× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: CIFS permissions for the "root" /c share

samtheman
Aspirant

CIFS permissions for the "root" /c share

I had recently been confusing myself with file permission behaviour on an Ultra 6 that I use on a home network and that I use to share files across a few desktops/laptops.

 

I perform most of my operations using the admin account (probably not the best idea, hence some of the challenges I've hit).

On some of my shares "Read/Write" access option is enabled and also the  "Automatically set permissions on new files and folders" option is enabled.

I was concerned that some of the files being uploaded (by admin) had file permissions set to 755 i.e. no admin-users could edit/delete the file

 

-rwxr-xr-x  1 admin  admin       14729 2004-11-21 18:40 photo_invite5.jpg

 

Then I realised that my admin user was accessing the shares by going through the "root" \C share of the filesystem i.e. \\MyNAS\C is accessed

 

If I performed the same upload by accessing the \\MyNAS\media share (where media is one of the shares that has the appropriate CIFS permissions),then the behaviour was expected. Example file:

 

-rwxrwxrwx 1 admin admin 22425 2007-11-26 20:19 n514851355_169300_6156.jpg

 

How can I control the CIFS file permissions for the c/ share?

If I access the media share by going through c/media (i.e. through the c/ share), then the CIFS default file permissions for the media share are not respected. Is there anyway I can somehow enforce that the media share permissions apply even though, in effect that part of my filesystem is being accessed through the c/ share? 

Message 1 of 4
StephenB
Guru

Re: CIFS permissions for the "root" /c share

Interesting question...

 

I checked on my Pro, and found there was one share (Photos) that worked the way you wanted - the others didn't.

 

For some reason Photos had extended ACL set up (I have no idea why or how).


PRO:/c# cd /c
PRO:/c# getfacl Photos
# file: Photos
# owner: admin
# group: admin
user::rwx
user:admin:rwx
group::rwx
group:admin:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:admin:rwx
default:group::rwx
default:group:admin:rwx
default:mask::rwx
default:other::rwx

 

I created matching ACL on a test share, and then it also worked as you wish.

setfacl -Rm u:admin:rwx Test

setfacl -Rm g:admin:rwx Test

setfacl -Rm m::rwx Test

setfacl -Rm d:u::rwx Test

setfacl -Rm d:u:admin:rwx Test

setfacl -Rm d:g::rwx Test

setfacl -Rm d:g:admin:rwx Test

setfacl -Rm d:o::rwx Test

setfacl -Rm d:m::rwx Test

 

FWIW, you can remove the ACL with

setfacl -Rb Test

 

The emoticons above are : followed by o

 

I hadn't played with ACL before, and I am certainly not an expert on this.  So definitely try this yourself on a test share before you go with it.  There are some guides - here is one: http://bencane.com/2012/05/27/acl-using-access-control-lists-on-linux/

 

Message 2 of 4
mdgm-ntgr
NETGEAR Employee Retired

Re: CIFS permissions for the "root" /c share

Accessing the c share is intended solely for administrative purposes not for regular adding of files.
Message 3 of 4
StephenB
Guru

Re: CIFS permissions for the "root" /c share


@mdgm wrote:
Accessing the c share is intended solely for administrative purposes not for regular adding of files.

Yes.  But though I know that's Netgear's intent I still do it from time to time (since it is very convenient to mount the whole volume as a drive letter).

 

However, I don't need the OP's desired behavior, so I don't intend to explore the setfacl approach further anytime soon.

 

FWIW, it doesn't change permissions on the c share itself.

 

 

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 2617 views
  • 0 kudos
  • 3 in conversation
Announcements