I'm having a real hard time figuring out how to get my permissions set up right for multiple users with multiple shares.
I have one volume /mnt/storage
Under that volume I have a couple of datasets:
/mnt/storage/shared
/mnt/storage/Home
shared has a few child datasets:
/mnt/storage/shared/documents
/mnt/storage/shared/photos
as does Home:
/mnt/storage/Home/Foo
/mnt/storage/Home/Bar
/mnt/storage/Home/Baz
I have these CIFS shares (all with Browsable checked but nothing else):
documents -> /mnt/storage/shared/documents
photos -> /mnt/storage/shared/photos
home -> /mnt/storage/Home
My client machines are all Windows for now. They are all in WORKGROUP and the CIFS service is also set to WORKGROUP.
I have three users on my Windows machines: Foo, Bar, and Baz.
I have those same three users (set up with the same passwords as they use in Windows) as users in FreeNAS and each has a corresponding primary group.
What I want is for Foo, Bar, and Baz each to have read and execute permissions on documents and photos and for Foo to have read, execute, and write permissions.
I also want Foo to have rwx permissions to Home/Foo but no permissions at all to Home/Bar or Home/Baz and have the same setup for Bar and Baz having all permissions to their dirs with nobody else having any. These three would be top level directories within the dataset Home but not be full datasets.
Here's the config I'm currently sitting at:
I have groups:
SharedOwners with member Foo
HomeOwners with members Foo, Bar, and Baz
storage has rwxrwxrwx permissions with owner nobody and group nogroup
shared, documents, and photos are rwxrwxr-x with owner nobody and group SharedOwners
Home is rwxr-x--- with owner nobody and group HomeOwners
Foo, Bar, and Baz are rwxrwx--- with Owner and Group Foo, Bar, and Baz respectively.
The CIFS service has
Authentication Model: Local User
Guest Account: nobody
and had checked: dos attributes, allow empty password, unix extensions, zeroconf, and hostnames lookups
The current behavior I witness is that user Foo can read and write to the shares documents and photos. Everyone else can see that the shares exist but cannot browse into them. Likewise Foo can see that Home is a share but cannot browse into it.
I have one volume /mnt/storage
Under that volume I have a couple of datasets:
/mnt/storage/shared
/mnt/storage/Home
shared has a few child datasets:
/mnt/storage/shared/documents
/mnt/storage/shared/photos
as does Home:
/mnt/storage/Home/Foo
/mnt/storage/Home/Bar
/mnt/storage/Home/Baz
I have these CIFS shares (all with Browsable checked but nothing else):
documents -> /mnt/storage/shared/documents
photos -> /mnt/storage/shared/photos
home -> /mnt/storage/Home
My client machines are all Windows for now. They are all in WORKGROUP and the CIFS service is also set to WORKGROUP.
I have three users on my Windows machines: Foo, Bar, and Baz.
I have those same three users (set up with the same passwords as they use in Windows) as users in FreeNAS and each has a corresponding primary group.
What I want is for Foo, Bar, and Baz each to have read and execute permissions on documents and photos and for Foo to have read, execute, and write permissions.
I also want Foo to have rwx permissions to Home/Foo but no permissions at all to Home/Bar or Home/Baz and have the same setup for Bar and Baz having all permissions to their dirs with nobody else having any. These three would be top level directories within the dataset Home but not be full datasets.
Here's the config I'm currently sitting at:
I have groups:
SharedOwners with member Foo
HomeOwners with members Foo, Bar, and Baz
storage has rwxrwxrwx permissions with owner nobody and group nogroup
shared, documents, and photos are rwxrwxr-x with owner nobody and group SharedOwners
Home is rwxr-x--- with owner nobody and group HomeOwners
Foo, Bar, and Baz are rwxrwx--- with Owner and Group Foo, Bar, and Baz respectively.
The CIFS service has
Authentication Model: Local User
Guest Account: nobody
and had checked: dos attributes, allow empty password, unix extensions, zeroconf, and hostnames lookups
The current behavior I witness is that user Foo can read and write to the shares documents and photos. Everyone else can see that the shares exist but cannot browse into them. Likewise Foo can see that Home is a share but cannot browse into it.