Soloam
Contributor
- Joined
- Feb 14, 2014
- Messages
- 196
I know that its recommended to use CIFS permission if we plan to have a share in SAMBA, but I still prefere the old fashion UNIX format. But it can be tricky to set the permission on a layout that will allow a "upgrade" to a user in permission, without messing up the total permissions of the folders.
So I was thinking on this layout, some opinion would be appreciated,
Lets assume this folder layout in freenas
/mnt - root - wheel (rwx r-x r-x)
/dsk0 - root - wheel (rwx r-x r-x)
/homes - root - wheel (rwx r-x r-x) - SAMBA Share (home mapping)
/user1 - user1 - user1 (rwx rwx ---)
/user2 - user2 - user2 (rwx rwx ---)
/user3 - user3 - user3 (rwx rwx ---)
/media - root - media_a (rwx r-x ---) - SAMBA Share
/photos - root - media_w (rwx rwx r-x)
/movies - root - media_w (rwx rwx r-x)
/downloads - root - downloads_a (rwx r-x ---) - SAMBA Share
/programs - root - downloads_w (rwx rwx r-x)
/movies - root - downloads_w (rwx rwx r-x)
/series - root - downloads_w (rwx rwx r-x)
So this is the ideia...
- user1 Groups: user1, media_a, media_w, downloads_a, downloads_w
- user2 Groups: user2, media_a, downloads_a
- user3 Groups: user3, media_a
So:
user1 will be able to access the media and downloads shares (the media_a and downloads_a groups) and write on both (the media_w and downloads_w groups).
user2 will be able to access the media and downloads shares (the media_a and downloads_a groups) but not write.
user3 will be able to access the media shares (the media_a) but not write.
So the ideia is that in the future if I want user2 to be able to write on the media folder, I can give him permission to media_w. If I what to allow user3 to the downloads I can give him downloads_a that will let him pass the first folder, and then all the files insides allow "others" to read, but now write.
The Samba will be configured to create files with 664 (rw-rw-r) permission and folders with 775 (rwx-rwx-r-x).
What do you think? Security and Scalability?
Thank you all
So I was thinking on this layout, some opinion would be appreciated,
Lets assume this folder layout in freenas
/mnt - root - wheel (rwx r-x r-x)
/dsk0 - root - wheel (rwx r-x r-x)
/homes - root - wheel (rwx r-x r-x) - SAMBA Share (home mapping)
/user1 - user1 - user1 (rwx rwx ---)
/user2 - user2 - user2 (rwx rwx ---)
/user3 - user3 - user3 (rwx rwx ---)
/media - root - media_a (rwx r-x ---) - SAMBA Share
/photos - root - media_w (rwx rwx r-x)
/movies - root - media_w (rwx rwx r-x)
/downloads - root - downloads_a (rwx r-x ---) - SAMBA Share
/programs - root - downloads_w (rwx rwx r-x)
/movies - root - downloads_w (rwx rwx r-x)
/series - root - downloads_w (rwx rwx r-x)
So this is the ideia...
- user1 Groups: user1, media_a, media_w, downloads_a, downloads_w
- user2 Groups: user2, media_a, downloads_a
- user3 Groups: user3, media_a
So:
user1 will be able to access the media and downloads shares (the media_a and downloads_a groups) and write on both (the media_w and downloads_w groups).
user2 will be able to access the media and downloads shares (the media_a and downloads_a groups) but not write.
user3 will be able to access the media shares (the media_a) but not write.
So the ideia is that in the future if I want user2 to be able to write on the media folder, I can give him permission to media_w. If I what to allow user3 to the downloads I can give him downloads_a that will let him pass the first folder, and then all the files insides allow "others" to read, but now write.
The Samba will be configured to create files with 664 (rw-rw-r) permission and folders with 775 (rwx-rwx-r-x).
What do you think? Security and Scalability?
Thank you all
