• March 05, 2024, 03:14:57 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Users & group permissions  (Read 9306 times)

savas

  • Level 1 Member
  • *
  • Posts: 3
Users & group permissions
« on: March 14, 2012, 09:08:58 PM »

First of all, sorry if this has already been answered, I couldn't find a proper explanation, so if there is one, please just link me to it. Also I fully read the tips/help on the side.

I'm trying to figure out what best way to set up my users and groups and for that I want to know how exactly this users and group permission works.

Does group permissions do the work for me and configures all the users in the group to match the group permissions or is the group permissions controlling the access of all the users and basically overrides whatever was set?

If I only allow a group to read a folder, (not have write access), but then i give the user write access within the same group, which permission does it follow? Or vise versa with other combinations..

What is "Deny Access"? I assumed everything was denied access until I gave it access specifically? How does this work?

Thanks.
« Last Edit: March 14, 2012, 09:23:41 PM by savas »
Logged

priitv8

  • Level 3 Member
  • ***
  • Posts: 250
Re: Users & group permissions
« Reply #1 on: March 14, 2012, 11:11:36 PM »

User's permissions take precedence over group permissions.
See slide 5-6 on page 80
Logged

savas

  • Level 1 Member
  • *
  • Posts: 3
Re: Users & group permissions
« Reply #2 on: March 15, 2012, 08:11:59 AM »

Quote
Permission Precedence
● If UID matches, user permissions
apply
● Otherwise, if GID matches,
group permissions apply
● If neither match, other
permissions apply

And what about Deny Access?
Logged

priitv8

  • Level 3 Member
  • ***
  • Posts: 250
Re: Users & group permissions
« Reply #3 on: March 15, 2012, 11:44:03 AM »

And what about Deny Access?
Purely deductively - Deny Access ought to have highest precedence. Upon closer inspection however, my earlier quote won't help you much, because the filesystem ownerships seem not to be tied to Network Share access rights at all. Seems so, that the authorisation to network share objects is built on a higher level, than Linux filesystem.
Logged

killinjoe

  • Level 2 Member
  • **
  • Posts: 26
Re: Users & group permissions
« Reply #4 on: May 07, 2012, 04:36:30 AM »

ok. i'm in a somewhat different predicament here.

I created e "friends" users group with a "read only" access to some folders on my DNS-325.

trouble is, they have a read/write access when accessing  the shares via the web File Server online app (didn't check the FTP because I can't right now)...

what the h*** ?

I check the settings, but everything is as it should be.

please help.
Logged

killinjoe

  • Level 2 Member
  • **
  • Posts: 26
Re: Users & group permissions
« Reply #5 on: May 09, 2012, 07:15:11 AM »

up.
Logged

priitv8

  • Level 3 Member
  • ***
  • Posts: 250
Re: Users & group permissions
« Reply #6 on: May 09, 2012, 07:37:41 AM »

Are you sure this Web-FS is the right tool to give in the hands of guests?
Wouldn't WebDAV be more appropriate?
Logged

killinjoe

  • Level 2 Member
  • **
  • Posts: 26
Re: Users & group permissions
« Reply #7 on: May 09, 2012, 11:50:24 AM »

you're totally right. but I can't figure out how to bar access to it to my guests.

I do want to make this app for-my-eyes only.

do you know how ?
Logged

priitv8

  • Level 3 Member
  • ***
  • Posts: 250
Re: Users & group permissions
« Reply #8 on: May 09, 2012, 10:02:07 PM »

I do want to make this app for-my-eyes only.
do you know how ?
Well, not exactly. But I have solved it simply: I just don't allow anyone else to log in to Web-Admin interface of my NAS.
All my guests use file sharing one way or another. I've opted for AFP, SMB and WebDAV.
The latter runs over normal HTTPS so should pass anywhere HTTPS is allowed to.
Logged

killinjoe

  • Level 2 Member
  • **
  • Posts: 26
Re: Users & group permissions
« Reply #9 on: May 11, 2012, 05:22:05 AM »

please forgive my exceptionnal thickness, but how do you forbid access to the web-admin interface ?
Logged

priitv8

  • Level 3 Member
  • ***
  • Posts: 250
Re: Users & group permissions
« Reply #10 on: May 11, 2012, 11:02:49 AM »

please forgive my exceptionnal thickness, but how do you forbid access to the web-admin interface ?
Pardon my pun :-[
You're right, you can't.
« Last Edit: May 11, 2012, 09:29:22 PM by priitv8 »
Logged

killinjoe

  • Level 2 Member
  • **
  • Posts: 26
Re: Users & group permissions
« Reply #11 on: May 12, 2012, 11:42:46 AM »

right.  ;D

so... back to square one.

I guess the only way is to go in as root and erase the bloody malfunctionning app !

It's a major design flaw. I don't understand why D-Link hasn't acted upon it yet. Basically, all my guests can access anything, and do whatever they fancy with it...

Logged

priitv8

  • Level 3 Member
  • ***
  • Posts: 250
Re: Users & group permissions
« Reply #12 on: May 12, 2012, 02:38:19 PM »

I guess the only way is to go in as root and erase the bloody malfunctionning app !
If you already can go in as root, you might simply change file owners & rights directly in EXT3 filesystem. This works.
Logged

killinjoe

  • Level 2 Member
  • **
  • Posts: 26
Re: Users & group permissions
« Reply #13 on: May 13, 2012, 09:01:50 AM »

I can't right now since I did not change anything on the NAS so far. But I know how and will if required, as soon as I get a tiny speck of leisure... Would have liked it to work out-of-the box, though. I don't want to end up having to finetune all the sharing settings one by one. :-[

anyhow, I think this is my only shot at basic security, so ...

thanks.
Logged