NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Simple permissions solution for already secure environments:
I finally got around to actually doing something about the problem that I started this thread for:
viewtopic.php?f=23&t=47373
I didn't feel like talking to the Netgear ReadyNAS help desk (my problem). So I did a firmware upgrade & then did a factory reset on the Duo, after which I set up in Flex-RAID mode again, (as it suits my personal day to day usage) following this great how-to:
viewtopic.php?f=65&t=31062&p=170974#p170974
Below is what this thread is about, which is giving "guest" access full reign, & not having any "user" or "group" accounts:
I then did that most important thing that was pointed out to me in the first linked to thread here, & set up via the >SHARE LISTING Menu > both Share Names: "backup" & "media" via all of my chosen networking protocols - NFS & AFP >Advanced Options <tab> I made sure that the "Grant rename and delete privileges to non-owner of files" line was ticked. Again I'll restate - for both the "backup" & "media" Shares & check all network protocols that you use. The above by default is turned OFF for "backup" & "media".
I also made sure that AFP had "Allow guest access" ticked. So check "guest" access for the other network protocols too as it is critically important to this guide.
& that both NFS & AFP (& or any other network protocol that you are using) do have "Default Access: Read/Write" enabled. "Read/Write" is critical here.
It is important to remember that the above has to be done to BOTH shares - "backup" & "media". (Anyone would think that I missed one & had to do it all again - I didn't :) I can just see how very easy it is to do.)
I did not use any of the other options available in the tabs NFS, AFP or Advanced Options. Apart from ticking "Enable sync mode" in NFS, which is just my personal choice. Any such choices available in the other protocols are at the users discretion as they have no effect on the results re. file access that this post is about.
AND, I made NO accounts via the Menu >Security >User & Group Accounts. Not having any "user" or "group" accounts in combination with my other settings allows every "guest" unlimited read/write access to the Duo, which is what I want.
My system is a home system that is used only by me; though my wife occasionally watches a movie stored on the Duo, via the iMac in her office. I don't need to have sophisticated internal security (which quite frankly I couldn't be bothered learning about for the Duo). I have a Linux based IPCop firewall/router running 24/7 which has over more than a period of 2 years done a faultless job of protecting us from the outside world. :) Though a standard ADSL modem/router would do just as well.
So this is the simplest solution that I could come up with for my situation, I hope it is of some use to someone else who is in a similar situation. :)
viewtopic.php?f=23&t=47373
I didn't feel like talking to the Netgear ReadyNAS help desk (my problem). So I did a firmware upgrade & then did a factory reset on the Duo, after which I set up in Flex-RAID mode again, (as it suits my personal day to day usage) following this great how-to:
viewtopic.php?f=65&t=31062&p=170974#p170974
Below is what this thread is about, which is giving "guest" access full reign, & not having any "user" or "group" accounts:
I then did that most important thing that was pointed out to me in the first linked to thread here, & set up via the >SHARE LISTING Menu > both Share Names: "backup" & "media" via all of my chosen networking protocols - NFS & AFP >Advanced Options <tab> I made sure that the "Grant rename and delete privileges to non-owner of files" line was ticked. Again I'll restate - for both the "backup" & "media" Shares & check all network protocols that you use. The above by default is turned OFF for "backup" & "media".
I also made sure that AFP had "Allow guest access" ticked. So check "guest" access for the other network protocols too as it is critically important to this guide.
& that both NFS & AFP (& or any other network protocol that you are using) do have "Default Access: Read/Write" enabled. "Read/Write" is critical here.
It is important to remember that the above has to be done to BOTH shares - "backup" & "media". (Anyone would think that I missed one & had to do it all again - I didn't :) I can just see how very easy it is to do.)
I did not use any of the other options available in the tabs NFS, AFP or Advanced Options. Apart from ticking "Enable sync mode" in NFS, which is just my personal choice. Any such choices available in the other protocols are at the users discretion as they have no effect on the results re. file access that this post is about.
AND, I made NO accounts via the Menu >Security >User & Group Accounts. Not having any "user" or "group" accounts in combination with my other settings allows every "guest" unlimited read/write access to the Duo, which is what I want.
