NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Problem with READ only permissions
Hello Guys,
This problem has recently become apparent on my ReadyNAS 1100:
I configured share and folder permissions as recommended in Post http://www.readynas.com/?p=1987 ('Setting up Active Directory folder permissions on the ReadyNAS') and, for the sake of completeness, I even created the same folder structure as outlined in this document.
I created two AD user accounts: User1 and User2.
I also created the following AD security groups (in place of the Sales group used as an example in the document): ProtectedFolderAccess_DLG (Domain Local Group) and ProtectedFolderAccess_GG (Global Group) as per Microsoft best practices.
ProtectedFolderAccess_DLG was added to the ACL of the \\nas1\data\protected folder with Allow-Full permissions.
ProtectedFolderAccess_GG was made a member of ProtectedFolderAccess_DLG.
User1 and User2 were added as members of ProtectedFolderAccess_GG.
Now here's what happens:
I log-on to a client machine as User1 and can access the \\nas1\data\protected folder fine. I create a new Word Document and save it as TestDoc.doc.
I view the ACL for this word document and can see that User1 is the owner and has full control. I can also see that the ProtectedFolderAccess_DLG group has full control. ALL GOOD.
I log off the client machine and log back on as User2. I access the \\nas1\data\protected folder and open up TestDoc.doc fine. I make some changes to the document and can save the changes without any problems.
However, I look at the ACL for TestDoc.doc and can now see that User2 has been added with READ permission only. NOTE that the ProtectedFolderAccess_DLG group is still there, and allowed full control.
I try to open TestDoc.doc (still logged on as User2) and now the file opens as read-only, and I'm forced to save a copy of it when saving changes.
STRANGE!
I remove the READ ACL entry and can now open TestDoc.doc with write permissions again. However, apon saving it the READ permission is again applied to the ACL and same thing happens.
I log on the client machine as User1 and can open TestDoc.doc and save changes multiple times with no problems.
I created the exact same scenario on a Windows file server and everything works as expected.
Has anyone come across this problem - and is there a solution?
Thanks.
This problem has recently become apparent on my ReadyNAS 1100:
I configured share and folder permissions as recommended in Post http://www.readynas.com/?p=1987 ('Setting up Active Directory folder permissions on the ReadyNAS') and, for the sake of completeness, I even created the same folder structure as outlined in this document.
I created two AD user accounts: User1 and User2.
I also created the following AD security groups (in place of the Sales group used as an example in the document): ProtectedFolderAccess_DLG (Domain Local Group) and ProtectedFolderAccess_GG (Global Group) as per Microsoft best practices.
ProtectedFolderAccess_DLG was added to the ACL of the \\nas1\data\protected folder with Allow-Full permissions.
ProtectedFolderAccess_GG was made a member of ProtectedFolderAccess_DLG.
User1 and User2 were added as members of ProtectedFolderAccess_GG.
Now here's what happens:
I log-on to a client machine as User1 and can access the \\nas1\data\protected folder fine. I create a new Word Document and save it as TestDoc.doc.
I view the ACL for this word document and can see that User1 is the owner and has full control. I can also see that the ProtectedFolderAccess_DLG group has full control. ALL GOOD.
I log off the client machine and log back on as User2. I access the \\nas1\data\protected folder and open up TestDoc.doc fine. I make some changes to the document and can save the changes without any problems.
However, I look at the ACL for TestDoc.doc and can now see that User2 has been added with READ permission only. NOTE that the ProtectedFolderAccess_DLG group is still there, and allowed full control.
I try to open TestDoc.doc (still logged on as User2) and now the file opens as read-only, and I'm forced to save a copy of it when saving changes.
STRANGE!
I remove the READ ACL entry and can now open TestDoc.doc with write permissions again. However, apon saving it the READ permission is again applied to the ACL and same thing happens.
I log on the client machine as User1 and can open TestDoc.doc and save changes multiple times with no problems.
I created the exact same scenario on a Windows file server and everything works as expected.
Has anyone come across this problem - and is there a solution?
Thanks.
6 Replies
Replies have been turned off for this discussion
- Hi all,
I too have pretty much the same issue.
ReadyNAS 2100 ver 4.2.9
I have a ReadyNAS share that has an AD Group given read/write permissions. When a user from that group edits a file and saves, the ReadyNAS adds a permission to the file's permission list for that user, but it is read-only. Which means that user cannot make any more changes.
aignetadmin - did you find a resolution for your problem?
Anyone else have any clues?
Thanks. - We're experiencing major issues as well.
We have a Mac and PC (Win XP) office and have the ReadyNAS 2100 version:4.2.9
We've disabled AFP to help out, which is better but still not resolved.
We continue to have Read only rights applied.
Using FTP is the only way that we can function. - @albatross
Hi unfortunately I haven't had time to troubleshoot this any further. In the mean time I've had to migrate to a windows file server - but it's not an ideal situation as the windows file server is fast running out of storage space! - Has anyone found an answer to this problem. I also have an 1100 attached to an AD and the files get changed to Read-Only automattically. It's hugely frustrating for the users.
- Any update on this problem as im also having the same issue as WingedSpur
- I'm not sure if this will help at all, but I encountered a problem which sounds like it had some similar symptoms in this thread.
Perhaps you can compare your share permission configuration with mine (although I am not using AD) and perhaps also explore the suggestion below that I found somewhere on the samba website.
There is a workaround to solve the permissions problem. It involves understanding how you can manage file system behavior from within the smb.conf file, as well as understanding how UNIX file systems work. Set on the directory in which you are changing Word documents: chmod g+s `directory_name'. This ensures that all files will be created with the group that owns the directory. In smb.conf share declaration section set:
force create mode = 0660
force directory mode = 0770
These two settings will ensure that all directories and files that get created in the share will be readable/writable by the owner and group set on the directory itself.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
