SOLVED Need help with share permissions

[Bjonness406]

Hello!

I am trying to set up my freenas server, but I can't figure it out.
I want to make user 1, able to access folder 1, but not folder 2.
Then I want user 2, to be able to access folder 1, and 2.

Do I do this on the volume, or on the cifs share?
The closest I hafve get is to use "Hosts Allow/Deny" on cifs share, but then I can only use pc name, or ip address, not freenas user. When I try to use my freenas username, it just say "Access denied".

 

[joeschmuck]

Have you done any research into how to setup user and group accounts? This is a FreeBSD thing, remember FreeNAS is based on FreeBSD. I'm sure you will figure it out if you put some time into it, and you will be better off understanding it all.

 

[Bjonness406]

Have you done any research into how to setup user and group accounts? This is a FreeBSD thing, remember FreeNAS is based on FreeBSD. I'm sure you will figure it out if you put some time into it, and you will be better off understanding it all.

Can you help me a little bit more?
I need to look at Users and groups, or storage?

I have read this, but it did not help me.

 

[SweetAndLow]

1.Create a group.
2. Create both users and add them to this group.
3. On the dataset you want one user to have access to make the owner the user that should have access. And permissions should be 700.
4. On the dataset that has 2 users accessing it make the owner root and the group the newly created group each user is in. Then permissions are 770.

This will give you the access you want.

 

[Bjonness406]

Ah, thanks :D
I was messing up on the permission thing with 700/770.

Show

If anyone else dont know what 770/700 permission is, this is 770 :D

Btw: What does Execute in permissions mean/do?

 

[SweetAndLow]

On directories it means you can traverse into them and on file you can execute them.

 

[Bjonness406]

On directories it means you can traverse into them and on file you can execute them.

I did not quite understand what you did mean. Can you give me an example?

If I want a user to only be able to read from a folder, what do I set execute on then for example?

 

[SweetAndLow]

I did not quite understand what you did mean. Can you give me an example?

If I want a user to only be able to read from a folder, what do I set execute on then for example?

Huh? No that is what read permissions are for. Just make directories executable and files not executable. That is a pretty safe bet.

 

[Bjonness406]

Huh? No that is what read permissions are for. Just make directories executable and files not executable. That is a pretty safe bet.

I did not quite understand it, anyway I have a problem.

Then I make a folder Only read and execute for the group "Other", they can't edit my files or create new ones. BUT if I create a new folder, they can edit those files inside of that folder (and delte/create new files), but they can't delete the folder itself.
They still can not do anything outside that folder.

The way to fix this is to go on the dataset on freenas, then "Change permissions" and choose "Set permissions recursively" and click change. Then they can't edit those files inside of that folder, but if I create a new folder, they can edit the files inside of the folders created after I changed Permissions on the Freenas GUI.

(Just ask if you did not understand me, my english is not the best ;) )

 

[SweetAndLow]

What are the permissions of the new folder that gets created? You might have to modify the umask value under the cifs service settings.

 

[Bjonness406]

What are the permissions of the new folder that gets created? You might have to modify the umask value under the cifs service settings.

This is my database setup, it is the Plex - Movies/ Tv Shows that I am strugling with.
This is my permissions on "Plex - Movies" folder

This is how it looks inside of "Plex - Movies", if I create a new folder from windows explorer, other people can delete/create files inside of that folder.

 

[SweetAndLow]

Look up cifs umask or mask settings. Post how you think that setting might affect your configuration. I'll double check it for you and make sure it works the way you think it does. Pretty sure I have posted my settings on here at some point also so you could maybe find those.

 

[Bjonness406]

Look up cifs umask or mask settings. Post how you think that setting might affect your configuration. I'll double check it for you and make sure it works the way you think it does. Pretty sure I have posted my settings on here at some point also so you could maybe find those.

I cant figure this out, the closest I have get is 0750, but that is not right.
Can you give me some hints?

My setup is as following:
Database name, permsissions, owner, group
Plex-Server, 775, bjonness406, Admin
dokumenter, 750, bjonness406, dokumenter
dokumenter - Andreas, 770 bjonness406, Admin
dokumenter - Gunnar, 750, Gunnar, Admin
dokumenter - Karin, 750, Karin, Admin
dokumenter - Oscar, 750, Oscar, Admin
Kvitteringer, 750, bjonness406, dokumenter
Plex - Tv Shows, 755, bjonness406, Admin
Plex - Movies, 755, bjonness406, Admin

This is what I want, but I also want it to happend for my subfolders I am making (from windows explorer).
(bjonness406=Andreas , Admin = bjonness406, dokumenter = all users).

Edit: For some reason only dokumenter - Andreas, works like it should now... (I have removed both mask's)

 

[SweetAndLow]

Services -> CIFS -> Directory mask = 0700

this will make it so any new directory you create will only be writeable by the user that created it.

 

[Bjonness406]

Services -> CIFS -> Directory mask = 0700

this will make it so any new directory you create will only be writeable by the user that created it.

I did end up using 0755 becuase of how I want it set up :D
Thanks man, I have learned so much from you :)

1+

For other people, very nice site for permissions