Am I setting up shares correctly? (new user)

[SPOautos]

Hello! Okay, I am working on setting up everything in Unraid. Please forgive my ignorance on everything but I dont do much with computers...yet am giving it a shot to build a server I need. I appreciate all the forum support, its need a big help!

 

So with "Shares" would you typically have a lot of these? Or would you just have a few, then have sub folders in them? For instance if I want each family member to have their own space as well as space for our business, would I just do a share for "family" and "business" then each person have a folder in the family share? Or should I give each person a "share"?

 

I guess I'm not clear on what I should/shouldn't assign a share too. Also, can you have basically an unlimited number of sub folders? (Folders inside of folders, drilling very very far down).

 

Thanks!

Stephen

 

Edited August 28, 2020 by SPOautos

[SPOautos]

Okay, apparently something I took for granted is that Unraid has a file system somewhat like windows.  It's a server that people use for NAS, so I'm a little confused that it seems like you have to install a docker like Krusader to have a file system.

 

Am I understanding this correctly?

 

I need my server to be as user friendly and stable as possible. I was planning on various family members who only have used Windows to save files to the unraid server. These are not 'computer guys'....these are people who pretty much only know how to turn on a PC and save stuff too it....but I now want them to save to Unraid.

 

It looks like there was a old Krusader and now two newer ones, along with other similar programs. I have no idea what would be best, most stable, most user friendly and 'windows like' that will make sense to a windows user and they be able to use browse their files, save them, move them around, etc without much of a learning curve.

 

Edited August 29, 2020 by SPOautos

[trurl]

Your use of the term "file system" is not the usual meaning. I think you mean something like a file explorer.

 

Since Unraid is a NAS, you can use whatever file explorer you use on the client computers (your PCs) to "explore" the shares on Unraid over the network.

 

Normally, you don't want anybody except the person managing your server to work directly on the server. Only root user has access to the Unraid webUI, and that user has unlimited access.

 

Your other users don't need Krusader, though it might be useful to the person managing the server. Your "not computer guys" can just use Windows Explorer to work with network shares on the Unraid server.

[SPOautos]

46 minutes ago, trurl said:

Your use of the term "file system" is not the usual meaning. I think you mean something like a file explorer.

 

Since Unraid is a NAS, you can use whatever file explorer you use on the client computers (your PCs) to "explore" the shares on Unraid over the network.

 

Normally, you don't want anybody except the person managing your server to work directly on the server. Only root user has access to the Unraid webUI, and that user has unlimited access.

 

Your other users don't need Krusader, though it might be useful to the person managing the server. Your "not computer guys" can just use Windows Explorer to work with network shares on the Unraid server.

 

First, I should say...none of us are 'computer guys'....I'm the most tech/computer savvy and you can see where I'm at lol.....but I'm learning!

 

Ahhh, okay this is coming into better focus. So yes, you were correct by "file system" I was thinking of something like windows explorer.

 

Okay, so their win explorer will organize everything open to them into a view and Krusader is there to give me that ability when directly on unraid.

 

I'm not sure how detailed I should be with creating "shares" on the share tab. If I want each family member to have their own space would I create a share for each then map a network drive from their pc to their share and also I think they could use Nextcloud (or similar) to also tie their phone to their space.  Then they can use their PC to create folders and such, correct? I can use Krusader to see all of their files and browse them directly on the server and add/remove folders and files if needed. Do you have a suggestion on which Krusader (or alternate)?

 

Am I seeing that fairly clearly now?

 

Is there anything I can do to protect the server from a virus one of the PC's contracts? Just run virus programs on all the pc's?

Edited August 29, 2020 by SPOautos

[Frank1940]

3 hours ago, SPOautos said:

For instance if I want each family member to have their own space as well as space for our business, would I just do a share for "family" and "business" then each person have a folder in the family share? Or should I give each person a "share"?

 

You should set up a separate share based on who will have access to that share.  For example, if you want a file system to which you alone will have access, you will setup a separate share for yourself which will contain those files to which only you will be granted access.  You can not setup a folder inside a share to have different access permissions than the share!

 

The same for other individuals/groups.  As an other example, you set up a share named Accounting and grant only the people from that organization access to it.  Perhaps one for Sales as another example.   I will point out that you could give yourself (using your SMB user login name) access to both Accounting and Sales. 

 

For more general shares (like for media files), most folks tend to want to limit the number of shares.  You might set up a share called Media and have folders in it for Music, Movies, TV shows  or you could setup a separate share for each of these  categories.   You can make a case for either way.  What you want to avoid is setting shares organized like this: TV Shows 2005, TV Shows 2006, TV Shows 2007, etc.

 

BTW, your SMB user login name can not be root.  root is not permitted as a SMB user for security reasons. 

