NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Quesy regarding Network Access vs File Access
Hi All, I've now got my ReadyNAS 314, installed a single WD Red 1TB (for now), and upgrade to ReadyNAS v6.1.8. I've set-up my users, and started to work on my shares. However I confused between...
The linux system doesn't understand protocol access. It relies on file access and local users. By default, Linux rights are done with 3 parameters : owner, group, other ; that can take several values : 1=execute or go through, 4=read, 2=write, any addition of those values.
So when you have to give a single user a right to a folder, you either change the folder's owner, or you create a group that all users that need access will share. This limits the things you can do with rights.
I believe that Netgear added some things to be able to use ACL rights though, which gives more options than that.
Share rights (or protocol rights, or network access rights) are much more flexible (it can use linux local users, LDAP, DB users, user list... ; it can set rights per user or per group). But since linux doesn't understand them by default, the software that handles the protocol acts on a file access level, get the data it wants and then applies its permissions on it before delivering it on the network (you can think of it as a middle man if you want).
This means that the weakest on the two sets of rights applies. If the FTP/SMB/AFP server that runs under a local linux user (each process on linux is runned by a user) is not authorized to access the files, it won't be able to transmit them. If it can access the files but your user is not allowed at the server/protocol level, you will be blocked too.
That's why we rarely set file access rights unless we want to enforce a limitation (read-only for everyone for example).
So when you have to give a single user a right to a folder, you either change the folder's owner, or you create a group that all users that need access will share. This limits the things you can do with rights.
I believe that Netgear added some things to be able to use ACL rights though, which gives more options than that.
Share rights (or protocol rights, or network access rights) are much more flexible (it can use linux local users, LDAP, DB users, user list... ; it can set rights per user or per group). But since linux doesn't understand them by default, the software that handles the protocol acts on a file access level, get the data it wants and then applies its permissions on it before delivering it on the network (you can think of it as a middle man if you want).
This means that the weakest on the two sets of rights applies. If the FTP/SMB/AFP server that runs under a local linux user (each process on linux is runned by a user) is not authorized to access the files, it won't be able to transmit them. If it can access the files but your user is not allowed at the server/protocol level, you will be blocked too.
That's why we rarely set file access rights unless we want to enforce a limitation (read-only for everyone for example).
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
