Volume sharing

[M.A.H]

Hi,
I have 7 volumes and 4 users in total. I want the main user 1 (myself) to see all 7 volumes when accessing freenas through the windows network. I want user 2 to only see volume 2, user 3 to only see volume 3 and user 4 to only see volume 4. Is this possible?

I know I have to create the users and create a group to add the users in that group but here is were I get confused, Do I create separate groups for each user to only allow to see one volume?

Thanks in advance

 

[cyberjock]

It depends on how your files are organized and what you want available(or not available). Unfortunately to answer your questions you need to understand your own data and how file permissions work. It's not something where someone else can easily tell you how to setup your own server :(

 

[HolyK]

Well .. in this scenario i guess the user/group management is easiest way how to do achieve what you need.

Question is ... are these "volumes" ZFS datasets or they are just a UFS volumes / physical discs ?

In case of ZFS, you may set the permissions via GUI
In case of UFS, you need to use CLI to set it

Create users/groups ...
user1:group1 // you
user2:group2
user3:group3
user4:group4

Set ownership and permissions ...
log in as root

chown -R user1:group1 /path/to/volume1
chmod -R 700 /path/to/volume1

chown -R user1:group2 /path/to/volume2
chmod -R 750 /path/to/volume2

chown -R user1:group3 /path/to/volume3
chmod -R 750 /path/to/volume3

chown -R user1:group4 /path/to/volume4
chmod -R 750 /path/to/volume4

chown -R user1:group1 /path/to/volume5
chmod -R 700 /path/to/volume1

chown -R user1:group1 /path/to/volume6
chmod -R 700 /path/to/volume1

chown -R user1:group1 /path/to/volume7
chmod -R 700 /path/to/volume1

Then set CIFS share for each user/volume.

user1 will have read/write/execute permissions to all volumes since he is owner of everything
user2 will have read/execute (but no write) permission to volume2
user3 will have read/execute (but no write) permission to volume3
user4 will have read/execute (but no write) permission to volume4

Also you will need to alter CIFS settings because default permission is read/write/execute for all newly created files/dirs via CIFS.
So for each CIFS share just tick "Inherit Permissions" and restart SMB service. All new files/directories will now have default permissions like above.

In case you want write permission for user[2-4], you will need to set permissions (chmod) to 770 instead of 750 for volumes[2-4]
In this case, you will also need to set group[2-4] as an additional group for user1 so he will have access to users which will be created by user[2-4]. You can use GUI to do this. Just go to Groups -> View Groups -> Members ... and add user1 to each group.


Holy

 

[M.A.H]

Thanks for the replies.
Holy I think you have set out exactly how I want the system to be. The 7 volumes are 7 HDD's with ZFS file system. I have created the users and groups but to set the ownership and permissions does the shell commands have to be like this?

chown -R user1:group1 /path/to/volume1
chmod -R 700 /path/to/volume1

chown -R user2:group2 /path/to/volume2 ------How does user1 have ownership and permission?
chmod -R 770 /path/to/volume2

chown -R user3:group3 /path/to/volume3 ------How does user1 have ownership and permission?
chmod -R 770 /path/to/volume3

chown -R user4:group4 /path/to/volume4 ------How does user1 have ownership and permission?
chmod -R 770 /path/to/volume4

chown -R user1:group1 /path/to/volume5
chmod -R 700 /path/to/volume1

chown -R user1:group1 /path/to/volume6
chmod -R 700 /path/to/volume1

chown -R user1:group1 /path/to/volume7
chmod -R 700 /path/to/volume1

I want:
user1 (Me) to have read/write/execute permissions to all volumes since I am the owner of everything
user2 to have read/write/execute permission to volume2
user3 to have read/write/execute permission to volume3
user4 to have read/write/execute permission to volume4

In your example you have user1 set to each group and for all volumes or were you showing me user1 having ownership and permission to all 7 volumes? If so then do I set the other three users to volumes via CIFS sharing?

 

[HolyK]

Well, looks like you are messing several things together. So ...

Holy I think you have set out exactly how I want the system to be. The 7 volumes are 7 HDD's with ZFS file system.

So you have one ZFS volume over 7 devices? Is it RAIDZ-1, RAIDZ-2 or what kind of "raid" you have? If you have one "raid" across all HDDs, you should not care about volumes anymore but create datasets and grant necessary permissions on each of them. So in your case it should be 7 datasets. Name does not matter that much, but it should be somehow clear.

After you have datasets configured (you may or may not set some quotas/reserved space), you will need to set up permissions for each of them. The basic configuration could be done via GUI, further "tuning" from CLI in case of need.

I have created the users and groups but to set the ownership and permissions does the shell commands have to be like this?
chown -R user2:group2 /path/to/volume2 ------How does user1 have ownership and permission?
chmod -R 770 /path/to/volume2

Via this, you will set things as follows

user2 will be owner of everything (this is set via chown command)
user2 will have "rwx" permission on everything since he will be owner and permission for owner (first bit in "yyy") is set to "7" (== read, write, execute)
user1 will have "rwx" permission only if he is a member of group2 since permission for group (second bit in "yyy") is set also to "7"
Any another user which is NOT member of group2 will NOT have any rights since permission for others (third bit in "yyy") is set to "0" (== no rights at all)

I want:
user1 (Me) to have read/write/execute permissions to all volumes since I am the owner of everything
user2 to have read/write/execute permission to volume2
user3 to have read/write/execute permission to volume3
user4 to have read/write/execute permission to volume4

It is how i wrote above. I don't know how much you are familiar with *nix permissions, but you should have at least some basics since you have unix-based NAS :]

Filesystem permissions is using Octal Notation. So you have eight states and each of them stands for specific permission for owner, group or "others".

