NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
NooB share permissions help
I'm a novice with linux file permissions setting up a new 626x and I don't want to screw this up. I've read a number of topics and searched a bunch but I think i'm missing some fundamental things tha...
cmatsinger wrote:
I'm a novice with linux file permissions setting up a new 626x and I don't want to screw this up. I've read a number of topics and searched a bunch but I think i'm missing some fundamental things that I cannot clarify. I'm setting up several shares using SMB only with local users (no AD) that i'd like the following permissions for.
Archive - Admin users RW, regular Users read only
Tech - Admin RW, regular Users no access
I'd also like to not allow for ANY guest/anonymous access to any of these (not even seeing the shares are available)
Questions (let's start with Archive share)
Under Network Access, by default, Everyone group has RW. Because I want Users to have Read Only, should I uncheck Everyone and set Users group to Read Only?
The Allow Anonymous Access box is checked. Does unchecking this remove Guest access?
Yes to both. So uncheck anonymous, uncheck everyone, and set the user group to read-only,
cmatsinger wrote:
For File Acess, default owner/group is Guest. Should I change this to Admin? Root? ...
You can leave this just as it is. Network access alone will accomplish what you want, and generally speaking it is easier to administer. Note that users can change the file permissions from Windows (right-clicking on a file), but they can't change the network permissions.
The effective access rights in Windows are the intersection of network and file permissions. So if the network permission is read-only, then then write access will be denied, no matter what the file permissions are.
cmatsinger wrote:
I'm a novice with linux file permissions setting up a new 626x and I don't want to screw this up. I've read a number of topics and searched a bunch but I think i'm missing some fundamental things that I cannot clarify. I'm setting up several shares using SMB only with local users (no AD) that i'd like the following permissions for.
Archive - Admin users RW, regular Users read only
Tech - Admin RW, regular Users no access
I'd also like to not allow for ANY guest/anonymous access to any of these (not even seeing the shares are available)
Questions (let's start with Archive share)
Under Network Access, by default, Everyone group has RW. Because I want Users to have Read Only, should I uncheck Everyone and set Users group to Read Only?
The Allow Anonymous Access box is checked. Does unchecking this remove Guest access?
Yes to both. So uncheck anonymous, uncheck everyone, and set the user group to read-only,
cmatsinger wrote:
For File Acess, default owner/group is Guest. Should I change this to Admin? Root? ...
You can leave this just as it is. Network access alone will accomplish what you want, and generally speaking it is easier to administer. Note that users can change the file permissions from Windows (right-clicking on a file), but they can't change the network permissions.
The effective access rights in Windows are the intersection of network and file permissions. So if the network permission is read-only, then then write access will be denied, no matter what the file permissions are.
- Thanks so much for the info. I'm still concerned about the file permissions. It just seems so counter-intuitive to leave file ownership with guest. Is there any kind of best practice to set this to admin or root? Well I appreciate it might be easier to administer, I'm willing to put in a little extra time for a little extra security. Thoughts?
cmatsinger wrote:
Thanks so much for the info. I'm still concerned about the file permissions. It just seems so counter-intuitive to leave file ownership with guest. Is there any kind of best practice to set this to admin or root? Well I appreciate it might be easier to administer, I'm willing to put in a little extra time for a little extra security. Thoughts?You can change the owner/group to admin/admin if you want (and then reset the file permissions in the share). But that won't improve your security. Network access controls are enough as long as all the files and folders in the share have the same access restrictions.
If you try to control access with file permissions, the usual result is that you end up with users being denied access to files that were created by other users.
Ok so I'll change the owner/group but leave permissions default. Thanks.
Now that ive covered share setup, onto my next question: So in /Archive, users are read only. I want a folder within /Archive that only Admin can access (Users have No Access.) Where do I set that? I'd rather not have separate shares for each difference in share access. Thoughts?
Also I should have probably mention that all users are on Mac, so permissions settings look a lot different than what you posted.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
