I'm building a file server using FreeBSD, ZFS, and Samba, and I can't seem to find a clear answer regarding implementing the access control I'd like.
For sake of example, I'll use my Media filesystem (in ZFS). I'd like to share it out, but I want to control how different users can interact with it based on the groups they're in.
I'm new to FreeBSD, and I'm not accustomed to the permission system (I do most of my work on Windows). I figure there's probably some way to twist it around to get the results I want, but a pretty significant amount of searching hasn't gotten me an answer yet, so I figured I'd post here.
I suppose I could make the drive read-only for all members of the MediaReader group, and give write access to a specific user account, but I'd rather not. It's pretty bare, and I'd really like a more robust solution.
Thanks!
-- Ethan
(PS: You don't have to give exact commands or anything, just something like "use this, here's the documentation" would be great.)
For sake of example, I'll use my Media filesystem (in ZFS). I'd like to share it out, but I want to control how different users can interact with it based on the groups they're in.
- I want all members of the MediaEditor group to have full read-write (but not execute) access to the filesystem. They should be able to edit and even delete files that do not belong to them in the Media filesystem, as long as they're a member of the MediaEditor group.
- I want all members of the MediaAdder group to have full read access and to be able to add and edit their own files, but not to edit or delete anyone else's files.
- I want all members of the MediaReader group to have full read access, but no write or execute access, to the filesystem.
- It would be nice if I could have a MediaReaderLimited group that had the same permissions as MediaReader, but had a capped download rate. This seems to have much more to do with Samba than FreeBSD, and if I can't implement this group, that's alright. I consider it to be on my wishlist.
- If a user does not belong to any of the groups listed above, I want to forbid any access to the Media filesystem, and even hide it. (I'm alright with root being able to access it without belonging to any of these groups, but that's it.)
I'm new to FreeBSD, and I'm not accustomed to the permission system (I do most of my work on Windows). I figure there's probably some way to twist it around to get the results I want, but a pretty significant amount of searching hasn't gotten me an answer yet, so I figured I'd post here.
I suppose I could make the drive read-only for all members of the MediaReader group, and give write access to a specific user account, but I'd rather not. It's pretty bare, and I'd really like a more robust solution.
Thanks!
-- Ethan
(PS: You don't have to give exact commands or anything, just something like "use this, here's the documentation" would be great.)
Right in the smb.conf file.