Issues with user permissions and dot file

[Angelos Pitsos]

Hi all,

I need your help on something that has to do with user permissions. In addition I have issues with some "dot files" that appeared on each user's home directory. I will try to make it as clear as possible.

Let's see first a schematic draft:

I need FTP accounts for a few users, that will be controlled by another user (let's call him administrator). Let's suppose that someone of the company (administrator) wants to use this storage for exchanging large files with other people outside company (collaborators). Let's call them just users.

• The administrator needs to have r/w access to all folders
• Users should have r/w access to their folders only and probably to a common one
• Users, considering they all are different collaborators, should not be able to "read" directories of other users and the company's root directory
• We need to have access via FTP and CIFS (Windows)

What I have done:

1. I have setup a ZFS Dataset.
2. I have created a group called "company" (probably "company" is not the real name).
3. I have created the administrator and assigned him as "home directory" the company's root directory. There it was created automatically a directory with his username containing 8 "dot files" (.cshrc / .login / .login_conf / .mail_aliases / .mailrc / .profile / .rhosts / .shrc).
4. I connected via FTP using the above "administrator" and created directories for each of the user.
5. I have created each of the three users and assigned him the relevant directory as home. Each user belongs to the same group (mentioned on #2).
6. I did nothing regarding the common directory yet, as I am facing serious issues with their privileges until here.

The problems I have:

1. Each user can navigate himself at levels above his home directory! Thus he is able to "see" contents of the other directories.
2. Each user can have access to any (!) directory. Even on the other user's directories.
3. The "dot files" mentioned above are annoy for the users and most probably they shouldn't be able to see them.

What I tried to do in order to solve the problem:

1. I tried to create the user and assign him on a different group but giving as home directory the same one (company/user1). Nothing changed! He still can have access to other directories.
2. Regarding the "dot files" I spent hours searching and following solutions offered from the forums, but with no luck. I read carefully the following threads:
   • http://forums.freenas.org/index.php?threads/odd-files-in-my-media-folder.1541/
   • http://forums.freenas.org/index.php?threads/cifs-share-question.11138/
   • http://forums.freenas.org/index.php?threads/hide-dot-files-on-cifs-share.13760/

I am really stuck with all these. I would really appreciate any help.
Thanks a lot in advance for your attention and your time!
Angel

 

[FlyingPersian]

So first off, this is the wrong subforum. This is for How-To Guides only.

I would have approached this differently than you did:

1. Create a dataset with the FreeNAS WebGUI for each user and the common folder.

2. Create the users with their username as respective group (--> Check "Create a new primary group for the user:" when creating the users)
Home dir: /mnt/Datasetname/user1 etc

3. Create a common group such as "company" as you mentioned; make every user member of this group

4. If not yet done enable SSH under Services in the FreeNAS WebGUI

5. login as root, go to /mnt/Datasetname by typing "cd /mnt/Datasetname" and do the following:

chown -R user1:admin user1/
chown -R user2:admin user2/

This basically changes the owner of the folder "user1" to the user "user1" and the group "admin" (admin = your adminuser's group)
Do this for every user and his folder respectivelyn (not the common folder yet)

chmod -R 770 admin/ user1/ user2/ user3/ user4/ user5/ commonfolder/

This gives read/write/execute writes to the the groupowner and userowner of the respective folder. Meaning only admin and the group admin can access the folder admin, only user1 and the group admin can access the folder user1 etc

6. I wouldn't use FTP if I were you cuz FTP is unsecure; I'd rather use SFTP (SSH FTP)

7. Assuming you are on Windows go ahead and create Windows Shares (CIFS) in the FreeNAS WebGUI under Sharing.
7.1 Give the share a name (User1's Stuff e.g.)
7.2 Browse tot he respective folder (/mnt/Datasetname/user1)
7.3 Check "Inherit Permissions", "Inherit Owner"
7.4 For the common folder you can either check "Allow Guest Access" which means anyone in your network can enter that folder without having to log in. If you want to limit it to the users you created (other ppl in the network who shouldn't have any access to the NAS at all??) do this in SSH:
chown -R admin:company /mnt/Datasetname/Commonfolder

This will give your group company ownership to the folder "common" and thus all it's users. Do check "Allow Guest Access" when creating the CIFS share then.


I hope I didn't miss anything. Let me know if it doesn't work

edit: Regarding the dot files, just leave it as it is.

 

[pirateghost]

Moved at request of OP. Please heed the rules of the how-to forum section.

Sent from my Nexus 5

 

[Angelos Pitsos]

Thank you very much! I appreciate it.

 

[FlyingPersian]

You're welcome. Did you get it to work?

 

[Angelos Pitsos]

Hi FlyingPersian,

Unfortunately I didn't try it yet. I was very busy and I will try it tomorrow. I will let you know of course!


Kind regards,
Angelos Pitsos