Hi, after struggeling with setting up CIFS on FreeNAS, i think i finally found a solution that will work for me. In my scenario, i need users 1,2,3,4 and 5 to have their own personal network folders a,b,c,d, and e accessible, readable and writable only by each user alone.
First my configuration looked like this:
BIGDISK
-FOLDER a USER 1:1 drwxr-xr-x
-FOLDER b USER 2:2 drwxr-xr-x
-FOLDER c USER 3:3 drwxr-xr-x
-FOLDER d USER 4:4 drwxr-xr-x
-FOLDER e USER 5:5 drwxr-xr-x
Then i made a share for each of those folders.
...but then all users could see eachothers files, allthogh they didn't have write rights but i didn't want that!
So, i thought the solution was to set the folders rights to drwx------, which would mean exclusive access, read and write rights for each user to their own share.
How ever, i have a apache webserver set up in a jail that needed access to all folders a,b,c,d and e to serv these publicly and because apache need to be grant access with drwx---r-x, i couldn't find a way to keep each user to not beeing able to read other users folders!
Solution:
In each of the shares, i go edit, click advanced mode and add the following to "Auxiliary Parameters":
valid users = user
...where 'user' is the corresponding username who shall have exclusive access to this share!
Side note:
Because it seems strongly discouraged to modify the smb.conf file manually, this was the only "easy" solution i could find that seem to work. I guess the inbuilt zfsacl is supposed to do this thing of controlling access but i'm too much of a noob to understand it.
Any thoughts?
First my configuration looked like this:
BIGDISK
-FOLDER a USER 1:1 drwxr-xr-x
-FOLDER b USER 2:2 drwxr-xr-x
-FOLDER c USER 3:3 drwxr-xr-x
-FOLDER d USER 4:4 drwxr-xr-x
-FOLDER e USER 5:5 drwxr-xr-x
Then i made a share for each of those folders.
...but then all users could see eachothers files, allthogh they didn't have write rights but i didn't want that!
So, i thought the solution was to set the folders rights to drwx------, which would mean exclusive access, read and write rights for each user to their own share.
How ever, i have a apache webserver set up in a jail that needed access to all folders a,b,c,d and e to serv these publicly and because apache need to be grant access with drwx---r-x, i couldn't find a way to keep each user to not beeing able to read other users folders!
Solution:
In each of the shares, i go edit, click advanced mode and add the following to "Auxiliary Parameters":
valid users = user
...where 'user' is the corresponding username who shall have exclusive access to this share!
Side note:
Because it seems strongly discouraged to modify the smb.conf file manually, this was the only "easy" solution i could find that seem to work. I guess the inbuilt zfsacl is supposed to do this thing of controlling access but i'm too much of a noob to understand it.
Any thoughts?