NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
NooB share permissions help
I'm a novice with linux file permissions setting up a new 626x and I don't want to screw this up. I've read a number of topics and searched a bunch but I think i'm missing some fundamental things that I cannot clarify. I'm setting up several shares using SMB only with local users (no AD) that i'd like the following permissions for.
Archive - Admin users RW, regular Users read only
Tech - Admin RW, regular Users no access
I'd also like to not allow for ANY guest/anonymous access to any of these (not even seeing the shares are available)
Questions (let's start with Archive share)
Under Network Access, by default, Everyone group has RW. Because I want Users to have Read Only, should I uncheck Everyone and set Users group to Read Only?
The Allow Anonymous Access box is checked. Does unchecking this remove Guest access?
For File Acess, default owner/group is Guest. Should I change this to Admin? Root?
What exactly does "Grant rename and delete privileges to non-owner" do?
For permissions, Evreryone, Owner, Group and Admin groups have RW. What should I set so Admin has RW and Users are read-only? Do I remove Everyone and just specify Admin RW and Users read only? Didn't I already do that in the Network Access part?
Thanks in advance!
cmatsinger wrote:
I'm a novice with linux file permissions setting up a new 626x and I don't want to screw this up. I've read a number of topics and searched a bunch but I think i'm missing some fundamental things that I cannot clarify. I'm setting up several shares using SMB only with local users (no AD) that i'd like the following permissions for.
Archive - Admin users RW, regular Users read only
Tech - Admin RW, regular Users no access
I'd also like to not allow for ANY guest/anonymous access to any of these (not even seeing the shares are available)
Questions (let's start with Archive share)
Under Network Access, by default, Everyone group has RW. Because I want Users to have Read Only, should I uncheck Everyone and set Users group to Read Only?
The Allow Anonymous Access box is checked. Does unchecking this remove Guest access?
Yes to both. So uncheck anonymous, uncheck everyone, and set the user group to read-only,
cmatsinger wrote:
For File Acess, default owner/group is Guest. Should I change this to Admin? Root? ...
You can leave this just as it is. Network access alone will accomplish what you want, and generally speaking it is easier to administer. Note that users can change the file permissions from Windows (right-clicking on a file), but they can't change the network permissions.
The effective access rights in Windows are the intersection of network and file permissions. So if the network permission is read-only, then then write access will be denied, no matter what the file permissions are.
7 Replies
Replies have been turned off for this discussion
cmatsinger wrote:
I'm a novice with linux file permissions setting up a new 626x and I don't want to screw this up. I've read a number of topics and searched a bunch but I think i'm missing some fundamental things that I cannot clarify. I'm setting up several shares using SMB only with local users (no AD) that i'd like the following permissions for.
Archive - Admin users RW, regular Users read only
Tech - Admin RW, regular Users no access
I'd also like to not allow for ANY guest/anonymous access to any of these (not even seeing the shares are available)
Questions (let's start with Archive share)
Under Network Access, by default, Everyone group has RW. Because I want Users to have Read Only, should I uncheck Everyone and set Users group to Read Only?
The Allow Anonymous Access box is checked. Does unchecking this remove Guest access?
Yes to both. So uncheck anonymous, uncheck everyone, and set the user group to read-only,
cmatsinger wrote:
For File Acess, default owner/group is Guest. Should I change this to Admin? Root? ...
You can leave this just as it is. Network access alone will accomplish what you want, and generally speaking it is easier to administer. Note that users can change the file permissions from Windows (right-clicking on a file), but they can't change the network permissions.
The effective access rights in Windows are the intersection of network and file permissions. So if the network permission is read-only, then then write access will be denied, no matter what the file permissions are.
- Thanks so much for the info. I'm still concerned about the file permissions. It just seems so counter-intuitive to leave file ownership with guest. Is there any kind of best practice to set this to admin or root? Well I appreciate it might be easier to administer, I'm willing to put in a little extra time for a little extra security. Thoughts?
cmatsinger wrote:
Thanks so much for the info. I'm still concerned about the file permissions. It just seems so counter-intuitive to leave file ownership with guest. Is there any kind of best practice to set this to admin or root? Well I appreciate it might be easier to administer, I'm willing to put in a little extra time for a little extra security. Thoughts?You can change the owner/group to admin/admin if you want (and then reset the file permissions in the share). But that won't improve your security. Network access controls are enough as long as all the files and folders in the share have the same access restrictions.
If you try to control access with file permissions, the usual result is that you end up with users being denied access to files that were created by other users.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
