains the path to the home-directory, as you can read here.
When you're done with that, save changes and close vi (:wq).

Because you're root in the shell, you first have to become the user, which "umask" you want to change. Do this with the command "su USERNAME".
Now write "umask ..." (as seen above and as needed for your permissions) and press enter.
Last step is to write "exit" for logging off as the user you turned in and getting root again.
Repeat this for every user, which umask you want to edit.

Great! Thanks for that. I'll give it a go, first chance I get.
 

gorgel

Cadet
Joined
Nov 13, 2012
Messages
8
At one point in version 8.0.2 I seem to remember the manual "Recommended" making any configuration (which I think included Permissions) changes IN the GUI.
If memory serves me correctly, they discouraged doing changes in "SHELL" because if you tried to "Export" your configuration to a file, the "Shell" tweaks would NOT go with the file.

Subsequently, if you 're-imported' that same file immediately, you 'shell' tweaks would be lost, and you'd have to manually go in and change them again.

Does that make sense; sound familiar; or is that even the case anymore?

I think it's never good nor recommended to make manually changes deep in the OS, if theres a tool installed to manage changes like FreeNAS should do. You will never know, how this will effect the system. But FreeNAS didn't let me another chance, while you can't give two users or more the same home-directory (for whatever reason). You can decrease the possibility of errors by testing your changes. This is what I did with my posted workaround. It works as like I wrote it. Exporting these settings is something, I didn't test yet.

Before you're changing your configuration via shell, maybe you can backup your settings first, do the changes, exporting the settings again and tell us if the settings-exports are identically or not. Then we would know, if gui-export includes shell-changes.
 
Status
Not open for further replies.
Top