× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Re: sudden permissions problem - You need permission to perform this action

kenalker
Aspirant

sudden permissions problem - You need permission to perform this action

I have samba (SMB) share called "pictures" which I map to my Windows 7 machine as drive Y:. I used Windows Explorer to move some pictures to my Y: drive today (as I've done hundreds of times before) but I got the error, "You need permission to perform this action". This has never happened before.

 

I ssh'd to the ReadyNAS and looked at the directory to which I was trying to move my picture and found permissions of "drwxr-xr-x guest guest". I see that some of my other directories have permissions of "drwxrwxr-x guest guest". As it turns out, I can move files to those directories. I then tried to create a new directory on my Y: drive (in my "pictures" share) and the new directory received permissions of "drwxrwxr-x+ ken users". ("ken" is my windows username and is the name of my "home folder" on the ReadyNAS). This is rather peculiar since every directory and file in the "pictures" share going back many many years has ownership of "guest.guest".

 

Based on above, I believe what is happening is that I am now suddenly accessing the share as ken rather than as guest and since I am now accessing the directory as "ken" rather than "guest" and since "ken" is in the "users" group and not the "guest" group, I do not have user or group write permission so I can't move my files to the folder any longer.

 

Does anyone know WHY the username being passed via samba to access the "pictures" share would have changed from "guest" to "ken"?

 

Also, does anyone know why the directory was created using unix ACL's (the + sign at the end of the permissions string above)? The use of ACLs happened once before a few years ago and prevented me from accessing files, but it seemed to have stopped until now.

 

I presume that when I create a directory, the permissions to use are being set by the ReadyNAS, but perhaps they are coming from Windows somehow?

 

I upgraded from 6.9.1 to 6.9.2 tonight but all of the above still pertains.

Model: RN31400|ReadyNAS 300 Series 4-Bay
Message 1 of 7
kenalker
Aspirant

Re: sudden permissions problem - You need permission to perform this action

Bump.

Message 2 of 7
StephenB
Guru

Re: sudden permissions problem - You need permission to perform this action

If you haven't set up a Windows credential for the NAS (either via the Windows Credential manager, or by entering the user/password for the NAS when you access the share), then Windows will automatically use your windows username and password when it connects to the NAS.

 

Also, you can change file attributes from windows by right-clicking on the files or folders from file explorer.

 

Overall, Microsoft has made some changes to they way they handle guest access - and they might be getting your way.

 

 

What I recommend is setting up a user account on the NAS.  You could call it ken, and match the password to your Windows password.  Or you could use the NAS admin account if you want to map the entire data volume instead of a share.

 

Then you can reset the file permissions on the NAS using the settings wheel for the share.  Maybe also change the share owner/group to match the NAS user account you are using.

Message 3 of 7
kenalker
Aspirant

Re: sudden permissions problem - You need permission to perform this action

I actually have a "Home Folder" for my "ken" user on the NAS.  Additionally, I have several "guest shares" called "music, pictures, and videos" (The ReadyNAS sets these up by default).  I am attaching to the NAS from Windows 7 Ultimate.  I mapped my Z: drive to my "ken" folder (//10.0.0.11/ken; which is /home/ken on the NAS ).  I mapped my Y: drive to my "pictures" share (//10.0.0.11/pictures; which is /data/pictures on the NAS).  I log into Windows as "ken" (no password).  I am pretty sure that the order in which I logged into the shares didn't matter (it does now, per below).  I can't put my finger on anything that has changed in years.  I would boot up my Windows box and log into my Z: drive and it would ask for my credentials and I would type in the NAS username/password for my "ken" home folder and then I would have access to it until rebooting my Windows box.  After this I could click on the Y: drive and it would not NOT ask for any credentials; it would simply give me guest access.  Files I saved to Z: have a username.group of ken.users and files I saved on Y: have a username.group of guest.guest.

 

NOW what I'm finding is that if I log into the Z: drive first I get access to the Z drive (ken.users) and I have access to Y:.  However, the Y: share now sees me as "ken.users" rather than "guest.guest" and I am unable to write to anything but the root directory in Y:.  If I log into the Y: drive before logging into the Z: drive I am able to write to the Y: drive as guest.guest, just like before, but when I then try to access the Z: drive and I am prompted for my username and password, it refuses to let me log in as ken.  Instead I get the following error, ""\\10.0.0.11\ken Microsoft Windows Network: Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed.  Disconnect all previous connections to th eserver or shared resource and try again."

