Greetings. I have a RN214. After upgrading to the OS6.9.5 I'm seeing the group "users" being added to all files being created as the default group with permissions of rwxrwx---+. For example, the user "TEC" is in a group called "TECH". When I drag-n-drop a file (on OS6.9.4 +Hotfix) it created the file with "TEC" as the owner and group "TECH" with permission bits of rw-rw----+. Now, with OS6.9.5, it's creating with "TEC" as the owner (correct) but the group is "USERS" with permissions of rwxrwx---+. Doing a getfacl on the file shows group "TECH" and "USERS", plus ADMIM; all with rwx. I have looked at all the ACLs of the directory structure and there is NO "USERS" group on any of them, nor is this user connected to this group. Is this a OS6.9.5 bug or do I have something set wrong? This was not an issue prior to os6.9.5. cj.

BarkingSpider wrote: When each user creates a file in that share, the "users" group is assigned to each file. This allows usera to delete userb files. It shouldn't because usera is not in the users group.

I can't say, because my 312 does not act the same way. And you are sure you've removed user mb795b from the "users" group? I don't know why you'd assign ownership of a share to "admin", but I did something similar to what you did just to see what happens. I created "user1", with primary membership in "group1" and no other memberships and "user2" in "group2". I created share "share1" and "share2" with owner group and user "admin". Group1 has read-write privilages in share1 and read-only in share2. Vice versa for share2. If user1 creates a file in share1, the ownership is "user1 group1" (his user name and primary group). Likewise user2 files in share 2 have ownership "user2 group2". Each user can read, but not overwrite or delete, the other's files in their assigned folder. All just the way it's supposed to work. But, my other question is why do you care? Yes, at the basic Linux level (only accessible if you give the users SSH access), it seems that a unintended group may have access. But it's not just a Linux machine, it's a NAS. Do the protocols enabled for the users provide the protection that you are looking for? If not, perhpas you are looking for protection the NAS is not intended to provide. The NAS provides share-level access control, not individual file-level protection within a share.

Hi BarkingSpider, in case your nas was fine before and you are not depending on any of the bugfixes introduced by 6.9.5 (see the release notes here https://kb.netgear.com/000060500/ReadyNAS-OS-6-Software-Version-6-9-5), I would do the following: a) Download the logs now to later give one of the netgear mods/analysts the opportunity to have a closer look at those, in case they want to investigate. b) Manually downgrade to 6.9.4HF1 and wait until your issue has been declared as solved. Here is the link to that release https://community.netgear.com/t5/ReadyNAS-Announcements-Stories/ReadyNAS-OS-6-9-4-Hotfix-1-now-available/m-p/1639064#M63 Kind regards

I created a new user (zoro) that is connected to one group called "ostech". I then create a new share and made that user and group the only access. Here is output from the getfacl for the share and file I created by using Win10 drop-n-drag. root@WW:/data/ztest# getfacl /data/ztest/# file: data/ztest/# owner: ww# group: ostechuser::rwxuser:admin:rwxuser:zoro:rwxgroup::rwxgroup:admin:rwxgroup:ostech:rwxmask::rwxother::---default:user::rwxdefault:user:admin:rwxdefault:user:zoro:rwxdefault:group::rwxdefault:group:admin:rwxdefault:group:ostech:rwxdefault:mask::rwxdefault:other::--- root@WW:/data/ztest# getfacl zoro.txt# file: zoro.txt# owner: zoro# group: users user::rwxuser:admin:rwxuser:zoro:rwxgroup::rwxgroup:admin:rwxgroup:users:rwxgroup:ostech:rwxmask::rwxother::--- Even windows 10 security shows Allow users(WW\users) Full control and what's interesting is under the "inherited from" shows \\WW\ztest\ So how did "users" get added to the ACL's ??

BarkingSpider wrote: So how did "users" get added to the ACL's ?? "users" is Netgear's built-in group, so it's possible it is baked into the ReadyNAS ACL. Does this do harm?

RN214 File creation using Windows 10 SMB

23 Replies

Replies have been turned off for this discussion

Retired_Member
Feb 03, 2019
Hi BarkingSpider, in case your nas was fine before and you are not depending on any of the bugfixes introduced by 6.9.5 (see the release notes here https://kb.netgear.com/000060500/ReadyNAS-OS-6-Software-Version-6-9-5), I would do the following:

a) Download the logs now to later give one of the netgear mods/analysts the opportunity to have a closer look at those, in case they want to investigate.

b) Manually downgrade to 6.9.4HF1 and wait until your issue has been declared as solved. Here is the link to that release https://community.netgear.com/t5/ReadyNAS-Announcements-Stories/ReadyNAS-OS-6-9-4-Hotfix-1-now-available/m-p/1639064#M63

Kind regards
- BarkingSpider
  Aspirant
  Feb 05, 2019
  I created a new user (zoro) that is connected to one group called "ostech". I then create a new share and made that user and group the only access. Here is output from the getfacl for the share and file I created by using Win10 drop-n-drag.
  
  root@WW:/data/ztest# getfacl /data/ztest/
  # file: data/ztest/
  # owner: ww
  # group: ostech
  user::rwx
  user:admin:rwx
  user:zoro:rwx
  group::rwx
  group:admin:rwx
  group:ostech:rwx
  mask::rwx
  other::---
  default:user::rwx
  default:user:admin:rwx
  default:user:zoro:rwx
  default:group::rwx
  default:group:admin:rwx
  default:group:ostech:rwx
  default:mask::rwx
  default:other::---
  
  root@WW:/data/ztest# getfacl zoro.txt
  # file: zoro.txt
  # owner: zoro
  # group: users
  user::rwx
  user:admin:rwx
  user:zoro:rwx
  group::rwx
  group:admin:rwx
  group:users:rwx
  group:ostech:rwx
  mask::rwx
  other::---
  
  Even windows 10 security shows Allow users(WW\users) Full control and what's interesting is under the "inherited from" shows \\WW\ztest\
  
  So how did "users" get added to the ACL's ??
  - StephenB
    Guru - Experienced User
    Feb 06, 2019
    BarkingSpider wrote:
    
    So how did "users" get added to the ACL's ??
    
    "users" is Netgear's built-in group, so it's possible it is baked into the ReadyNAS ACL.
    
    Does this do harm?

Forum Discussion

RN214 File creation using Windows 10 SMB

23 Replies

Related Content

RN214 - Antivirus Definitions

Unresponsive RN214

Revert New Volume creation

RN214 email alerts

RN214 internal power supply failure

NETGEAR Academy

ProSupport for Business