ui and cifs

Added by Gabriel Latour over 4 years ago

Hi,

I am new to nexentastor so I have 2 newbie questions.

1- Why is the default webpage not secured? I mean, when I browse https://xxx.xxx.xxx.xxx:2000, anybody can view a lot about the system.

2- Is there any way to share a folder with CIFS and have 2 different windows users browse, create folder and files and delete them in the same shared folder (public). From what I saw, the shares are per user.

Thank you,

Gabriel Latour


Replies

RE: ui and cifs - Added by Ryan W over 4 years ago

Gabriel Latour wrote:

Hi,

I am new to nexentastor so I have 2 newbie questions.

1- Why is the default webpage not secured? I mean, when I browse https://xxx.xxx.xxx.xxx:2000, anybody can view a lot about the system.

I wondered too. Never gave it much more thought though.

2- Is there any way to share a folder with CIFS and have 2 different windows users browse, create folder and files and delete them in the same shared folder (public). From what I saw, the shares are per user.

Of Course you can. Add users to the SAN and then add the appropriate ACL's to the share.

Thank you,

Gabriel Latour

RE: ui and cifs - Added by Gabriel Latour over 4 years ago

Hi Ryan,

Thank you for the reply.

By "add the appropriate ACL's to the share", what do you mean exactly?

I created 2 users, I created a group, I added the 2 users to that group.

I then created a shared folder and added all rights to the group I just created.

When one user creates a folder, the other user cannot browse into that folder. It seems like the permissions on that new folder are exclusively associated to the owner (creator) of the folder.

Thank you,

Gabriel

RE: ui and cifs - Added by Ryan W over 4 years ago

Right. That has to do with file/directory ACL inheritance. I can't elaborate at the moment. (typing on phone)

RE: ui and cifs - Added by Gabriel Latour over 4 years ago

Hi Ryan,

Can you develop a bit on that topic? I tried a couple of combination with the "ACL Mode" and "ACL Inheritance" settings but could not get things working..

Thank you,

Gabriel

RE: ui and cifs - Added by Gabriel Latour over 4 years ago

OK I think I have something but I need someone to double-check the settings:

My group needs these addtionnals settings:

-Inherit to all newly created files in a directory -Inherit to all newly created directories in a directory

and the share settings are:

-ACL Mode: groupmask -ACL Inheritance: passtrought

That way, users that are member of the group can add, delete and browse any files and directories they create.

Is that makes any sense?

Gabriel

RE: ui and cifs - Added by Ryan W over 4 years ago

You may also need to remove the deny write_acl flag from the "everyone@" ACL too. Otherwise it may not let your users write out the inherited ACLs.

RE: ui and cifs - Added by Gabriel Latour over 4 years ago

How can I remove the right of everyone@?

I found how to protect the UI: preference -> Readaccessrequired

Gabriel

RE: ui and cifs - Added by Ryan W over 4 years ago

Adding the right to write ACL's and then removing it again should remove it from the user but not add it back into the deny section.

I'm still trying to totally wrap my head around the default ACL's as they are from the get go. Denying write_acl for 'everyone@' makes no sense if you want to have inheritable ACL's. Though I suppose if the GUI let you move the users/groups above the everyone@ deny ACL it would work well that way too.

RE: ui and cifs - Added by Gabriel Latour over 4 years ago

The only thing I would like to be able to do is to remove the right to read and list to everyone so when someone connect to a CIFS share and he is not member of the right group, he is not able too see the files.

Gabriel

RE: ui and cifs - Added by Pavel Strashkin over 4 years ago

Hi all,

By default anonymous access is enabled and everybody can see any information (but not change!!!). If you want disable anonymous access you should go to Settings/Preferences and set Read access required to Yes.

RE: ui and cifs - Added by Gabriel Latour over 4 years ago

Hi Ryan,

Did you had time to figure out how to fix the ACL? I feel Nexenta needs to work on tha ACL part. I am trying to make a simple share and I am not able to do so. Same thing for the FTP server, I tried to share a simple folder and I get permission denied.

Help.

Gabriel

RE: ui and cifs - Added by Ryan W over 4 years ago

Gabriel Latour wrote:

Hi Ryan,

Did you had time to figure out how to fix the ACL? I feel Nexenta needs to work on tha ACL part. I am trying to make a simple share and I am not able to do so. Same thing for the FTP server, I tried to share a simple folder and I get permission denied.

Help.

Gabriel

I've had family in town so I haven't played more with ACL's. Nexenta uses the same ACL's as OpenSolaris so I'm sure if you choose to google for info on OpenSolaris ACL's you'll get better information than I can provide you.

RE: ui and cifs - Added by Gabriel Latour over 4 years ago

OK I think I found my answers. I enabled the export mode. I delete all the default ACL entries and I only gave the I wanted the right permissions. It work like a charm now. Here is an example of the permissions:

nmc@office-var-nas:/$ ls -v mirroir/
total 12 d---------+ 2 root root 2 Apr 19 13:58 administration 0:group:administration:listdirectory/readdata/addfile/writedata /addsubdirectory/appenddata/writexattr/execute/deletechild /writeattributes/delete/writeacl/writeowner:fileinherit /dir_inherit:allow 1:everyone@::allow 2:group@::allow 3:owner@::allow

Gabriel

Content-Type: text/html; charset=utf-8 Set-Cookie: _redmine_session=BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%3D%3D--cebfb08d300a85bd88dafd1422210ebe7c9a5873; path=/; HttpOnly Status: 500 Internal Server Error X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.0.3 ETag: "5a1ccf66ed5e52c4fd1aa16ecd85da55" X-Runtime: 678ms Content-Length: 16501 Cache-Control: private, max-age=0, must-revalidate redMine 500 error

Internal error

An error occurred on the page you were trying to access.
If you continue to experience problems please contact your redMine administrator for assistance.

Back