I am seeing some odd and unexpected behavior when logging into shares. And I am wondering if this is normal... or and I missing something. Here is what I did....
Step 1.... installed FreeNAS (of course)
Step 2.... created a user group 'family'
Step 3.... created two users 'member1' and 'member2' and assign the Aux Group for each to 'family'
Step 4... set the 'owner group' permissions of the storage to 'family'
Step 5... create required AFP and CIFS shares
All the AFP and CIFS shares appear to be working... both 'member1' and 'member2' can access them (from both Macs and PCs in the house), after logging in to them.
Now here is where it gets weird...
I was playing around with the users.... I assumed if I removed a user from the 'family' group, then they shouldn't be able to access the shares, as they are no longer members of the 'family' group, which is the owner group of the storage. However even after removing them, they can still access the shares.
So I go a step further and remove all users from the 'family' group so there are no users at all assigned to the family group. But yet again... all users (after logging in) can access (read and write) to the shares. This cannot be normal? I assumed that if no users were part of the group, that is the owner group of the storage, then no user should be able to access the shares. I should add that at this point I was testing access with Windows PCs on the network, and Owner User of the storage is still set to root.
Now as I toyed around with this... I tested access to the single AFP share I have setup from my Mac. Again with no users assigned to the 'family' group, and I am able to login to the share with either user account. However only one of these accounts (member1) can access the contents of the folder, member2 can login - but cannot read or write to the storage.
I should also add that when I first set up these users (member1 and member2), I had originally assigned the primary group to 'family'. I have however deleted them and recreated them using 'nogroup'.
It's get even weirder..... to further test... I created a new test user 'joe' - I assigned this user to 'nogroup'. I did not assign this user to a group at all... yet this user can also login and access shares... even though I never assigned it to the storage's owner group.
So.... does this sound correct? Should it be doing this and my assumptions are incorrect? Or is something not working the way it should?
Cheers!
Step 1.... installed FreeNAS (of course)
Step 2.... created a user group 'family'
Step 3.... created two users 'member1' and 'member2' and assign the Aux Group for each to 'family'
Step 4... set the 'owner group' permissions of the storage to 'family'
Step 5... create required AFP and CIFS shares
All the AFP and CIFS shares appear to be working... both 'member1' and 'member2' can access them (from both Macs and PCs in the house), after logging in to them.
Now here is where it gets weird...
I was playing around with the users.... I assumed if I removed a user from the 'family' group, then they shouldn't be able to access the shares, as they are no longer members of the 'family' group, which is the owner group of the storage. However even after removing them, they can still access the shares.
So I go a step further and remove all users from the 'family' group so there are no users at all assigned to the family group. But yet again... all users (after logging in) can access (read and write) to the shares. This cannot be normal? I assumed that if no users were part of the group, that is the owner group of the storage, then no user should be able to access the shares. I should add that at this point I was testing access with Windows PCs on the network, and Owner User of the storage is still set to root.
Now as I toyed around with this... I tested access to the single AFP share I have setup from my Mac. Again with no users assigned to the 'family' group, and I am able to login to the share with either user account. However only one of these accounts (member1) can access the contents of the folder, member2 can login - but cannot read or write to the storage.
I should also add that when I first set up these users (member1 and member2), I had originally assigned the primary group to 'family'. I have however deleted them and recreated them using 'nogroup'.
It's get even weirder..... to further test... I created a new test user 'joe' - I assigned this user to 'nogroup'. I did not assign this user to a group at all... yet this user can also login and access shares... even though I never assigned it to the storage's owner group.
So.... does this sound correct? Should it be doing this and my assumptions are incorrect? Or is something not working the way it should?
Cheers!
