No permission

[himbrr]

Hi,

as advised I followed the tutorial from alexey.
I've created 4 users and 2 groups (winshare, windnld).
My samba settings:



I have 3 shares. One for the users. They will have access to all folders, not only their home (group winshare).
The second is for the download folder, only users of group windnld will have read and write access.
Last but not least we have a third folder. This stores all the media files, such as movies, music, pictures.
Group winshare should have access.


Here you see the settings of each share:





With Winscp I have changed the group of each folder.
winshare = home and media folders
windnld = download folder
Permissons for folders are 0666.
I know I have to change it to 0660 for the download folder. Will do this at the end.

At the network are only windows 7 pcs/laptops, but I can't access from any of them to any folder.
I tried all users. No access.

What went wrong by configuring the shares?

[alexey123]

What went wrong by configuring the shares?

Read second, third and forth post on forum
You can begin from forth post.
The trick is that the samba share is only one, no more, but with a symbolic name and a symbolic path. Users do not even know how many folders I created - they see only his folder.
This building I made for give access to my share for 7 users over ftp, smb, and web.
All users, which have access, can read and write into share, use share as Windows folder (but not delete files in most folders inside public). User folders have exactly the same structure for all protocols - no matter how they connect it looks the same.
Folder always mounted on desktop, and sometimes I even forget that it is not placed on the computer..

[himbrr]

No I don't want to have separated home directories.
All users have full access to the home dir.
In the home dir every user has a folder, but all users have access to all other folders.
I don't want to separate the access to only the users home.

The groups of the users:
user1= windnld,winshare
user2,user3,user4= winshare

Only user1 will have access to the download folder.

[alexey123]

In my case each user have full acces to each home folder.
But you need define groups equally, if user1 is member of windnld,winshare
user2,user3,user4= winshare need be members of windnld,winshare.
Another ---User 1 is not the same pack as the other, buiding not work.

Only user1 will have access to the download folder

What power does not give you the opportunity to place a folder inside your home directory for the user1 Are you root?

[himbrr]

I want to prohibit user2-4 to have access to the download folder.

What power does not give you the opportunity to place a folder inside your home directory for the user1 Are you root?

user1 = admin and has access to use the shell.
But he is not root. He also have no admin access to the webinterface.
Just he should have the permission to browse, read and write the download folder.

[alexey123]

I want to prohibit user2-4 to have access to the download folder.

If folder downloads will placed inside home folder for user1, any user with nologin shell can not view this folder.
They will not even guess at the existence of a folder downloads

What power does not give you the opportunity to place a folder inside your home directory for the user1 Are you root?

user1 = admin and has access to use the shell.
Just he should have the permission to browse, read and write the download folder.

Aaaaaaaa I understand now. Your name is user1.

But he is not root. He also have no admin access to the webinterface.

Your have access to webgui, which work over php(always root) and not root? You can format storage and not root?

[himbrr]

With webguiI log in via "admin".
I changed the groups of the users.
The primary group of all users is winshare.
I've added all users to group ftp and user1 is as well in group windnld.

No user have access to shell. All users can login at the user portal.
Is my samba configuration correct?

[alexey123]

With webguiI log in via "admin".
I changed the groups of the users.
The primary group of all users is winshare.
I've added all users to group ftp and user1 is as well in group windnld.

No user have access to shell. All users can login at the user portal.
Is my samba configuration correct?

user1:windnld, ftp
user2:windnld, ftp
user3:windnld, ftp

better view when your users have some names

Code: Select all

nas folder  |  nas user  |   Win7 user
-----------------------------------------
user1           user1       user1 
user2           user2       user2 
user3           user3       user3 

[himbrr]

nas usernames and windows usernames are different.
nas folder | nas user | Win7 user
---------------------------------------------------------------------------------
/mnt/Management/Benuter/user1 user1 differentname1
/mnt/Management/Benuter/user2 user2 differentname1
/mnt/Management/Benuter/user3 user3 differentname1
/mnt/Management/Benuter/user4 user3 differentname1

When I try to connect via windows, I have to login.
I type "user1" and his password, but I have no access.


users are in the requested groups.

[alexey123]

When I built it on Freenas7.2, I checked building with WinXP, Win98, ubuntu, Vista and Windows7. Now I not have Win7 and Vista, I kill Bill its , sorry., I can'not test.
I have only 3*XP, Win98 and Ubuntu, and they works on NAS4Free Lab (my signature).
Test ftp access - work or not work.. If work, may be replace protocol - I connect over NT1.

[himbrr]

FTP doesn't work. Only anonymous, but no user...
NT1 same... I change the owner of all folders back to root:wheel, like before.

[alexey123]

FTP doesn't work. Only anonymous, but no user...

If not working ftp, then what works? fan and power supply?
I do nothing with ftp server, only check Local users only, add maxlogin attempts to 5 and connections per ip to 10 and enable it.

[himbrr]

After resetting the folder permissions to root:wheel 777, I have anonymous access via SMB2.
Login via user didn't work
No authentication possible, all users have access to the download folder...

Now: when I log in via FTP I only can explore the users home dir. No other folders.. confusing...

If not working ftp, then what works? fan and power supply?

That is a good question... pyLoad autostart? and MiniDLNA

[lux]

@ himbrr

pls start from scatch with fresh N4f install! pyload & minidlna are not implemented 'out of the box'

so i assume you have decisively changed your System

start with fresh install and see how it works...!

[himbrr]

@lux
when i reinstall nas4free, what is with the data on my zfs raid?
Is this data safe on the disks??

[lux]

YES, absolutely!!!

do NOT delete any Pools via WebIf!! - if then any ZFS Metadata on your Disc's are gone!!

just add your Disc's in Managment in fresh installed N4f with 'Preformatted Filesystem' -> 'ZFS Storage pool device'

after that go to 'Discs' - 'ZFS' - 'Configuration' - 'Synchronize' - hit the 'Synchronize' Button - et voilá your Pool is up'n runnng...

btw. do NOT restore your old Config - if any trouble in there you will import this on your fresh System!

if all Services up'n running ( smb, ftp... and you have tested & work o.k. ) then you can install all your own stuff like pyload / minidlna / etc...

greetings

[alexey123]

Lux absolutely right!
himbrr, you need install fresh nas4free, and reconfigure it by hands.
Also for future experiments create VirtualBox mashine, which will copy of your server, exclude storage.
And important!
1. If you run full version - not install jail from wiki! This install work correctly with embedded instalation only
2. After 424 version, my google pages about php not valid! Also not valid any articles on internet about php on old Freenas or NAS4free, exclude daoyama blog about ounCloud, and VirtualBox + phpVirtualBox - need retest and rewrite all.

[himbrr]

1. If you run full version - not install jail from wiki! This install work correctly with embedded instalation only

How to create a jail with the full version? O.o
My jail-data is saved on the ZFS pool. I just would mount this to /jail and create the startup scripts.. so I haven't to reinstall the whole jail...
The jail is already working fine

2. After 424 version, my google pages about php not valid! Also not valid any articles on internet about php on old Freenas or NAS4free, exclude daoyama blog about ounCloud, and VirtualBox + phpVirtualBox - need retest and rewrite all.

I don't need VMs on my NAS. Just an comfortable UPNP Client with transcoding, MySQL, PHP, pyLoad, SSH and the Samba shares. Most of them are built in

[himbrr]

I started from scratch.
Windows shares are now working with authentication, but how to allow only one user to have access to the download folder?

[alexey123]

Code: Select all

mkdir <path_to_users>/user1/download

Only user1 have access to his download folder.

[himbrr]

This wont work...
Because all users have access to all shares.
e.g.
User1-4 have access to /mnt/data/homes/
/mnt/data/homes/ contain all shares for the users.
/mnt/data/homes/user1/
/mnt/data/homes/user2/
/mnt/data/homes/user3/
/mnt/data/homes/user4/

In this case user3 have access to /mnt/data/homes/user1/, /mnt/data/homes/user2/, etc
When I create a link to the download folder in user1 home, all users have access to this.
Current solution is only to mount the home and media folders on user2-3 pcs.
On user1 pc are all three folders mounted.

[alexey123]

User1-4 have access to /mnt/data/homes/

WHY?
I was say about buiding
user1 ----> home for it /mnt/data/homes/user1/
user2 -----> home for it /mnt/data/homes/user2/
etc

[himbrr]

No I said that the homes are not separated.
Just for home use, no separation needed.
Only the access for the download folder should be prohibited for the other users.

[alexey123]

Hmmmm.
What power against you use foldername homes instead public on my picture?

[himbrr]

What power against you use foldername homes instead public on my picture?

Yes this was the only solution.
I thought, samba can separate shares with different permissions.

Thank you for your help alexey123!