At the outset of this narrative, please allow me, as its author, to state that I intend no offense to the intelligence of its reader in my choice of its title, nor malice toward the creators of the FreeNAS software. I have sought in it only a catchy phrase that might attract the attention of poor souls, like-minded as me, who find themselves lost amidst the myriad of options and settings that the software presents to them. I, however, claim no expertise in the task of configuring the software: I learned by trial and error, and my knowledge is of necessity limited. My aim here in presenting a verbosely-detailed, single configuration example is to attempt to alleviate the dearth of real-world examples that exist in this forum and assist the reader who might otherwise wholly abandon the FreeNAS software in utter frustration after hours of tearing out their hair and/or enduring unnecessary blood, sweat, and tears. In all actuality, I really hate to see grown men (or women) cry. Engineers, after all, often are not the best of teachers (i.e., of information that often seems so apparent to themselves), and software engineers, in particular, are seldom well-versed in the art of human engineering.
I successfully set up a FreeNAS server in my home while providing its access to five family members. I created a single volume for a 1-TB mirrored disk array containing five datasets (so I might manage hard disk usage). The respective datasets, for the purpose of this post, I shall call A, B, C, D, and E. What I did was to allow users B, C, D, and E to have write, read, and delete permissions to their respective individual datasets only, while providing user A (administrator) write, read, and delete permissions to his/her own dataset as well as write, read, and delete permissions to the datasets of users B, C, D, and E. Let me describe to you how I did it.
I will not cover installation of the FreeNAS software, as this forum addresses that issue, more than adequately, elsewhere; I will only suggest that the reader install the latest, stable version of the software (as of the date of my writing this post), version 8.2 (works in 8.3 also). One, also, should be sure to access the FreeNAS GUI with a compatible browser. I wasted three days repeatedly installing, removing, and reinstalling the software before I realized that I could not configure version 8.2 using IE8 (the user manual even suggests that problems might manifest themselves using IE9). I downloaded Firefox (v. 14) and thereafter was able to configure the GUI without further delay.
I installed two 1-GB Samsung enterprise-grade hard drives in the hardware with which I intended to run FreeNAS. I FIRST EDITED MY SERVER'S BIOS TO ENABLE ACPI (VER. 3). I logged into the GUI and configured the basic password and network settings (covered elsewhere in this forum). I clicked on “Storage”—“View Disks” to verify that FreeNAS saw my drives. (At this point, the reader might want to use the “Wipe” utility on each disk they install if they previously used their disks in other hardware.) I then clicked on “Volume Manager,” selected member disks (using the ctrl key and mouse) and selected a file system type and encryption. I used ZFS (recommended), however, with no encryption, as I knew I would have more than ample space on the drives to store only documents. I named the volume and configured my disks into a mirrored (RAID 1) array. I clicked “Add Volume” to finish the process. When the volume appeared on the GUI page, I then clicked the “Create ZFS Dataset” button associated with the volume to create five datasets (one has to, thus, click the same button for each dataset one creates). I named my five datasets A, B, C, D, and E (I, in fact, used family members’ first names). I set compression to “off” and “Enable atime” to off (the latter, per my preference, for faster performance). (I did not set the quota and space parameters, but the reader may feel free to do so.) I then clicked the “Add Dataset” button for each dataset I created. I created an additional data set, which I titled “Common”; one to which all my family members might have write, read, and delete access (for sharing files amongst us). I, thus, created a single volume and six datasets within that volume.
I then clicked on “Account” (in the left-hand window pane)—“Users”—“Add User” and created five users, A, B, C, D, and E (again, using family member’s first names as usernames). In doing so I browsed to each of the five datasets associated with each user and allowed the configuration tool to create primary group IDs for each username (thus, I ended up with five users and five primary groups). I checked the boxes “read, write, and execute” for “user” and “group” only (I did not check the boxes for “other”) for each user, and I left the other configuration boxes either unchecked or empty. I did not change the shell settings or add e-mail addresses, but I inputted passwords for each user. (Note that the FreeNAS manual warns the reader to use the Windows logon name and its associated password for each (Windows) user as their user name and password when setting up these "Users" configurations, but see my comment about this matter below.) I clicked the “O.K.” button after I configured each user and double-checked my configuration work after I created my users.
