NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Help A Beginner to Restrict Share Write/Delete/Rename
I'm a beginner to unix, but this all seems way more complicated than it needs to be.
Someone should explain/guide newbies through the most common type of security settings.
PLEASE HELP! And THANK YOU VERY MUCH!
All my data folders are contained within the "media" share.
I backup my old ReadyNAS Duo to alternately external disks weekly, way more than necessary for the non-dynamic nature of my NAS data.
I haven't figured out a use for the "backup" share and so don't use it. I do have the "recycle bin" feature active on my media share.
I have a UPS that says I am good to about 65 minutes. I have tested it for auto-shutdown at 90% and it seemed to work okay.
But shutdown within about two minutes. I'm going to try that set at 40% and plug it back in before it shuts down this time.
I have a few office documents and all, but mainly I want to be able to store and play pictures, video clips from cameras, and maybe a little music.
The DLNA service seems to run most of the time successfully to Samsung Galaxy phones with BubbleUPnP, and to iPad using 8Player.
Even though I have the "Automatically Update Database" checked under Streaming Services,
it seems like I have to run the "Rescan media files" button way more often than necessary.
Although that may be because I keep messing around with the share permissions...????
Anyway, my wife and I log on to our PC's (an XP and a WIN 7) with unique user IDs and passwords.
I'm hoping the ReadyNAS uses those IDs, and we both belong to the default "users" group.
I want to be able to have anyone on my local network (wired or wifi) be able to READ ONLY through DLNA to view or stream to their iPad or Smartphone.
I further want ONLY the two Unique User IDs in the "users" group to be able to add/delete/rename all the folders and files within the "media" share.
This seems to me a very simple and normal setup.
Please someone, explain to me how to do it.
Under the media share setup, I see CIFS, NFS, APF, HTTP/S, Rsync. Also, drilling down there is Advance Options.
It seems reasonable to me, that I would want most defaults set to ReadOnly, then allow WRITE enabled groups to be "users".
OR maybe WRITE enable users to be our two specific user IDS.
Further, it seems I would to check the box by: "Automatically set permissions on new files and folders." Correct?
For the both the files and the folders, wouldn't I want to set only the "Group Rights" to Read/Write and the "Everyone Rights" to ReadOnly?
Lastly, do I have to use the Advanced Options every time after I "apply" the changes to CIFS/NFS/APF/etc ?
Is this the way to complete that screen? I recognize the "caution" word, but what are the implications and where would I learn about that?
The following options are provided to override the default settings for shares and should be used with caution.
Share folder owner: admin
Share folder group: users <<<<<<<<<<<<<<<< this was also "admin"
Share folder owner rights: Read/Write
Share folder group rights: Read/Write
Share folder everyone rights: ReadOnly
Then, when/why to check these two choices?
? Set ownership and permission for existing files and folders in this share to the above settings.
This option is useful in cases where you are changing security levels and need to workaround file access problems.
? Grant rename and delete privileges to non-owner of files.
All this stuff is confusing to me because I'm not sure of the definition/context of exactly what those words mean.
Further it's confusing to me that I seem to be able to open WORD and EXCEL documents and use SaveAs to a create a copy.
And even directly copy/paste/delete. I just tried that. Of course, those are in a folder I created.
Within the Pictures folder, which may have been pre-existing with my media share, I am not allowed to rename a .jpg file.
What's the explanation of that?
Oh so many questions...
But, I could help myself and save tons and tons of trial and error, with just a little guidance.
Because my security requirements seems so simple, I haven't created additional shares for different types of files.
I have only a few folders within media to contain various types of files, like "Pictures" (where small camera video clips reside also),
TurboTax backups from the PCs, a MyDocumentsForMe, and a MyDocumentsForMyWife.
It seems like the permissions should somehow casade down from the share level to the folder level to the file level.
Again, THANKS A TON!!!
Thanks a TON!
Someone should explain/guide newbies through the most common type of security settings.
PLEASE HELP! And THANK YOU VERY MUCH!
All my data folders are contained within the "media" share.
I backup my old ReadyNAS Duo to alternately external disks weekly, way more than necessary for the non-dynamic nature of my NAS data.
I haven't figured out a use for the "backup" share and so don't use it. I do have the "recycle bin" feature active on my media share.
I have a UPS that says I am good to about 65 minutes. I have tested it for auto-shutdown at 90% and it seemed to work okay.
But shutdown within about two minutes. I'm going to try that set at 40% and plug it back in before it shuts down this time.
I have a few office documents and all, but mainly I want to be able to store and play pictures, video clips from cameras, and maybe a little music.
The DLNA service seems to run most of the time successfully to Samsung Galaxy phones with BubbleUPnP, and to iPad using 8Player.
Even though I have the "Automatically Update Database" checked under Streaming Services,
it seems like I have to run the "Rescan media files" button way more often than necessary.
