I am setting up my shares with my specific requirements (which are not special, quite similar to what others will have). I still have a few questions. (Spread throughout in bold)
Users -
A typical filesystem will either have a visible share - photos or a hidden share - data$
All shares will have a deny for everyone and the permission that allows everyone (apparently gets created by default) will be deleted. Purpose of this is to make sure that none of the data is available to anyone without authorization. Is this a good idea?
deny everyone@
remove everyone@:allow
? is the index of permission which allows everyone access
What I found out is if everyone:deny is first in the list of ACLs, none of the other permissions are evaluated, so no-one has access. Is that correct? What I have not found out yet is how to change the order of ACLs?
All shares will have full permissions for a superuser other than root
or
The values for acl-inherit and aclmode are passthrough.
So any new directory or file created under this share gets the same permissions.
photos has directories - device1, device2 ...
one user has read-write access to one device and read access to common
Open question - If I need to add access for another user at top level directory, how do I recursively set the access to lower directories and files? Have not found a command for that yet.
Open question - If user1 is to have access to photos/device1, does s/he also need access to parent folder photos?
Open question - Do I need fd in the inherit flags for all permissions to carry those permissions to any new subfolders
Users -
- root
- super user who has full access to everything (other than root)
- individual users user1 through user4
- Have write access to some folders in some shares and will be uploading files/folders, modifying files folders in those directories
- Have read access to some folders in some shares
- Have no access to some shares and no access to folders in some shares
- Have write access to some folders in some shares and will be uploading files/folders, modifying files folders in those directories
- guest user - currently no access and no plans to add a guest user
- super user should be able to manage files anywhere
- individual users will not see folders and shares that they do not have access to
- individual users will see folders where they have read access, but will not be able to add/delete files or modify files if they do not have write access
A typical filesystem will either have a visible share - photos or a hidden share - data$
All shares will have a deny for everyone and the permission that allows everyone (apparently gets created by default) will be deleted. Purpose of this is to make sure that none of the data is available to anyone without authorization. Is this a good idea?
deny everyone@
Code:
/usr/bin/chmod A+everyone@:rwxpdDaARWcCos:fd-----:deny photos
Code:
/usr/bin/chmod A?- photos
What I found out is if everyone:deny is first in the list of ACLs, none of the other permissions are evaluated, so no-one has access. Is that correct? What I have not found out yet is how to change the order of ACLs?
All shares will have full permissions for a superuser other than root
Code:
/usr/bin/chmod A+user:home-admin:rwxpdDaARWcCos:fd-----:allow photos
Code:
/usr/bin/chmod A+user:home-admin:full_set:fd-----:allow photos
So any new directory or file created under this share gets the same permissions.
photos has directories - device1, device2 ...
one user has read-write access to one device and read access to common
Code:
/usr/bin/chmod A+user:home-user1:write_set:fd-----:allow photos/device1
Code:
/usr/bin/chmod A+user:home-user1:read_set:fd-----:allow photos/common
Open question - If user1 is to have access to photos/device1, does s/he also need access to parent folder photos?
Open question - Do I need fd in the inherit flags for all permissions to carry those permissions to any new subfolders
Last edited: