I have a SOHO SMB setup with multiple shares where I need nobody/guest access to them all. This is a very small office, where random clients come in to collaborate quite often. Some shares need write access, others need to be read only. In the past I've separated them all out into multiple shares and just used the SMB read only flag on the share for read only shares with guests allowed, and just setting basic 'nix owner ACLS to inherit from user:nobody, group:shares . The downside to this is it means I have a very large list of shares under the server. I'm looking to tighten this up a bit if I can. I'm going to oversimplify the number of shares to concentrate on just one part of it as an example. I'm also going to ignore specific users, admins, etc.
Let's say I have two shares:
Media RO (ZFS dataset, Everyone, including guests, can Read from it, no one can modify, write, delete, etc)
Media RW (ZFS dataset, Everyone, including guests, can Read, Write, Modify, Delete, etc etc.)
Ideally, I would like ONE share with multiple sub folders, each with their own permissions:
Media (ZFS dataset, shared, Everyone including guests, read only base folder, no writing/deleting by anyone but an admin).
|- Media RO (ZFS dataset, shared, Everyone including guests, read only, no writing/deleting by anyone but an admin)
|- Media RW (ZFS dataset, shared, Everyone including guests,Read/Write/Delete)
Ideally, I'd love it all to be controlled from the webUI for administrative purposes, and as much as possible via the GUI and minimal console commands (Often I'm off site and need to fix permissions issues with file for people, or I need to carefully explain what to do to my boss who is not console friendly...). These shares will also be accessed from *nix and mac systems, so controlling permissions from the server's *nix ACLs seems like the best way I have to meet that need.
I've been mucking about with it, and I just can't quite seem to get the right levels set to be able to fully browse the full directory structure AND prevent all deleting of files and prevent writing in the right places.
Let's say I have two shares:
Media RO (ZFS dataset, Everyone, including guests, can Read from it, no one can modify, write, delete, etc)
Media RW (ZFS dataset, Everyone, including guests, can Read, Write, Modify, Delete, etc etc.)
Ideally, I would like ONE share with multiple sub folders, each with their own permissions:
Media (ZFS dataset, shared, Everyone including guests, read only base folder, no writing/deleting by anyone but an admin).
|- Media RO (ZFS dataset, shared, Everyone including guests, read only, no writing/deleting by anyone but an admin)
|- Media RW (ZFS dataset, shared, Everyone including guests,Read/Write/Delete)
Ideally, I'd love it all to be controlled from the webUI for administrative purposes, and as much as possible via the GUI and minimal console commands (Often I'm off site and need to fix permissions issues with file for people, or I need to carefully explain what to do to my boss who is not console friendly...). These shares will also be accessed from *nix and mac systems, so controlling permissions from the server's *nix ACLs seems like the best way I have to meet that need.
I've been mucking about with it, and I just can't quite seem to get the right levels set to be able to fully browse the full directory structure AND prevent all deleting of files and prevent writing in the right places.