Shared folder security

Hi everyone,

I’m new to Rockstor having only installed it today but it appears to be quite a good option for what I need. Can i begin by saying I’m brand new to Linux and come from a Windows background so please be patient if somethings go beyond my knowledge.

I need to setup a Nas solution that is able to integrate with Active Directory so that we can backup some of our work to it and we can use our AD accounts to access the shared folder. I have been able to setup the software and enter all of the server details (I am currently testing on a virtual machine with a test domain) and create a share that is visible by browsing to the IP address from a client machine.

I have tried to setup some NTFS permissions so that only certain users can access the folder however I don’t know how to do this. My first attempt told me I didn’t have the permission to apply the new NTFS permission so as a workaround I added my AD username as the folder owner within the Rockstor shared folder Access Control list. Making this change allowed me to apply the NTFS permission so I added a user in and removed all permissions however the user could still access the folder and read, write and delete while inside the folder.

My questions are how would I block access to anyone except a few users that I wish to be able to have full access to the folder? Is there a way to create a group of users with Rockstor using the AD accounts and then assigning this usergroup as the owner of the shared folder?

Thanks everyone for your help and advice

Hi Noel, don’t worry I’ve switched from amiga to linux … that was fun :slight_smile:

@Flyer is your guy, he plays with those evil active directories.

Also, welcome to crazy world of rockstor and btrfs and linux and cookies :slight_smile: I strongly believe in hard love approach, if something sucks tell us about it ( unless you are a 100th person to say that, like lets say raid5&6 status :slight_smile: )

[yanking chain mode ON]
also new CEO of Microsoft stated that he aims at windows to be 100% POSIX compliant so maybe there is some hope for you windows guys
[yanking chain mode OFF]

I have a 3 yrs nephew, probably she’ll see this at 50 :laughing:

Ok, back to the main topic!
First of all, hi @noelmm and once again welcome!

Active Directory integration, my first suggestion:
we start having a common share for all your Ad users
after joining your AD have a domain users shares (Rockstor Share, not Samba share) with group == your AD users group and owner == root or AD Admin

Actually missing in Rockstor (coding on it): users ACL inheritance

On this issue we will have at least options to have:

[Rockstor Shares]

  • Default ACLs
  • Recursive ACLs rewrite

and this will let
[Samba Shares]

  • better permissions handling

So actually stay tuned :slight_smile:

Other way to handle a share permissions: use RSAT tools / Computer management :
here an example I’ve found on the fly about RSAT (skip manual coding of samba smb.conf)

Thanks both of you for the warm welcome. I’m going to have to do some configuration from the server side by the looks of it so I need to get reading. Once I have been able to get the server side config done I can then test my setup and see if it does what I need it to.

Thanks

Noel

hi there on share of samba u will go to share in storage and click on pencil icon on each share you made there u will find access control in this option select edit and remove read and execute option clear check mark from under others it will disallow other users to see others share