Although that may be because I keep messing around with the share permissions...????
Anyway, my wife and I log on to our PC's (an XP and a WIN 7) with unique user IDs and passwords.
I'm hoping the ReadyNAS uses those IDs, and we both belong to the default "users" group.
I want to be able to have anyone on my local network (wired or wifi) be able to READ ONLY through DLNA to view or stream to their iPad or Smartphone.
I further want ONLY the two Unique User IDs in the "users" group to be able to add/delete/rename all the folders and files within the "media" share.
This seems to me a very simple and normal setup.
Please someone, explain to me how to do it.
Under the media share setup, I see CIFS, NFS, APF, HTTP/S, Rsync. Also, drilling down there is Advance Options.
It seems reasonable to me, that I would want most defaults set to ReadOnly, then allow WRITE enabled groups to be "users".
OR maybe WRITE enable users to be our two specific user IDS.
Further, it seems I would to check the box by: "Automatically set permissions on new files and folders." Correct?
For the both the files and the folders, wouldn't I want to set only the "Group Rights" to Read/Write and the "Everyone Rights" to ReadOnly?
Lastly, do I have to use the Advanced Options every time after I "apply" the changes to CIFS/NFS/APF/etc ?
Is this the way to complete that screen? I recognize the "caution" word, but what are the implications and where would I learn about that?
The following options are provided to override the default settings for shares and should be used with caution.
Share folder owner: admin
Share folder group: users <<<<<<<<<<<<<<<< this was also "admin"
Share folder owner rights: Read/Write
Share folder group rights: Read/Write
Share folder everyone rights: ReadOnly
Then, when/why to check these two choices?
? Set ownership and permission for existing files and folders in this share to the above settings.
This option is useful in cases where you are changing security levels and need to workaround file access problems.
? Grant rename and delete privileges to non-owner of files.
All this stuff is confusing to me because I'm not sure of the definition/context of exactly what those words mean.
Further it's confusing to me that I seem to be able to open WORD and EXCEL documents and use SaveAs to a create a copy.
And even directly copy/paste/delete. I just tried that. Of course, those are in a folder I created.
Within the Pictures folder, which may have been pre-existing with my media share, I am not allowed to rename a .jpg file.
What's the explanation of that?
Oh so many questions...
But, I could help myself and save tons and tons of trial and error, with just a little guidance.
Because my security requirements seems so simple, I haven't created additional shares for different types of files.
I have only a few folders within media to contain various types of files, like "Pictures" (where small camera video clips reside also),
TurboTax backups from the PCs, a MyDocumentsForMe, and a MyDocumentsForMyWife.
It seems like the permissions should somehow casade down from the share level to the folder level to the file level.
Again, THANKS A TON!!!
Thanks a TON!
2 Replies
Replies have been turned off for this discussion
- Hi Bob,
I'm a Duo owner. I'm posting this reply based on my limited experience and vague memory. So my answer / understanding may be wrong. However, my 2 DUOs have been running smoothly for a number of years (one as a primary shared NAS and the other as a non-shared backup to the primary).
From memory, I seem to recall that the MEDIA share on the DUO is a special case. It is an open / unrestricted share that grants all users and devices (media players) read access. It is inteded as a "public" folder for streaming / serving media(photos, music, video). It is also where torrent files are saved when downloaded. I think write access is limited to ADMIN and / or ADMIN GROUP.
You should use the DATA share or another newly created share for storing your other files (non-media) as you can fully manage / control access to these shares. There is also the option to allow the creation of a HOME share for each user, which is a private space available only to that user. I think the user can choose to share files / folders with others on a case by case basis (I don't use HOME shares on my DUO).
The BACKUP share is intended as the target for backup software to enable backing up your other computers / devices to the NAS. This share shouldn't be accessed routinely by users and shouldn't be used to share files with other users. This is also where the NAS configuration backup is stored. You can easily set a backup job to run on this share to copy the data to a USB HDD or another NAS to provide a second copy of your important backups.
I have my UPS monitoring set to AUTO. The NAS shuts down safely when the UPS is getting low. I think the NAS monitors the rate at which the power is being used and shutsdown before the UPS runs out. I haven't had any uncontrolled shutdowns, even when the UPS batteries were flagged for replacement.
I hope this helps.
Cheers, Shaun. - Also a duo owner... Backup and media are created by the duo initially. You don't actually need to use them, you could delete them if you want to, and not lose any services.
-When the UPS is set to "auto", the UPS itself initiates the shutdown event over the USB interface. There's a "critical power" event (don't recall the name off-hand) that is sent. If you manually set a threshold, then the NAS needs to monitor it.
-DLNA is its own service, and AFAIK the clients cannot delete media on the server. It has nothing to do with the file permissions you set on the NAS.
What version of windows are you using? What firmware is running on the Duo? What security mode is the duo set to use? (user or share)
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
