Vocatus Posted January 30, 2011 Share Posted January 30, 2011 Finally got unRAID up and running, but I'm having some trouble figuring out a user level security issue. On my previous box I had Windows XP SP3 as the 'file server.' The user/group permissions worked great, because anyone I put in the "Server users" group got read-only access to the media collection. Then I'd specially give them their own folder under Backups (i.e. \\Tower\Backups\john) that only they had permissions to edit or view. Essentially, a private backup folder for them to store things. I'm trying to duplicate this with my Plus license and user-level security. Short of creating 50 different shares for people's private folders, is there anyway to restrict subdirectories to individual users? thank-you Link to comment
Joe L. Posted January 31, 2011 Share Posted January 31, 2011 Finally got unRAID up and running, but I'm having some trouble figuring out a user level security issue. On my previous box I had Windows XP SP3 as the 'file server.' The user/group permissions worked great, because anyone I put in the "Server users" group got read-only access to the media collection. Then I'd specially give them their own folder under Backups (i.e. \\Tower\Backups\john) that only they had permissions to edit or view. Essentially, a private backup folder for them to store things. I'm trying to duplicate this with my Plus license and user-level security. Short of creating 50 different shares for people's private folders, is there anyway to restrict subdirectories to individual users? thank-you Yes, but you need to create you own entries for sub-directories in the config/smb-extra.conf file. There is no way to restrict individual users in sub-directories in the user-shares screen. It is for top-level directories only. Link to comment
Vocatus Posted January 31, 2011 Author Share Posted January 31, 2011 Finally got unRAID up and running, but I'm having some trouble figuring out a user level security issue. On my previous box I had Windows XP SP3 as the 'file server.' The user/group permissions worked great, because anyone I put in the "Server users" group got read-only access to the media collection. Then I'd specially give them their own folder under Backups (i.e. \\Tower\Backups\john) that only they had permissions to edit or view. Essentially, a private backup folder for them to store things. I'm trying to duplicate this with my Plus license and user-level security. Short of creating 50 different shares for people's private folders, is there anyway to restrict subdirectories to individual users? thank-you Yes, but you need to create you own entries for sub-directories in the config/smb-extra.conf file. There is no way to restrict individual users in sub-directories in the user-shares screen. It is for top-level directories only. Joe, I'm looking in my config directory, but the only SMB file I see is "smbpasswd". Is there another file, or was it renamed in a newer version? Link to comment
limetech Posted January 31, 2011 Share Posted January 31, 2011 Finally got unRAID up and running, but I'm having some trouble figuring out a user level security issue. On my previous box I had Windows XP SP3 as the 'file server.' The user/group permissions worked great, because anyone I put in the "Server users" group got read-only access to the media collection. Then I'd specially give them their own folder under Backups (i.e. \\Tower\Backups\john) that only they had permissions to edit or view. Essentially, a private backup folder for them to store things. I'm trying to duplicate this with my Plus license and user-level security. Short of creating 50 different shares for people's private folders, is there anyway to restrict subdirectories to individual users? thank-you This is not possible with version 4.7 or below. You really have 50 users? Link to comment
Vocatus Posted January 31, 2011 Author Share Posted January 31, 2011 This is not possible with version 4.7 or below. You really have 50 users? I'm exaggerating somewhat, but I do have about 8-9 active users (who don't know each other) and backup their files remotely to the server. It's really important that they not be able to access each others' directories. Is there any way to accomplish this without cluttering up the main view with 10 different "backup_steven" "backup_john" shares etc? I don't mind editing permissions on some directories by hand if I need to, but I just need someone to tell me how because I don't want to blow anything up. Link to comment
limetech Posted January 31, 2011 Share Posted January 31, 2011 This is not possible with 4.7 (and earlier) because every file/directory in a share is owned by root, and user restrictions are handled by samba, but on a share basis. This is completely changed in version 5.0 in part to support something like what you want, and also to support AFP which relies on file/directory permissions of underlying file system. When/if you boot up 5.0-beta2 you will see there is a utility called "New Permissions" which goes and changes the file ownership of all the files and directories in the entire server. Still, the current behavior of the security model does not do exactly what you want, but I added the description of a new feature that can be added to accomplish this: http://download.lime-technology.com/develop/infusions/aw_todo/task.php?id=47 Link to comment
Vocatus Posted January 31, 2011 Author Share Posted January 31, 2011 This is not possible with 4.7 (and earlier) because every file/directory in a share is owned by root, and user restrictions are handled by samba, but on a share basis. This is completely changed in version 5.0 in part to support something like what you want, and also to support AFP which relies on file/directory permissions of underlying file system. When/if you boot up 5.0-beta2 you will see there is a utility called "New Permissions" which goes and changes the file ownership of all the files and directories in the entire server. Still, the current behavior of the security model does not do exactly what you want, but I added the description of a new feature that can be added to accomplish this: http://download.lime-technology.com/develop/infusions/aw_todo/task.php?id=47 Tom this is really exciting to hear, because this is a major requirement for my configuration/role. To clarify, are you saying my options for now are: 1. Boot up version 5.0-beta2 to attain private folder/file permission functionality 2. Create multiple shares (backup_john, backup_stephan, etc) using 4.7 (I don't mind doing this as a temporary stop-gap but would prefer to avoid it long-term) 3. Wait for 5.0 stable ? Will the finer-grained permissions be available in 5.0 stable? I guess what I'm asking is: what exactly will 5.0 allow me to do (permission-wise) that 4.7 doesn't? Link to comment
SSD Posted January 31, 2011 Share Posted January 31, 2011 I have created a separate folder for each of my 4 users (aka my family) with customized security for each as custom Samba shares. Each share is read/write to some, readonly to others, and not accessible at all to the rest. This wouldn't work well for 50, but for 10 would work IMO. Link to comment
Oddwunn Posted February 1, 2011 Share Posted February 1, 2011 I have created a separate folder for each of my 4 users (aka my family) with customized security for each as custom Samba shares. Is there a tutorial for creating customized Samba shares somewhere on the forum? Link to comment
SSD Posted February 2, 2011 Share Posted February 2, 2011 You can look HERE and HERE. You can also search the forums for "smb-extra.conf" and you'll see lots of discussions (make sure you click the "Show Results as Messsage" checkbox in the search dialog). If you have any questions post back. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.