My system is a home system that is used only by me; though my wife occasionally watches a movie stored on the Duo, via the iMac in her office. I don't need to have sophisticated internal security (which quite frankly I couldn't be bothered learning about for the Duo). I have a Linux based IPCop firewall/router running 24/7 which has over more than a period of 2 years done a faultless job of protecting us from the outside world. :) Though a standard ADSL modem/router would do just as well.
So this is the simplest solution that I could come up with for my situation, I hope it is of some use to someone else who is in a similar situation. :)
2 Replies
Replies have been turned off for this discussion
- Now eight months down the track, I've had to move some data to my Duo, from a couple of different USB drives via OS/X. I really don't like the way that OS/X has "floating ownership" on these drives.
As you would have seen from my previous post, I'm certainly no master of permissions when it comes to multiple users/accounts.
Due to this transfer of data, some of the ownership/permissions on my Duo were messed up a bit. To solve this, what I did was go into Frontview-> Shares -> Share Listing -> (then select any one of the active network protocols) -> Advanced Options -> (with "nobody", "nogroup" & "read/write" set for each of the three options & the "Grant rename and delete privileges to non-owner of files." option ticked; then tick the following option (which is what this is all about):
"Set ownership and permission for existing files and folders in this share to the above settings. This option is useful in cases where you are changing security levels and need to workaround file access problems."
After that I could delete a directory & rename another, both of which had rebelled & stopped being under my control.
To those who "Know", the methods in this thread show my ignorance in this area. Though as mentioned in the previous post, due to the circumstances that the Duo is being used, I neither need, nor do I want, to spend the time to learn the complex multi-user management required to handle this situation "properly".
So far, so good. ;)
Yesterday I unlocked (not hard to do: viewtopic.php?f=7&t=56807&p=324672&sid=5d6c6b81b708cfcec4cd328530c2a3d1#p324672 ) the secrets of ssh access to the ReadyNAS system, this allowed me to do something quickly which is otherwise a pain.
Arch Linux is the primary system that I use, so I do know about "ownership" & "permission" on the Linux system from the perspective of "root" & "user account". So if need be via ssh I could go in & reset the "ownership/permissions" of "/backup" & "/media" in the Duo, but really with the workaround provided above in this post, there is no need to so. So I will leave well enough alone & only use ssh if I have to clean up the mess (I can see all of the OS/X hidden files in Linux :() that my rarely used OS/X makes on the Duo, or some other problem arises that for recovery makes using ssh essential. - For any Linux users that this may assist I'll mention that the times I will need to access the Duo from the OS/X side of my dual boot iMac were reduced further during my recent experiences (previous post) of using the OS/X system to access the two USB drives.
It is probably worth noting that different distros have their own ways of installing packages; some require more manual intervention than others. So it depends on the Linux distro being used as to how much user input is required to get a package functioning properly.
The first USB drive was formatted with the NTFS, by the time I had finished with it I had got around to setting up the Linux side to read/write to NTFS partitions. I ended up using ntfs-config, as if it works for you, it is the easiest solution. I added the /media/xdisk directory but ntfs-config edited /etc/fstab for me, adding the following (single) line (it probably would have created a /media/<directory name> all by itself too!):/dev/sdb1 /media/xdisk ntfs-3g defaults,rw,noauto,user,locale=en_AU.utf8 0 0
The second USB drive was formatted with HFS+. I created the /media/Movies directory, & made the HFS+ format, read/write, by adding the following line to the /etc/fstab. Note: the "rw,force" section, as this is what is required to make HFS+ writeable:/dev/sdb2 /media/Movies hfsplus rw,force 0 0
Then I had to edit /etc/rc.conf , adding "hfsplus" to the MODULES=() line, though this would only be done in Arch Linux (as its a bit different).
From what I have read on the Arch Linux forum, people are not having problems with HFS+ when they "force" it to be rw (though read only is the Linux standard for HFS+ at the time of writing).
Apparently the potential worst case scenario re. making HFS+ writeable at this stage is if your hardware is shutdown by a mains blackout or similar, whilst you are copying data across to an HFS+ partition. Under such circumstances data corruption is possible.
So I'll be careful in stormy weather. :)
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
