Sharing permissions with multiple groups?

[Pnuts]

I am in the process of configuring my first FreeNAS box and essentially I am trying to replicate functionality from the NAS I am replacing. I believe I am not able to do exactly what I want, so I figured I would ask for advice or alternatives on how to do this.

On my old NAS I have several shares setup with lots of groups. An example of this would be a Share Video, with groups "Video_RW", "Video_R". I then put the users into the respective groups to either have RW or R to various shares.

So I would give myself and my wife RW access to the Video share, any XBMC box's R access (prevent kids with remote from deleting stuff accidently). My previous NAS allowed me to assign multiple groups permissions for each share. Ex: http://i.imgur.com/wFxYyHK.png

Is anything similar possible in FreeNAS, maybe I am overlooking it? Alternatively, Is there a way I could go about doing this. My environment is a mixture of Win7, Ubuntu, Android and iOS which all access teh shares in some form or another.

 

[Whattteva]

I think your problem is rather simple actually. Looks like you really need only one group (with RW access). Rest just goes to "others" category with read-only access.

 

[Pnuts]

What exactly does the "Others" category include?

Is this any other user account I setup on the system, for example a "XBMC" user? Essentally, any authenticated user gets "Others" assigned access?

So if someone jumped on my wireless network and connected to the NAS without logging in, would they be able to access anything I grant access to others?

 

[Whattteva]

Any authenticated user will get "Others" access level.
If someone jumped on your wireless network, they may or may not get access depending on if you allowed "Guest Access" or not.

Of course, if I were you, NAS access would be the last thing I worry about if they do gain access to your wireless network. Locking down your wireless network SHOULD be your primary priority above all else.

If anyone can just jump on your wireless network as they please, you may as well just open all your ports to the entire internet.

 

[Pnuts]

Looks like "Others" will fulfill my needs, thank you for the assistance.

As for Wireless, WEP and WPA are trivial to crack even if you are MAC filtering clients. I am not going to run an auth server at home and while most homes are not worthy of being broken into, I would rather not just have files available publicly if someone did get on it.

 

[Whattteva]

I disagree there. While it is true that WEP is trivial to crack (seconds to minutes with most modern GPU's), WPA with AES is pretty tough to crack, especially if you picked a reasonably long (8+ alphanumeric) non-dictionary word password.