I next went back to the “Storage” tab to configure my permissions. I clicked the “Change Permissions” tab for my volume and selected “nobody” for Owner (user) and “nogroup” for Owner (group). I checked all nine Mode (permission) boxes (“read,” “write,” and “execute” for “User,” “Group” and “Other”) and selected “Windows” for the ACL setting (as all users would be accessing the FreeNAS server via Windows computers). I left the “Set Permissions Recursively” box unchecked and clicked the “Change” button. I next configured the permissions for the six datasets. For user A, I clicked the “Change Permissions” tab for its dataset and selected “A” (actually the first name of that family member) for Owner (user) and “nogroup” for Owner (group). I checked the six Mode (permission) boxes for “user” and “group” only and left the “other” boxes unchecked, and selected “Windows” for the ACL setting. I left the “Set Permissions Recursively” box unchecked and clicked the “Change” button. For the datasets associated with users B, C, D, and E, I clicked the “Change Permissions” tab for individual datasets and selected “B, C, D, or E” (actually the first name of that family member) for Owner (user) and “A” (the administrator’s name) for Owner (group). I checked the six Mode (permission) boxes for “user” and “group” only and left the “other” boxes unchecked, and selected “Windows” for the ACL setting. I left the “Set Permissions Recursively” box unchecked and clicked the “Change” button. For the “Common” dataset, I clicked the “Change Permissions” tab for its dataset and selected “nobody” for Owner (user) and “nogroup” for Owner (group). I checked all nine Mode (permission) boxes and selected “Windows” for the ACL setting. I left the “Set Permissions Recursively” box unchecked and clicked the “Change” button. I double-checked my configuration work after I set permissions.
Lastly, I clicked the “Sharing” button in order to create shares. I clicked the “Windows (CIFS) option (since all users would be accessing the FreeNAS server with Windows computers) and added six Windows shares, one at a time, by clicking the “Add Windows (CIFS) Share” button with each share addition. I named each of the six shares (A, B, C, D, E, and Common) with family members’ names followed by the word “Files” (e.g., “Sam’s Files”). It is most important here to resist the temptation to give each share the same name (e.g. “Files” without family members’ name before it), otherwise you will confuse the software and end up with only one folder when you finish the configuration and look for the six folders you created. (Yes--I wasted another two hours trying to figure out why this situation happened to me.) I browsed to the dataset path of each user, clicked the “Browsable to Network Clients” box and left the other boxes blank or unchecked. I clicked the “O.K.” button for each share I created. I double-checked my work after I created all six shares. Note that, after you create your first share, a popup screen will ask you to turn on the CIFS service—do so. After I, thus, created my shares, I clicked on the “Services” button and, in the list on the page, clicked on the wrench icon associated with the CIFS “Core” button. I renamed the “Workgroup” using my Windows workgroup name, verified that “nobody” was listed under “Guest Account” and left the other settings unchanged. I clicked “O.K.” and exited the configuration screen. Note that I did not create a share for the volume itself—only for the datasets within the volume—doing so would have just resulted in having to click through an additional parent folder in the Windows Network Explorer window to access the six user folders once the configuration is completed.
I rebooted FreeNAS (via the GUI—reboot and/or shutdown here in order to avoid data corruption on your disks by a hard shutdown via the power button on your server hardware) and used the Windows Network Explorer to find access to the six storage dataset groups I had created. They appear as folders with titles such as “[family members’ name]’s Files on FreeNAS (FreeNAS).” If all is well, you should be able to (left) click on a respective folder and a popup window requesting user name and password should appear. Enter this information and you should have read, write, and delete access to the folder you own as well as the “Common” folder. The administrator (A) should have read, write, and delete access to all six folders. Note that once you enter a user name and password you do not need to enter this information again as long as you do not break the network connection (e.g., reboot your Windows computer). Although the FreeNAS user manual suggests that only the user whose name and password matches the logon name and password of the computer used to access a file folder can so access it, I did not find this situation to be the case—in other words, I found that I could access any user account on any Windows computer connected to my network so long as I inputted the correct user name and password in the popup window at the Windows Network Explorer. Beware, however, that if you input the wrong user name and password you must break the network connection (e.g., reboot) before you can reenter the correct one (i.e., there is no graceful way to logoff and back on to the server).
(Note: When I migrated my computer to Windows 8, I had to make sure my FreeNAS share setting's host name and/or network settings NetBIOS name conformed exactly to their respective name rules for allowed characters--i.e., no spaces in the name are allowed, otherwise the NAS's icon won't appear under your computer's network display. This issue, for some reason, did not manifest itself in Windows XP or Windows 7.)
