How To: Private group folder, private user folder, common folder.

Status
Not open for further replies.
Joined
Feb 26, 2013
Messages
1
Hello everyone, I've created a lab to test FreeNAS 8.3 and I want to share what I could learn already about permissions.
If there's something wrong, please, correct me.

SCENARIO (fake one) :)
In my network there's just Windows stations, so I choose CIFS protocol for sharing.
In my company we have some departments, they are:
- Directors (board of Directors);
- Engineers;
- Financial;
- Purchases;
- IT.

The points are
- Every department needs it's own share folder, with their own access to rwx;
- Every user need it's own share folder, with its own access to rwx;
- The board of directors must have access to rwx in any folder;
- Must share a common share folder, where anyone can rwx.


PART 1 - GROUPS/USERS
First, lets create the groups (departments) and users (employees).
- All users will have his 'Home Directory' configured to /nonexistent (so, 'Home Directory Mode' will be useless).
- Use some hard passwords :p

GROUP - USERS
directors - director1,director2
engineers - engineer1,engineer2,director1,director2
financials - financial1,director1,director2
purchases - purchase1,director1,director2
it - jonatas.baldin,director1,director2

PS: The directors in all groups looks like something terrible to configure, but in the GUI is easy, just select all of them and "drag'n'drop" to the group.


PART 2 - VOLUMES/DATASETS
I've created a ZFS volume, named volume1, using two disks in mirroring, with out any special configuration (like compression or dedup).
In the permissions of the master volume, I set up:
Owner (user): nobody
Owner (group): nogroup
Mode: all the nine boxes checked.


In this volume, I created these datasets with these permissions for the departments:
- directors - user: director1; group: directors; mode: the owner/group 6 boxes checked;
- engineers - user: engineer1; group: engineers; mode: the owner/group 6 boxes checked;
- financials - user: financial1; group: financials; mode: the owner/group 6 boxes checked;
- purchases - user: purchase1; group: purchases; mode: the owner/group 6 boxes checked;
- it - user: jonatas.baldin1; group: it; mode: the owner/group 6 boxes checked;

For each personal share I had to create another share. I'll put here just one example, for each dataset I had to change the Owner (user):
- director1-personal - user: director1; group: nogroup; mode: the owner 3 boxes checked, only.

For the common share I created this:
- common - user: nobody; group: nogroup; mode: all 9 boxes checked.


PART 3 - CIFS
I created one share configuration for each dataset.
There's no secret here, it goes equal to every share (but the common share). Example:
- directors - name: directors, path: /mnt/volume1/directors; and mark the boxes that is usefull (just read the FreeNAS User Guide, there's a lot of stuff there).
- director1-personal - name: director1-persional; path: /mnt/volume1/director1-personal; ...
- common - name: common; path: /mnt/volume1/common; Allow Guest Access and Only Allow Guest Access checked;


PART 4 - SERVICE CIFS
In the service CIFS configuration there are some details to adjust, but isn't a big deal. Just make sure that the Guest Account is defined to nobody.


And so...
Now:
- All departments have their own place to share data;
- All users have their own place to store their particular files,
- All users can share files with other departments using the common folder;
- The board of Directors can see everything in the departments share (take care!).


I guess this mini article can help someone! Any doubts just post here, I (and the communite) will try to help out.

Bye!
 

zoey

Cadet
Joined
Jul 4, 2013
Messages
2
hi, good day.
thank you for your guide.
i am trying to follow your guide but seem to be stuck with part 2: personal share.
i'm not able to follow how personal share is created.
 

apul

Cadet
Joined
Aug 6, 2013
Messages
2
nice share jon, maybe you could share some picture/screenshot to make it easy for newbie
 

ECCfrenaslover

Explorer
Joined
Dec 27, 2013
Messages
89
x3 what apul said
 

Arka

Dabbler
Joined
Jan 25, 2014
Messages
19
Good job dude but I have few questions:
- In PART1, why did you use /nonexistent for "Home Directory" ?
- In PART2, why Owner (user): nobody (?); Owner (group): nogroup (?); Mode: all the nine boxes checked (<-- Even for "Other" ??? o_O )
And finally, in PART2, why did you use the "nogroup" group instead of the owner's group for personal shares ?
Thx.
 

rucko24

Cadet
Joined
Aug 30, 2014
Messages
3
thanks bro, esto me ha servido de mucho. ;);) tested 8.3.0 la version 9.x.x no me da los permisos en las carpetas correctamente
 

ECCfrenaslover

Explorer
Joined
Dec 27, 2013
Messages
89
Good job dude but I have few questions:
- In PART1, why did you use /nonexistent for "Home Directory" ?
- In PART2, why Owner (user): nobody (?); Owner (group): nogroup (?); Mode: all the nine boxes checked (<-- Even for "Other" ??? o_O )
And finally, in PART2, why did you use the "nogroup" group instead of the owner's group for personal shares ?
Thx.


This is the part that confuses/intrigues me. Hope we hear back from him
 

DVitoD

Explorer
Joined
Dec 13, 2014
Messages
78
Good job dude but I have few questions:
- In PART1, why did you use /nonexistent for "Home Directory" ?
- In PART2, why Owner (user): nobody (?); Owner (group): nogroup (?); Mode: all the nine boxes checked (<-- Even for "Other" ??? o_O )
And finally, in PART2, why did you use the "nogroup" group instead of the owner's group for personal shares ?
Thx.

Like others, that is what I am wondering for a week now too. The official manual doesn't say anything about it, and the 1001 tutorials uncle Google gave me also 'just do' the above (probably one is typing over from the other) yet don't explain why:(
 

Addam

Cadet
Joined
Nov 17, 2014
Messages
3
Thank you so much for sharing the practice. It works fine on my system 9.2.1.8, simple and doable, great!
 

serch826

Explorer
Joined
Dec 24, 2014
Messages
64
thanks!
 

flyinfitz1

Explorer
Joined
Mar 29, 2013
Messages
91
Bump for the questions.
 
Status
Not open for further replies.
Top