The users are mostly (90%+) a household with Windows 8.1/10 desktops/laptops, and one Mac user. The majority of heavy use will be the Windows users. There is no domain or name server, sharing is via IPv4 IPs/NetBIOS/SMB. Authentication is currently very weak, basically the old server had the store shared once as read-only and once as read-write and people used the same login name/password and mapped the share they used most. Dreadfully poor and needs fixing :) I also need to set up FTP but that's another battle.
With so many choices, including users/groups/permissions setup and deciding the appropriate sharing service, and making sure that "previous versions" works in Windows, it's hard to know where to begin.
The setup is slightly complicated since the data pool contains some directories which should generally be read-only for "ordinary" users but I often need to step into their Windows session and switch to accessing with full control before handing the session back. This is easy in *nix but I'm not sure how to make it happen across the LAN.
The actual users and shares seem pretty easy:
User groups
User accounts
Top level directories in file store
Help setting this up would be appreciated as I can't yet figure out the basic scheme/setup.
With so many choices, including users/groups/permissions setup and deciding the appropriate sharing service, and making sure that "previous versions" works in Windows, it's hard to know where to begin.
The setup is slightly complicated since the data pool contains some directories which should generally be read-only for "ordinary" users but I often need to step into their Windows session and switch to accessing with full control before handing the session back. This is easy in *nix but I'm not sure how to make it happen across the LAN.
The actual users and shares seem pretty easy:
User groups
- admins (r/w to all)
- users (read only to all, r/w to their home directory, r/w but NOT overwrite to the /backups directory)
- tempstorageuser (write only but NOT read or overwrite to a general /tempstorage directory)
- users (read only to all, r/w to their home directory, r/w but NOT overwrite to the /backups directory)
- tempstorageuser (write only but NOT read or overwrite to a general /tempstorage directory)
User accounts
- Individually created, the client PC/laptop login names/passwords probably don't match the NAS user accounts but there's probably a 1-to-1 correspondence if that helps.
- Not sure how I want to authenticate users (see above) because I need to be able to step in and out as "admin" on their sessions with the file shares handled as mapped drives on Windows, and it needs to work for the Mac user as well, so I'm not sure what authentication is best.
- Not sure how I want to authenticate users (see above) because I need to be able to step in and out as "admin" on their sessions with the file shares handled as mapped drives on Windows, and it needs to work for the Mac user as well, so I'm not sure what authentication is best.
Top level directories in file store
- /safe (read-only to all, modifiable only via console)
- /entertainment (videos, music and PDFs) read-only to "ordinary" users and read-write to "admin" users
- /home/[username] (user homes) read-only to all users
- /data (software, saved documents etc)
- /entertainment (videos, music and PDFs) read-only to "ordinary" users and read-write to "admin" users
- /home/[username] (user homes) read-only to all users
- /data (software, saved documents etc)
Help setting this up would be appreciated as I can't yet figure out the basic scheme/setup.
