Setting Permissions on CIFS shares

[magnetar]

Hi,
Is there a guide on settings permissions using acls instead of chmod for CIFS shared datasets? I'm having some permissions related issues that seem to be CIFS related and would be interested in reading any guide that covers all that ground?

Regards,
David

 

[Ericloewe]

Hi,
Is there a guide on settings permissions using acls instead of chmod for CIFS shared datasets? I'm having some permissions related issues that seem to be CIFS related and would be interested in reading any guide that covers all that ground?

Regards,
David

Basic information on CIFS shares and Windows permissions is available in the manual. A real permissions guide is "forthcoming", but don't hold your breath for it.

The short version:

Dataset permissions to Windows, assign the owner. Assign sane default permissions.
Log on to the share from a remote computer as the owner of the dataset and edit permissions using Windows' tools.

 

[magnetar]

Yes, I have all that sorted. My issue is with moving data from jails to the cifs share. I'm using group permissions to allow stuff but am getting operation not permitted with certain tasks like cp and mv even when logged in as root. I believe this is due to the windows permissions on the share...

 

[magnetar]

I see that the acls on the cifs share are nfsv4. I'm going to be looking around for info on this but would appreciate it if anyone can point me at resources that relevant to freenas. Can I ask, seeing as the setfacl command doesn't seem to be mapped to nfsv4 what commands and tools should I be using to manage them?

 

[Zyt]

Is there a way of restricting the acces to data for different users and different computers?

This is the situation I have:

I have two computers: PC1 and PC2. PC1 has two users: U1, U2. PC2 has another two users: U3 and U4. The structure is as follows:

/mnt/NAS/
Common/
U1/
U2/
U3/
U4/
U1/
U2/
U3/
U4/

What I would like to have for U1 is full control over everything in /mnt/NAS as it'll be sort of an admin account other than root so it could manage data over network. For the remaining users I would like:

- full control of /mnt/NAS/U2, /mnt/NAS/Common/U2 and /mnt/NAS/Common/
- read only for other users' folders in /mnt/NAS/Common/U1, U3 and U4
- inaccesible (and not visible) directories: /mnt/NAS/U1, U3 and U4

Same pattern follows the remaining users: full control over their folders and Common, read only for other users' folders in /mnt/NAS/Common and inaccessible and invisible other folders in /mnt/NAS. In addition, any other computer should not be able to access, see and edit data stored on the NAS server.

Right now each user on each computer can see, access and edit every data in /mnt/NAS. So far, I have created four users in NAS so I have four home directories (not visible in Freenas -> Storage -> Active volumes) and created a dataset Common with sub datasets for each user. There are five groups: U1, U2, U3, U4 and Common. Common includes every user while the rest includes the respective users only.

How do I arrange the rights, ownership and IP allowance to achieve the desired effect?