NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
NooB share permissions help
I'm a novice with linux file permissions setting up a new 626x and I don't want to screw this up. I've read a number of topics and searched a bunch but I think i'm missing some fundamental things tha...
cmatsinger wrote:
I'm a novice with linux file permissions setting up a new 626x and I don't want to screw this up. I've read a number of topics and searched a bunch but I think i'm missing some fundamental things that I cannot clarify. I'm setting up several shares using SMB only with local users (no AD) that i'd like the following permissions for.
Archive - Admin users RW, regular Users read only
Tech - Admin RW, regular Users no access
I'd also like to not allow for ANY guest/anonymous access to any of these (not even seeing the shares are available)
Questions (let's start with Archive share)
Under Network Access, by default, Everyone group has RW. Because I want Users to have Read Only, should I uncheck Everyone and set Users group to Read Only?
The Allow Anonymous Access box is checked. Does unchecking this remove Guest access?
Yes to both. So uncheck anonymous, uncheck everyone, and set the user group to read-only,
cmatsinger wrote:
For File Acess, default owner/group is Guest. Should I change this to Admin? Root? ...
You can leave this just as it is. Network access alone will accomplish what you want, and generally speaking it is easier to administer. Note that users can change the file permissions from Windows (right-clicking on a file), but they can't change the network permissions.
The effective access rights in Windows are the intersection of network and file permissions. So if the network permission is read-only, then then write access will be denied, no matter what the file permissions are.
cmatsinger wrote:
I'm a novice with linux file permissions setting up a new 626x and I don't want to screw this up. I've read a number of topics and searched a bunch but I think i'm missing some fundamental things that I cannot clarify. I'm setting up several shares using SMB only with local users (no AD) that i'd like the following permissions for.
Archive - Admin users RW, regular Users read only
Tech - Admin RW, regular Users no access
I'd also like to not allow for ANY guest/anonymous access to any of these (not even seeing the shares are available)
Questions (let's start with Archive share)
Under Network Access, by default, Everyone group has RW. Because I want Users to have Read Only, should I uncheck Everyone and set Users group to Read Only?
The Allow Anonymous Access box is checked. Does unchecking this remove Guest access?
Yes to both. So uncheck anonymous, uncheck everyone, and set the user group to read-only,
cmatsinger wrote:
For File Acess, default owner/group is Guest. Should I change this to Admin? Root? ...
You can leave this just as it is. Network access alone will accomplish what you want, and generally speaking it is easier to administer. Note that users can change the file permissions from Windows (right-clicking on a file), but they can't change the network permissions.
The effective access rights in Windows are the intersection of network and file permissions. So if the network permission is read-only, then then write access will be denied, no matter what the file permissions are.
Thanks so much for the info. I'm still concerned about the file permissions. It just seems so counter-intuitive to leave file ownership with guest. Is there any kind of best practice to set this to admin or root? Well I appreciate it might be easier to administer, I'm willing to put in a little extra time for a little extra security. Thoughts?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