I may have missed something in this write up—I hope not, but I apologize if I did. Perhaps a more-experienced user of the FreeNAS software can suggest a more elegant way of configuring the software than my example provides, but I was able to make the software do what I wanted it to do via its GUI configuration exclusively—no scripts or shell command line inputs necessary. I apologize for the length of this post, but I desired to make it as (once again, excuse the term) “idiot-proof” as possible in consideration of those individuals who believe as I that computers should serve to accomplish tasks extrinsic to their own value as objects of fascination in their own right. I still have much to learn about FreeNAS, nevertheless, and I am grateful to the more-experienced users in this forum who have ever so patiently nursed me along in my own learning process.
--Soli Deo gloria
I successfully set up a FreeNAS server in my home while providing its access to five family members. I created a single volume for a 1-TB mirrored disk array containing five datasets (so I might manage hard disk usage). The respective datasets, for the purpose of this post, I shall call A, B, C, D, and E. What I did was to allow users B, C, D, and E to have write, read, and delete permissions to their respective individual datasets only, while providing user A (administrator) write, read, and delete permissions to his/her own dataset as well as write, read, and delete permissions to the datasets of users B, C, D, and E. Let me describe to you how I did it.
I will not cover installation of the FreeNAS software, as this forum addresses that issue, more than adequately, elsewhere; I will only suggest that the reader install the latest, stable version of the software (as of the date of my writing this post), version 8.2 (works in 8.3 also). One, also, should be sure to access the FreeNAS GUI with a compatible browser. I wasted three days repeatedly installing, removing, and reinstalling the software before I realized that I could not configure version 8.2 using IE8 (the user manual even suggests that problems might manifest themselves using IE9). I downloaded Firefox (v. 14) and thereafter was able to configure the GUI without further delay.
I installed two 1-GB Samsung enterprise-grade hard drives in the hardware with which I intended to run FreeNAS. I FIRST EDITED MY SERVER'S BIOS TO ENABLE ACPI (VER. 3). I logged into the GUI and configured the basic password and network settings (covered elsewhere in this forum). I clicked on “Storage”—“View Disks” to verify that FreeNAS saw my drives. (At this point, the reader might want to use the “Wipe” utility on each disk they install if they previously used their disks in other hardware.) I then clicked on “Volume Manager,” selected member disks (using the ctrl key and mouse) and selected a file system type and encryption. I used ZFS (recommended), however, with no encryption, as I knew I would have more than ample space on the drives to store only documents. I named the volume and configured my disks into a mirrored (RAID 1) array. I clicked “Add Volume” to finish the process. When the volume appeared on the GUI page, I then clicked the “Create ZFS Dataset” button associated with the volume to create five datasets (one has to, thus, click the same button for each dataset one creates). I named my five datasets A, B, C, D, and E (I, in fact, used family members’ first names). I set compression to “off” and “Enable atime” to off (the latter, per my preference, for faster performance). (I did not set the quota and space parameters, but the reader may feel free to do so.) I then clicked the “Add Dataset” button for each dataset I created. I created an additional data set, which I titled “Common”; one to which all my family members might have write, read, and delete access (for sharing files amongst us). I, thus, created a single volume and six datasets within that volume.
I then clicked on “Account” (in the left-hand window pane)—“Users”—“Add User” and created five users, A, B, C, D, and E (again, using family member’s first names as usernames). In doing so I browsed to each of the five datasets associated with each user and allowed the configuration tool to create primary group IDs for each username (thus, I ended up with five users and five primary groups). I checked the boxes “read, write, and execute” for “user” and “group” only (I did not check the boxes for “other”) for each user, and I left the other configuration boxes either unchecked or empty. I did not change the shell settings or add e-mail addresses, but I inputted passwords for each user. (Note that the FreeNAS manual warns the reader to use the Windows logon name and its associated password for each (Windows) user as their user name and password when setting up these "Users" configurations, but see my comment about this matter below.) I clicked the “O.K.” button after I configured each user and double-checked my configuration work after I created my users.
