Correct AFP Share and Permissions Setup with OpenDirectory Users/Groups?

[relume]

FreeNAS : FreeNAS-11.1-RELEASE

Hello

On the FreeNAS I set-up OpenDirectory binding correctly in order I can see/selecting OpenDirectory users and groups. Now I have troubles to set-up the appropriate AFP shares. The created volumes have the standard owner permissions "root/wheel".

On this volumes I created AFP-Shares with permissions settings in the "Allow List" like "@research,@marketing" or "@management" arrcording to the OpenDirectory groups. Unfortunately it is not possible to connect to this AFP shares. For this users out of theese groups the AFP Finder-Login says "... there is no share available or you have no access to the shares ...". If I change on the volume level the group owner permission from "wheel" to the OpenDirectory group "research", all OpenDirectory users which are part of this group, can access/log in to the AFP shares on this volume.

My objective is to get such a AFP-share setup:

volume1
- share1 : @research
- share2 : @marketing
- share3 : @management
- share4 : @research,@marketing,@management

How do I have to setup the volume1 permission/group owner in order all users of the different OpenDirectory groups have general access to different shares on the volume1 but no one else (users that are not part of these groups)? In the volume permission sections it is not possible to define a group list.

Many thanks in advance for any hint.

 

[relume]

Hello

With some trial and error I got the AFP share mostly working. But I have still some comprehension questions.

First I deleted all existing volumes and AFP shares and started from beginning. Then I did the following setup steps:

1. created a new Volume "volume1"; leaving default settings : owner=root; group=wheel; Mode=775; Perm-Type=Unix.
   
2. created a new Dataset "dataset1"; leaving default settings : owner=root; group=wheel; Mode=775; Perm-Type=Unix.
3. created a new AFP share "share4"; setting the values in advanced mode : Allow Lists = @research,@marketing;
   AFP3 Unix Privs. = true; Read-write Access = @research,@marketing; Default file Permission = 775; Default dir Permission = 775; umask = 002.

With these settings now all Open Directory users from OD groups "research" and "marketing" can login to the AFP "share4". But they have no write permissions. In the MacOS Finder info for the mounted APF-share shows "read-only" for the local user and "now rights" for everyone.

Again with trial and error I changed the permission on the Dataset from 775 to 777 (read-write-execute : also for "others"). Instead changing on the Dataset the Perm-Type from "Unix" to "Mac" does not have any influence on the problem.

Now after changing the permission mode from 775 to 777 on the Dataset, all OD users have read-write permission on the mounted AFP-share level, whereas new folders have permissions owner = local user / 777, group = research / 775, everyone = read only.

This setup / setup steps looks for me not very obvious, especially that I have to set the Dataset permission to 777, in order OD users will have read-write access on the AFP-Share.

So my question is, is this a correct setup or is this an accidentally working setup? Does somebody have an other setup for Open Directory users and AFP-Shares on FreeNAS? It would be also very appreciated if an working setup example would find its way to the official FreeNAS documentation.

Many thanks in advance

 

[relume]

Hello

I am sorry I have an additional comprehension question about group permissions on AFP-shares. How can I set on the same AFP-share different group assignments for different subfolders?


share4 : @research,@researchAdmin
- folder1 : @researchAdmin
- folder2 : @research
- folder3 : @research
- …

On the MacOSX client side I have not the permission to assign a different group to a folder or file. On the FreeNAS side I have no access to whatever subfolder or file stored on a Dataset and share.

Many thanks in advance for any hint.