Struggling with Permissions

Status
Not open for further replies.
A

Andy66

Cadet
Joined
Aug 27, 2013
Messages
6
I have been struggling for days and am hoping someone can help me understand permissions. This tool looks too easy to be this frustrated.

-I've created a Volume (Media)
-I created a dataset (Photos)
-I created several sub-datasets (2001, 2002, 2003...2013)
-I created CIFS shares for each of the sub-datasets.

I would like to grant:
-User1 read and write permissions to 2001-2013
-User2 read only to 2001-2013
-User3 read only to 2001-2006

When I change permissions at the dataset level the User-Owner and User Group keep changing back to root and wheel. Plus, it looks like all users would have ot have the same rights.

When I try to change permissions at the CIFS level, it also looks like all users have to have the same rights.

Can anyone help before I give up on FreeNAS all together? Thanks.
 
Whattteva

Whattteva

Wizard
Joined
Mar 5, 2013
Messages
1,824
I'm pretty sure the reason why it keeps changing back to root and wheel is probably because you're only changing the mode, but not the actual user and group fields on the web admin GUI (your data sets get created with root and wheel by default). You need to make sure you hit the drop-down menu and change the user/group owner fields also.

You'll want to probably do the following:
1) 2001-2006 read and execute permission for all (Owner/Group/Other).
2) 2007-2013 read and execute permission for Owner and Group.
3) Do NOT give read and execute permission to Other to 2007 to 2013.
3) Set Owner and Group of 2001 - 2013 to User1 and User2 respectively.
4) Set Owner permission for 2001-2013 for all (Read/Write/Execute).
 
A

Andy66

Cadet
Joined
Aug 27, 2013
Messages
6
Whattteva said:
I'm pretty sure the reason why it keeps changing back to root and wheel is probably because you're only changing the mode, but not the actual user and group fields on the web admin GUI (your data sets get created with root and wheel by default). You need to make sure you hit the drop-down menu and change the user/group owner fields also.

You'll want to probably do the following:
1) 2001-2006 read and execute permission for all (Owner/Group/Other).
2) 2007-2013 read and execute permission for Owner and Group.
3) Do NOT give read and execute permission to Other to 2007 to 2013.
3) Set Owner and Group of 2001 - 2013 to User1 and User2 respectively.
4) Set Owner permission for 2001-2013 for all (Read/Write/Execute).
Click to expand...

Thanks for getting back with me. I am logged into the admin GUI as admin. I am selecting the drop downs to select user and group. I hit save and it looks like it works, but I go back in and they are root and wheel again. Should I be leaving the mode as Unix? I can't change read/write/execute permissions when "windows" is selected. I will be accessing from windows machines.
 
Whattteva

Whattteva

Wizard
Joined
Mar 5, 2013
Messages
1,824
The reason why they keep going back is most likely because you have Windows selected as your ACL and it expects you to control the permissions from the windows machines.
I'm only familiar with the Unix model. Someone else with more knowledge on the Windows ACL may have to help you on this.
 
F

freshfeesh

Explorer
Joined
Oct 10, 2011
Messages
72
I was just having a similar issue stemming from creating and deleting users and groups while trying to get logins from Windows to authenticate as local Freenas users - I ended up with volumes with [user] and 'wheel', or 'root' and 'wheel', that I could appear to successfully change in the volume permissions dialog, but which would always revert, and no access at all from Windows. I had ACL set to Windows. The first step in the solution was to check the "apply permissions recursively" box when I was selecting the user and group that you wanted. This resulted in owner and group assignments that stuck how I wanted them. Unfortunately, the permissions that were always and still grayed out got demoted to read/execute, execute, and nothing for the owner, group, and other permissions, respectively, and still no access from the Windows clients. Finally, as Whattteva suggested, I selected Unix ACL for the volume, which activated the permissions check boxes. I checked all of them and applied that change recursively. The recursive changes take a while to run if you have a lot of files, but after those changes I have the ownership that I want and good access from clients. I was trying to open up access to everyone, rather than restrict it as you are, but I think this solution could still apply.

Note that this makes permanent changes to the Access Control Lists of the files on the volume - it rewrites them to match what's in the volume permissions dialog box in Freenas. When you access the files from Windows, right click, select properties, then the security tab, what you will see is a set of entries that now correspond to the freenas settings just recursively applied. If you weren't using fine grained access control of these files (i.e. the Windows superset of Unix permissions), this won't matter to you. It didn't to me, and now my access is working the way it needs to.
 
panz

panz

Guru
Joined
May 24, 2013
Messages
556
Andy66 said:
I have been struggling for days and am hoping someone can help me understand permissions. This tool looks too easy to be this frustrated.

-I've created a Volume (Media)
-I created a dataset (Photos)
-I created several sub-datasets (2001, 2002, 2003...2013)
-I created CIFS shares for each of the sub-datasets.

I would like to grant:
-User1 read and write permissions to 2001-2013
-User2 read only to 2001-2013
-User3 read only to 2001-2006

When I change permissions at the dataset level the User-Owner and User Group keep changing back to root and wheel. Plus, it looks like all users would have ot have the same rights.

When I try to change permissions at the CIFS level, it also looks like all users have to have the same rights.

Can anyone help before I give up on FreeNAS all together? Thanks.
Click to expand...

You should have created a Volume (for example "tank"), then a dataset "Media". Stop.

You only need one dataset for your purpose. Then, from the Win machine, you have to create the desired subfolders and assign the permissions from the Windows' tab Security.

A common mistake is trying to assign complex permissions from FreeNAS. You should use FreeNAS to set raw permissions, then use Windows for granularity control.

Create the users and groups in FreeNAS following these instructions:

http://doc.freenas.org/index.php/Windows_(CIFS)_Shares

then, assign the permissions to the dataset:

1) set the user and group and leave UNIX checked; --> click ok. Now the user has its own permissions.

2) go back to the "change permissions" button for that dataset and click the radio button for Windows permissions. Done.

3) Now set Samba shares.
 
F

freshfeesh

Explorer
Joined
Oct 10, 2011
Messages
72
It looks like Panz knows more about this than I do. I will add one more piece of info to what I described above. Having spent another day with my system as described above (sorry about that formatting, not sure what happened), it's clear to me, having recovered guest access by switching to Unix ACL, I'm going to want to switch the ACL back to Windows and exercise further control from the Windows machines, as Panz just described.
 
Status
Not open for further replies.

Similar threads

J
  • Locked
Folder Permissions To Different Users
Replies
3
Views
2K
jsmakkar
J
adrianwi
  • Locked
Noob understaning users, groups & permissions
Replies
1
Views
1K
adrianwi
adrianwi
J
  • Locked
SOLVED File permissions for selected users to access/create/delete folders
Replies
3
Views
2K
JackTheKnife
J
atriant62
FreeNAS user Permissions
Replies
1
Views
782
JohnDigital
JohnDigital
N
  • Locked
Setting Up Permissions ???
Replies
8
Views
2K
NASA
N
Top