 

So, it does seem SOMETHING has changed with the way Windows is passing credentials to the NAS.  I'd still like to access my home directory using my username and password and I'd like access to my several shared directories as guest.guest.  However, Windows doesn't seem to like maintaining multiple connections to the same IP address any longer when I log into Y first.  If I log into Z first  then Y: see me as ken instead of guest.  This used to work just fine until something mysterious changed.  I am not very familiar with Credentials Manager as I've never had to use it in the past 10 years for this purpose.  I did experiemnt with about five different forms of credentials (adding and deleting via Credentials Manager) but I couldn't get anything to work.

 

I am hoping that above sheds some light on this and that you could provide more direction.  I'm stuck again.  Thank you.

Message 4 of 7
StephenB
Guru

Re: sudden permissions problem - You need permission to perform this action


@kenalker wrote:

However, Windows doesn't seem to like maintaining multiple connections to the same IP address any longer when I log into Y first. 


It can maintain multiple connections, but they must use the same credentials.  Windows has always worked that way, it is nothing new.

 

Microsoft has made some other changes on guest access, and my guess is that they will lock it down further over time.  While you could simply try to track those changes as they unfold, in my opinion you are better off just setting up the NAS so you don't routinely use guest access.

 

How you handle this depends on what access restrictions you want to apply.  If you want full access to all shares from all devices on your home network, then what you want to do is

  • add credentials in the windows credential manager (for "ken" in your case, with the NAS password for ken)
  • change the file access settings for the public shares so that ken has full read/write permission.  You can also set the owner of the shares to ken/users 

 

 

Message 5 of 7
kenalker
Aspirant

Re: sudden permissions problem - You need permission to perform this action

Thanks for the quick response.  I do recall and have experienced what you say, that "It can maintain multiple connections, but they must use the same credentials." But I can tell you with all certainly that I've been logging into Z: and saving files that end up owned by ken.users and logging into Y: and saving files that end up owned by guest.guest (all from one computer).  Not sure how I managed for years or why it suddenly stopped (maybe that is different than what you are saying).

 

For option one this means adding my credentials to machines that belong to other people, which would give them access to my home share, right (not good, if so)?

 

For the second option, this means having to add a new user to the access settings every time a new device is added to the network that needs guest access, true?  I think it would also mean creating a user on the NAS for that person (which, perhaps, means they'd end up with a home share even if they don't need one).  Not ideal, especially for guests visiting for a day, but would work.

 

I would normally experiemnt with these before writing back but must leave town shortly, so will probably have more questions once I try it out.  Thanks!

Message 6 of 7
StephenB
Guru

Re: sudden permissions problem - You need permission to perform this action


@kenalker wrote:

For option one this means adding my credentials to machines that belong to other people, which would give them access to my home share, right (not good, if so)?...

 

But I can tell you with all certainly that I've been logging into Z: and saving files that end up owned by ken.users and logging into Y: and saving files that end up owned by guest.guest (all from one computer).  Not sure how I managed for years or why it suddenly stopped (maybe that is different than what you are saying).

 

Whether it's "good" or not depends on what data you put in the home share.  Personally I don't use the home shares at all.  As far as the past goes, the rules here are changing.  WannaCry is one reason, as it exposed the dangers of allowing open access to network shares.

 

That said, it is certainly possible to reset the file access rights on the public shares to allow both guest and  "ken" to write to the share.  You could start with using the reset control on the file access page, and see if that solves it.  

 

Also, one way to "fake" multiple credentials is to use the NAS IP address when mapping Z and the NAS name when mapping Y.  Windows treates the IP address and the hostname as two different devices.  Then you can just create a NAS credential for ken on the machines that access the ken home share, and always use guest for public shares.

 

You could also create a second account, and use its credentials on the other PCs to access the public shares (avoiding guest, and allowing you to be selective on whom you let access the public shares).

Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 4228 views
  • 0 kudos
  • 2 in conversation
Announcements