CIFS user home directory access

[xtracold]

Hello, i've been trying to get a CIFS share up and running with permissions such that a logged in user can only access their home directory which is a subdiretory of the CIFS share.

My setup is

AMD QuadCore running Linux Mint 11 (Katya)
Freenas 8.0.4 Running in VirtualBox
2x1TB drives setup in a ZFS pool and mirroring

2 users configured on the Linux side : user1:password1 and user2:password2

The users are configured the same way on the freenas server in a group called MintUsers. They have home directories pointing to /mnt/NAS_1_2/USERS/user1 and /user2 respectively.

MintUsers have group access to a Windows share "NASHOME" /mnt/NAS_1_2/USERS

I have CIFS home directories enabled and the home directories are configured to /mnt/NAS_1_2/USERS

I have "browsable to network clients" checked for the NASHOME share.

I can successfull browse to the share but the problem is even though i'm logged in as user1 I am able to read/write to the user2 home directory? I would have thought that when user1 browses they will only be able to write to NASHOME/user1 and subdirectories thereof. They should be able to browse and see the user2 folder but not navigate inside it as they are not logged in as user2?

Can anyone help me with this, it is not that big a deal as the users are all family in our home network but I am interested to see what I can achieve with FREENAS. I don't want any personal data etc kept on the PC's as they are not backed up, all important data should be saved to a user folder on the NAS. If they read other folders that is fine, but I really want to be able to stop them deleting someone elses stuff and therefore it will be easier just to prevent them seeing the users files at all.

Thanks in advance

Jamie

 

[paleoN]

Change the permissions on /mnt/NAS_1_2/USERS to execute for the group and remove the group MintUsers from the home directories.

Now I'm confused. Is /mnt/NAS_1_2/USERS a share that you are saving stuff to? If so the easiest thing to do is move the home directories to their own share.

 

[xtracold]

Now I'm confused. Is /mnt/NAS_1_2/USERS a share that you are saving stuff to? If so the easiest thing to do is move the home directories to their own share.

/mnt/NAS_1_2/USERS is a volume I have set up in my ZFS pool.

I want CIFS to automatically create user home directories here

I want my users, when they log in on the linux box and browse to the CIFS share to be taken to their home folder, as created by CIFS.

Does that help?

 

[paleoN]

Does that help?

Yes it does. Try the first thing I said.

Change the permissions on /mnt/NAS_1_2/USERS to execute for the group and remove the group MintUsers from the home directories.

Just to clarify:

• /mnt/NAS_1_2/USERS group permission should be MintUsers x permission
  
  
• /mnt/NAS_1_2/USERS/user1 MintUsers group has no access
  
  
• /mnt/NAS_1_2/USERS/user2 MintUsers group has no access

You can either deny all permissions for the group on the home folders or assign the user1/user2 groups, if you created them, to each home folder.

 

[xtracold]

Thanks for the info. I still struggled with the GUI to get things right, or at least understand what was going on. In the end I resorted to the terminal and tidied up all the group ownership and permissions etc, experimented and worked out what was going on. I can now navigate through my CIFS shares correctly.

I have one question that maybe someone can answer though. The 'homes' folder shown below is I think something created automatically by the CIFS service. I cannot navigate to it or find it via the terminal. Does anyone have any idea what it is?