Restricting access rights to CIFS share used by Transmission?

[DVitoD]

G day :D

Please shoot me for being a noob, but: how do you do that?

1. Create a DataSet /torrent.
2. Transmission will write to that.
3. I want to restrict users in my LAN browsing that share.
4. If I remove the 'nobody:nogroup' in all the tuto's and set permissions to authenticated users only Transmission won't download.
5. I am sure it is some sort of syncing between the FreeNAS and the jail, but I have no clue where to start.
6. I am sure there is a thread somewhere that details it nicely, but I can't find it :(
7. I did find a workaround of disallow hosts on the jail, but the LAN has DHCP for normal users (has to be), and there are only some users I want to block. Since their IP's will change by DHCP, I think deny hosts won't work 100% rock solid :(

Thank you in advance for any reference to the solution :D

Bye,

 

[dlavigne]

Were you able to figure this out?

 

[DVitoD]

Happy new year to you and your beloved ones, 'Dru: may 2015+ bring all to you and them you want it to be :D

As a matter of fact, your reply is just emailed to me as I am messing around with jails. For the last week I had some urgent work to do on the pfSense boxes, which I finally finalized this afternoon, and I am currently messing around with the above topic (I also need to reply to some other threads where kind people responded).

On the other hand, 'Dru: you know the answer to this question from the top of your head, I wouldn't mind you giving me some leads :p

 

[DVitoD]

(Snort is blocking PC-BSD :D:p:))

 

[DVitoD]

Still hoping for a reply, Dru :p

Especially since the manual is completely silent about this stuff, as are the numerous threads and stickies. I recall there was an announcement a long time ago about 'it will come soon', but it isn't here, still not :(

I'm sure developers know all of this from the back of their minds, and it sort of surprises me nobody from the company documents this clearly. It is one of the vital components of a server.

(As you will agree, any server OS is a large system; that I know 99% of subsystem A doesn't mean I know 1% of subsystem B ).

 

[DVitoD]

Were you able to figure this out?

Yes, I just did. After 6 hours. The manual is seriously lacking, 'Dru. And all the tutorials violate every security concept there is, with nouser:nogroup/guest/777.

Now I'm off patching one of my pfSense boxes :D

 

[cyberjock]

I'd argue that the manual isn't lacking. It's deliberately silent because what you do inside the jails is totally your business. That's literally FreeBSD realm. FreeNAS really shouldn't be expected to support the whole darn FreeBDS realm. We'd never get anything done if we had to do that. ;)

What I'd recommend people with a problem like yours do is go to the freebsd forums and do some Google searching to see how FreeBSD does it. It will literally be the same thing. ;)

 

[DVitoD]

I'd argue that the manual isn't lacking. It's deliberately silent because what you do inside the jails is totally your business. That's literally FreeBSD realm. FreeNAS really shouldn't be expected to support the whole darn FreeBDS realm. We'd never get anything done if we had to do that. ;)

The manual is seriously lacking. Don't ask me: read the hundreds of threads on this forum.

What I'd recommend people with a problem like yours do is go to the freebsd forums and do some Google searching to see how FreeBSD does it. It will literally be the same thing. ;)

Right. I buy a BMW, and then BMW advises me to go ask Audi how the BMW was designed and needs to be operated.

I'm not going to bother the lads over at FreeBSD with FreeNAS-questions.

And in case you didn't notice: FreeNAS does things differently when it comes to plugins than standard jails in FreeBSD.

I will leave it at this.

 

[Rilo Ravestein]

I had this set-up in no-time and i am a newbee. So i guess you would be able to do this too ;)

First, make sure the transmission user inside the jail is a member of a group inside that jail with the same name and group id as the owner group of the dataset (so, outside the jail).
Then add this storage to your jail (mounted, of course). You do not have to have any CIFS, NFS, etc service running to add storage to the jail. So you don't need to share anything in your network to add it to the jail.

Then setup CIFS. You could for example choose to create some specific user freenas and make it owner and login to the share from the client(s) with that user. Just a thought. I just use NFS and Linux client(s), and made my own user (same name and id as the client) owner. There are several ways to do this.

But, as mentioned before. Google a bit, this is common stuff, not FreeNAS-specific.