Octal notation	Permissions	bits set (read, write, execute)
0	none	000
1	execute	001
2	write	010
3	write + execute	011
4	read	100
5	read + execute	101
6	read + write	110
7	read + write + execute	111

As you may see, the basic values are 0, 1, 2 and 4 with this, you may set any combination of permission by sum values.
1+2 = 3 ... write + execute
2+4 = 6 ... read + write
1+4 = 5 ... read + execute
1+2+4 = 7 ... read + write + execute
... etc.

Based on this point, you may set permissons for owner, group and "others"

Just for example:
drwxr-xr-- Holy admingrp scripts/
d - stands for "directory"
r - stands for "read"
w - stands for "write"
x - stands for "execute"
rwx - permission for OWNER (== Holy), read, write, execute permissions
r-x - permission for GROUP == any user who is member of group admingrp (except Holy) will have read and execute permission
r-- - permission for any other user who is not owner nor member of group will have only read rights to this directory

(There are also some special values/flags, for more info see chmod wiki :] )

In your example you have user1 set to each group and for all volumes or were you showing me user1 having ownership and permission to all 7 volumes? If so then do I set the other three users to volumes via CIFS sharing?

In my example, user1 is owner of everything on each volume (dataset, since you are on ZFS), permission of owner is set to "7", so user1 will have read/write/execute permission for any dir/file. User2 is member of group2, for which the ermission is also rwx.
user1 must be also member of group2 because if not, he will not have any rights for file created by user2. user2 will be the owner, so user1 will act as "stranger" for this file if not member of group2.


So, from my point of view, you should do following (naming bellow is just general):
1] Create user1, user2, user3, user4. If you leave "Create a new primary group for the user" ticked, system will create new group for each user with the same name (group user1, group user2, .. etc)

2] Add user1 into each group of user2,3,4
Under Groups just edit "members" for each group and add user1.

3] Create 7 datasets (dataset1, dataset2, ... dataset7)

4] For dataset1, dataset5, dataset6, dataset7 set following permission

5] For dataset2 set following

Do this also for dataset3 and dataset4 while altering owner group to group3, group4

6] Create CIFS share for each dataset2,3,4 and tick "Inherit Permissions", this will preserve permissions for all newly created folders/files.
If you want to force ownership of newly created files/dirs by another user, you may also tick "Inherit Owner". In this case, if user2 upload file to dataset2, ownership will be changed to user1. He will still have rwx rights since he is a member of the group.

7] For user1, you may to set CIFS share for whole volume, so you may map all datasets as one disk instead of 7.

8] Copy files under user1 into each dataset and test that rest of the users have correct permissions



Phew ... i hope i did not mess up something :]

Holy

 

[M.A.H]

Holy thanks for the help and the information you provided, I am learning on the go, this is my first time creating a NAS and also first time using UNIX commands. I hope someone else can learn off this thread as-well :)

I have 7 HDD's formatted to ZFS file system.

2x 3TB Seagate
3x 1TB Hitachi
1x 500GB Seagate
1x 500GB Hitachi

I want user1 to have 2x3TB Seagate and 2x1TB Hitachi so 8TB in total,
user2 to have read/write/execute on only 1TB Hitachi,
user3 to have read/write/execute on only 500GB Seagate,
user4 to have read/write/execute on only 500GB Hitachi
but want user1 to have read/write/execute on all HDD's.

This NAS is just going to have a backup copy of data and only switched on just for backing up then switched off. So either way if the original HDD or the NAS HDD fails I will always have a copy of the data that is why I am thinking to set this NAS without RAID. Do you suggest I change this set-up?

Looking at the commands if I want read/write/execute for user2,user3 and user4 for their specified HDD's do I do this

chown -R user2:group2 /path/to/1TB Hitachi
chmod -R 700 /path/to/1TB Hitachi

chown -R user3:group3 /path/to/500GB Seagate
chmod -R 700 /path/to/500GB Seagate

chown -R user4:group4 /path/to/500GB Hitachi
chmod -R 700 /path/to/500GB Hitachi

Following the octal notation:
So the first digit of 7 of 700 sets the permission of owner?
The second digit 0 of 700 sets the permission of group?
The third digit 0 of 700 sets the permission of any other user who is not owner or in the group?


In your post for permissions for user1

chown -R user1:group1 /path/to/volume1
chmod -R 700 /path/to/volume1

chown -R user1:group2 /path/to/volume2
chmod -R 750 /path/to/volume2

chown -R user1:group3 /path/to/volume3
chmod -R 750 /path/to/volume3

chown -R user1:group4 /path/to/volume4
chmod -R 750 /path/to/volume4

chown -R user1:group1 /path/to/volume5
chmod -R 700 /path/to/volume1

chown -R user1:group1 /path/to/volume6
chmod -R 700 /path/to/volume1

chown -R user1:group1 /path/to/volume7
chmod -R 700 /path/to/volume1

Why does user1 only have group read + execute "750" for volumes 2,3 and 4 but not the others? is it because volume 2, 3 and 4 is being used by user2, 3 and 4? or should it be set to 770 on all HDD's?