Change in default permissions after upgrading from FreeNAS 8 to 9

Status
Not open for further replies.
E

elk84

Cadet
Joined
Mar 16, 2017
Messages
1
Hi!

I have posted this question on Server-Fault but receive no answer, so I'm posting it here in hope of receiving more help :smile:

My problem is related to default permission applied to newly created folder in CIFS share.
On my old FreeNAS server (ver. 8.3.0) I have configured shared folder with Unix style permissions for domain user/group 777. So every domain user could create in this share new folders but the newly created folders got permission 700. And that was ok, as my intention was to public this share for all users for backup purposes. Every user could create there new folders, which were accessible only to its creator.

Now I have upgraded to newest FreeNAS (9.10.2-U2) but I'm unable to reproduce previous behavior (now every new folder gets permissions 777). Tried to switch permissions type to Windows but with no success (but I would like to stay with Unix-like permissions - in this case it seems much simple, even despite fact that all users are Windows clients).

Could someone suggest me ho to configure share/permission to achieve similar effect in FreeNAS 9 (every user should be able to create new folder in share, but this folder should be accessible only to him/her)?

Krzysztof
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
elk84 said:
Hi!

I have posted this question on Server-Fault but receive no answer, so I'm posting it here in hope of receiving more help :)

My problem is related to default permission applied to newly created folder in CIFS share.
On my old FreeNAS server (ver. 8.3.0) I have configured shared folder with Unix style permissions for domain user/group 777. So every domain user could create in this share new folders but the newly created folders got permission 700. And that was ok, as my intention was to public this share for all users for backup purposes. Every user could create there new folders, which were accessible only to its creator.

Now I have upgraded to newest FreeNAS (9.10.2-U2) but I'm unable to reproduce previous behavior (now every new folder gets permissions 777). Tried to switch permissions type to Windows but with no success (but I would like to stay with Unix-like permissions - in this case it seems much simple, even despite fact that all users are Windows clients).

Could someone suggest me ho to configure share/permission to achieve similar effect in FreeNAS 9 (every user should be able to create new folder in share, but this folder should be accessible only to him/her)?

Krzysztof
Click to expand...

  1. Change dataset type to "Windows" with the desire User and Group set as the "owner" of the dataset.
  2. Using the advanced permissions editor in Windows File Explorer, modify the ACL on the share \\<freenas>\<yourshare> so that the ACL associated with owner-group applies to "This folder only".
  3. Remove the "everyone" ACL on the share
  4. From the CLI, use chmod to change the owner of the subdirectories.
The above steps should remove access for everyone but the owner of the subdirectories, but grant users the ability to write to the root directory.

This is the equivalent in the windows world of granting access only to "CREATOR-OWNER".
 
Y

Yogi84

Cadet
Joined
Apr 19, 2017
Messages
1
Hi!

Thank you for answer, but point 4 is unacceptable - the whole thing is that in version 8 I haven't do anything. Users just created their personal catalogs and they were unaccesible to others by default. Now I need the same behaviour - if I will have do anything manually, then user will have to inform me about every new folder they created and I'm sure they fail to do that :) resulting their files will be accessible to other and they will blame me for it :)

Also I'dont understood why should I change owner of subdirectories - newly created one have proper owner (creator) but wrong permissions - 070 instead of 700.

P.S. Sorry fo using another account: elk84 it's me - I have some problems with login
 
Last edited:
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Yogi84 said:
Hi!

Thank you for answer, but point 4 is unacceptable - the whole thing is that in version 8 I haven't do anything. Users just created their personal catalogs and they were unaccesible to others by default. Now I need the same behaviour - if I will have do anything manually, then user will have to inform me about every new folder they created and I'm sure they fail to do that :) resulting their files will be accessible to other and they will blame me for it :)

Also I'dont understood why should I change owner of subdirectories - newly created one have proper owner (creator) but wrong permissions - 070 instead of 700.

P.S. Sorry fo using another account: elk84 it's me - I have some problems with login
Click to expand...

Point 4 was regarding "fixing" existing permissions. Newly created files / folders will be owned by the person creating them, and accordingly will only be accessible by them. Describing permissions as 0700, etc. doesn't make sense when describing ACLs. It's better to use "getfacl" output.
 
Status
Not open for further replies.

Similar threads

Brian Moore
  • Locked
CIFS - Windows share permissions issues
Replies
1
Views
1K
GeoffK
G
R
SMB folder with read/write and w/o modify/delete permissions
Replies
0
Views
3K
r51
R
S
  • Locked
Can't access Win2k8 DFS FreeNAS share from Linux
Replies
2
Views
2K
swizzle
S
T
  • Locked
Have undeletable folders in CIFS & can't change the permissions
Replies
3
Views
1K
Supa
Supa
J
  • Locked
Proper CIFS Share Permissions
Replies
18
Views
3K
Robert Trevellyan
R
Top