I next went back to the “Storage” tab to configure my permissions. I clicked the “Change Permissions” tab for my volume and selected “nobody” for Owner (user) and “nogroup” for Owner (group). I checked all nine Mode (permission) boxes (“read,” “write,” and “execute” for “User,” “Group” and “Other”) and selected “Windows” for the ACL setting (as all users would be accessing the FreeNAS server via Windows computers). I left the “Set Permissions Recursively” box unchecked and clicked the “Change” button. I next configured the permissions for the six datasets. For user A, I clicked the “Change Permissions” tab for its dataset and selected “A” (actually the first name of that family member) for Owner (user) and “nogroup” for Owner (group). I checked the six Mode (permission) boxes for “user” and “group” only and left the “other” boxes unchecked, and selected “Windows” for the ACL setting. I left the “Set Permissions Recursively” box unchecked and clicked the “Change” button. For the datasets associated with users B, C, D, and E, I clicked the “Change Permissions” tab for individual datasets and selected “B, C, D, or E” (actually the first name of that family member) for Owner (user) and “A” (the administrator’s name) for Owner (group). I checked the six Mode (permission) boxes for “user” and “group” only and left the “other” boxes unchecked, and selected “Windows” for the ACL setting. I left the “Set Permissions Recursively” box unchecked and clicked the “Change” button. For the “Common” dataset, I clicked the “Change Permissions” tab for its dataset and selected “nobody” for Owner (user) and “nogroup” for Owner (group). I checked all nine Mode (permission) boxes and selected “Windows” for the ACL setting. I left the “Set Permissions Recursively” box unchecked and clicked the “Change” button. I double-checked my configuration work after I set permissions.
Lastly, I clicked the “Sharing” button in order to create shares. I clicked the “Windows (CIFS) option (since all users would be accessing the FreeNAS server with Windows computers) and added six Windows shares, one at a time, by clicking the “Add Windows (CIFS) Share” button with each share addition. I named each of the six shares (A, B, C, D, E, and Common) with family members’ names followed by the word “Files” (e.g., “Sam’s Files”). It is most important here to resist the temptation to give each share the same name (e.g. “Files” without family members’ name before it), otherwise you will confuse the software and end up with only one folder when you finish the configuration and look for the six folders you created. (Yes--I wasted another two hours trying to figure out why this situation happened to me.) I browsed to the dataset path of each user, clicked the “Browsable to Network Clients” box and left the other boxes blank or unchecked. I clicked the “O.K.” button for each share I created. I double-checked my work after I created all six shares. Note that, after you create your first share, a popup screen will ask you to turn on the CIFS service—do so. After I, thus, created my shares, I clicked on the “Services” button and, in the list on the page, clicked on the wrench icon associated with the CIFS “Core” button. I renamed the “Workgroup” using my Windows workgroup name, verified that “nobody” was listed under “Guest Account” and left the other settings unchanged. I clicked “O.K.” and exited the configuration screen. Note that I did not create a share for the volume itself—only for the datasets within the volume—doing so would have just resulted in having to click through an additional parent folder in the Windows Network Explorer window to access the six user folders once the configuration is completed.
I rebooted FreeNAS (via the GUI—reboot and/or shutdown here in order to avoid data corruption on your disks by a hard shutdown via the power button on your server hardware) and used the Windows Network Explorer to find access to the six storage dataset groups I had created. They appear as folders with titles such as “[family members’ name]’s Files on FreeNAS (FreeNAS).” If all is well, you should be able to (left) click on a respective folder and a popup window requesting user name and password should appear. Enter this information and you should have read, write, and delete access to the folder you own as well as the “Common” folder. The administrator (A) should have read, write, and delete access to all six folders. Note that once you enter a user name and password you do not need to enter this information again as long as you do not break the network connection (e.g., reboot your Windows computer). Although the FreeNAS user manual suggests that only the user whose name and password matches the logon name and password of the computer used to access a file folder can so access it, I did not find this situation to be the case—in other words, I found that I could access any user account on any Windows computer connected to my network so long as I inputted the correct user name and password in the popup window at the Windows Network Explorer. Beware, however, that if you input the wrong user name and password you must break the network connection (e.g., reboot) before you can reenter the correct one (i.e., there is no graceful way to logoff and back on to the server).
(Note: When I migrated my computer to Windows 8, I had to make sure my FreeNAS share setting's host name and/or network settings NetBIOS name conformed exactly to their respective name rules for allowed characters--i.e., no spaces in the name are allowed, otherwise the NAS's icon won't appear under your computer's network display. This issue, for some reason, did not manifest itself in Windows XP or Windows 7.)
I may have missed something in this write up—I hope not, but I apologize if I did. Perhaps a more-experienced user of the FreeNAS software can suggest a more elegant way of configuring the software than my example provides, but I was able to make the software do what I wanted it to do via its GUI configuration exclusively—no scripts or shell command line inputs necessary. I apologize for the length of this post, but I desired to make it as (once again, excuse the term) “idiot-proof” as possible in consideration of those individuals who believe as I that computers should serve to accomplish tasks extrinsic to their own value as objects of fascination in their own right. I still have much to learn about FreeNAS, nevertheless, and I am grateful to the more-experienced users in this forum who have ever so patiently nursed me along in my own learning process.
--Soli Deo gloria