 

One more important fact, only one SMB user login is allowed from each client computer!!!  (This is an Microsoft SMB restriction and has nothing to do with Unraid!) This is important to remember when you setting the SMB users on the Unraid server to consider what shares each computer client has to have access to.

Edited August 29, 2020 by Frank1940

[SPOautos]

7 minutes ago, Frank1940 said:

You should set up a separate share based on who will have access to that share.  For example, if you want a file system to which you alone will have access, you will setup a separate share for yourself which will contain those files to which only you will be granted access.  You can not setup a folder inside a share to have different access permissions than the share!

 

The same for other individuals/groups.  As an other example, you set up a share named Accounting and grant only the people from that organization access to it.  Perhaps one for Sales as another example.   I will point out that you could give yourself (using your user login name) access to both Accounting and Sales. 

 

For more general shares (like for media files), most folks tend to want to limit the number of shares.  You might set up a share called Media and have folders in it for Music, Movies, TV shows  or you could setup a separate share for each of these  categories.   You can make a case for either way.  What you want to avoid is setting shares organized like this: TV Shows 2005, TV Shows 2006, TV Shows 2007, etc.

 

BTW, your SMB user login name can not be root.  root is not permitted as a SMB user for security reasons. 

 

One more important fact, only one SMB user login is allowed from each client computer!!!  (This is an Microsoft SMB restriction and has nothing to do with Unraid!) This is important to remember when you setting the SMB users on the Unraid server to consider what shares each computer client has to have access to.

 

This info about user permissions and that all data in a share has the same access permissions as the share, is a big puzzle piece. That will really contribute to me planning out the shares.  Thank You for that info.... 

 

Is there somewhere I can read about how to give shares certain permissions, creating users with certain permissions, etc? 

[Frank1940]

9 hours ago, SPOautos said:

s there somewhere I can read about how to give shares certain permissions, creating users with certain permissions, etc? 

First set up a share for testing.  Now on the Share page, Click on the blue share name.  Then go to the SMB Security Settings section/tab.   Look at the various settings.  Now click on the 'Help' icon on the tool bar.

You will find a fairly detailed explanation of what each setting does.  Everything you do on the screen is reversible so you can change anything in the future to fit the situation as required.  There are a couple of gotchas with the 'Secure' setting so you have to be careful.  (If client accesses it without being logged-in to Unraid as a user, he will be granted public access (read-only) and can't change it.)

 

You can turn on the 'Help' for any setting by hovering on the setting name.  When cursor changes to one with '?' mark, click.

[SPOautos]

22 minutes ago, Frank1940 said:

If client accesses it without being logged-in to Unraid as a user, he will be granted public access (read-only) and can't change it.

 

Thank you for all that info, very helpful. 

 

Regarding what you said about clients logging in. So with a share mapped to someone's PC, I need to create a unraid user acct for them that only has access to their share. Now everytime they go to save something to it or access it will they have to log in first or is there a way to set it up where it remembers the user or PC?  I suppose theres no way for windows to hand off credentials since unraid isnt part of the Microsoft family.

Edited August 29, 2020 by SPOautos

[Energen]

[Frank1940]

This is getting a bit into an area that I am not really that sure of what can (and can not) happen behind the scenes.  I know that Windows Credential Manger does work with Unraid's SMB.  (In fact, one of the pieces of advice which is given with SMB access issues to to delete all of the Windows Credentials in Credential Manager.)  The thing that I am not sure about is if Credential Manager will force a auto logon if you access a public share before you access a 'Private' share.

 

I see that @Energen has posted up one way to use the Credential Manager on the Windows side.  I believe this technique is relatively bullet-proof when you set up the user (on the Windows side) with mapped drives.  Problems usually tend to arise when you attempt to use Windows Explorer connect to the server via the 'Network' icon via the Navigation Pane.

 

Basically, you create an user for a person (not really a computer)* on the Unraid side things on the User page.  You can now assign that User with either read-only or read-write privileges on as many different shares as you want him to have access to.  (This particularly applies to 'Private' shares.  'Secure' Shares are a mixed bag of worms that tend to give folks headaches and we are not going to that at this point.)

 

SMB is a bag of worms and always has been.  It basically started out back in the days of Workgroups for Windows and was intended to connect two to (perhaps) ten computers generally using 10BASE2 cabling.   All users were trusted as they all worked together with 600' of each other and had to physically attached to the network.  The problems don't magically vanish if you are using an all Windows environment either! 

 

* Having said that a person could a position, i.e., Lobby Receptionist.

[Frank1940]

Beginning with this post is a series of posts that deal with SMB issues that one can encounter:

 

       https://forums.unraid.net/topic/25064-user-share-problem/?tab=comments#comment-228392

 

I would not recommend that you study it in detail but browse it now and remember the high points in case you do hit a snag.