Revised: More FreeNAS 8.2 Permissions Set-Up Examples for Dummies
(This build is a more-elegant design of a build I that posted earlier in this thread.)
I have set up a second FreeNAS server in my home to store family photographs while providing its access to five family members. With the success of my prior post, “FreeNAS 8.2 Permissions Set-Up Example for Dummies,” I thought it would be helpful to other newbees struggling with how to configure permissions if I shared a second example of a successful configuration. I created a single volume for a 1-TB mirrored disk array with no datasets. The users, for the purpose of this post, I shall call A, B, C, D, and E. What I did was to allow users B, C, D, and E to have only read permission to the volume, while providing user A (administrator) full write, read, and delete permissions to the volume. Users B, C, D, and E can, thus, view and copy photos to their client computers, but only user A can add or delete them to or from the server. Allow me to describe to you how I did it.
I will not cover installation of the FreeNAS software, as this forum addresses that issue, more than adequately, elsewhere; I will only suggest that the reader install the latest, stable version of the software (as of the date of my writing this post), version 8.2. One, also, should be sure to access the FreeNAS GUI with a compatible browser. I wasted three days with my prior configuration repeatedly installing, removing, and reinstalling the software before I realized that I could not configure version 8.2 using IE8 (the user manual even suggests that problems might manifest themselves using IE9). I downloaded Firefox (v. 14) and thereafter was able to configure the GUI without further delay.
I installed two 1-GB Samsung enterprise-grade hard drives in the hardware with which I intended to run FreeNAS. I first edited my server’s BIOS to enable ACPI (ver. 3). I logged into the GUI and configured the basic password and network settings (covered elsewhere in this forum). I also made sure that the Host and Netbios names in this second server were different than those of my first server. I clicked on “Storage”—“View Disks” to verify that FreeNAS saw my drives. (At this point, the reader might want to use the “Wipe” utility on each disk they install if they previously used their disks in other hardware.) I then clicked on “Volume Manager,” selected member disks (using the ctrl key and mouse) and selected a file system type and encryption. I used ZFS (recommended--but only if you have at least 8 GB of RAM in your FreeNAS hardware), however, with no encryption, as I knew I would have more than ample space on the drives to store high-resolution photographs for later Photoshoping. I named the volume and configured my disks into a mirrored (RAID 1) array. I clicked “Add Volume” to finish the process. I set compression to “off” and “Enable atime” to off (the latter, per my preference, for faster performance) in the volume tools. I, thus, created a single volume for our family photographs. I ultimately added a dataset to this build, due to the fact that, upon installing Windows 8 in my computer, for some strange reason, I was seeing my FreeNAS configuration files in my share folder--I just clicked on "add dataset" in the volume display and configured it in a similar manner that I configured my volume, then a made slight changes to where user A's directory points and permissions (see below).
I then clicked on “Account” (in the left-hand window pane)—“Users”—“Add User” and created five users, A, B, C, D, and E (again, using family member’s first names as usernames). For all users I set the home directory to “/nonexistent” and I checked the boxes “read, write, and execute” for “owner,” “read and execute” for “group,” and “read and execute” for “other” and I left the two remaining configuration boxes unchecked. I did not change the shell settings or add e-mail addresses, but I inputted passwords for each user. (Note that the FreeNAS manual warns the reader to use the Windows logon name and its associated password for each [Windows] user as their user name and password when setting up these "Users" configurations, but see my comment about this matter below.) I clicked the “O.K.” button after I configured each user and double-checked my configuration work after I created my users. I then created a group which I named "View-Only" and clicked on the "Members" button of the group under "View Groups" to populate the groups with users B, C, D, and E.
I next went back to the “Storage” tab to configure my permissions. I clicked the “Change Permissions” tab for my dataset and selected the A’s (administrator’s) user name for Owner (user) and “View-Only” for Owner (group). For the volume I clicked the "Change Permissions" tab and selected "noowner" and "nogroup." I then checked the boxes in the volume and the dataset “read, write, and execute” for “owner,” “read and execute” for “group,” and “read and execute” for “other.” I left the remaining configuration boxes unchecked and selected “Windows” for the ACL setting (as all users would be accessing the FreeNAS server via Windows computers). I left the “Set Permissions Recursively” box unchecked (I implemented this feature in another way in my Windows Sharing setting--see next paragraph) and clicked the “Change” button. I double-checked my configuration work after I set permissions.
Lastly, I clicked the “Sharing” button in order to create a single share. I clicked the “Windows (CIFS) option (since all users would be accessing the FreeNAS server with Windows computers) and added my share by clicking the “Add Windows (CIFS) Share” button. I named my share “Pictures.” I browsed to the path of the volume, clicked the “Browsable to Network Clients” box and left all the other boxes unchecked except the "Inherit Owner" and "Inherit Permissions" boxes, which I checked to allow recursive permissions (evidently a fancy way of saying that permissions set in your dataset settings will apply to your share folder and all of its subfolders). I clicked the “O.K.” button for the share I created and I then double-checked my work. Note that, after you create your share, a popup screen will ask you to turn on the CIFS service—do so. After I, thus, created my share, I clicked on the “Services” button and, in the list on the page, clicked on the wrench icon associated with the CIFS “Core” button. I renamed the “Workgroup” using my Windows workgroup name, verified that “nobody” was listed under “Guest Account” and left the other settings unchanged. I clicked “O.K.” and exited the configuration screen.
I rebooted FreeNAS (via the GUI—reboot and/or shutdown here in order to avoid data corruption on your disks by a hard shutdown via the power button on your server hardware) and used the Windows Network Explorer to find access to the storage volume I had created. It appears as a folder with the title Pictures on FreeNAS (FreeNAS).” If all is well, you should be able to (left) click on the folder and a popup window requesting user name and password should appear (if not using a logon and password on your Windows account—If you do use a logon and password, then you will not have to enter it again when accessing the FreeNAS server). Enter this information. The administrator (A) should have read, write, and delete access to the folder. Note that once you enter a user name and password you do not need to enter this information again as long as you do not break the network connection (e.g., reboot your Windows computer or “Disconnect Network Drive” by right-clicking on the network icon and selecting the same).
(Note: When I migrated my computer to Windows 8, I had to make sure my FreeNAS share setting's host name and/or network settings NetBIOS name conformed exactly to their respective name rules for allowed characters--i.e., no spaces in the name are allowed--otherwise the NAS's icon won't appear under your computer's network display. This issue, for some reason, did not manifest itself in Windows XP or Windows 7.)
Again, I may have missed something in this write up—I hope not, but I apologize if I did. Perhaps a more-experienced user of the FreeNAS software can suggest a more elegant way of configuring the software than my example provides, but I was able to make the software do what I wanted it to do via its GUI configuration exclusively—no scripts or shell command line inputs necessary. I apologize for the length of this post, but I desired, once again, to make it as (again, excuse the term) “idiot-proof” as possible in consideration of those individuals who believe as I that computers should serve to accomplish tasks extrinsic to their own value as objects of fascination in their own right. I still have much to learn about FreeNAS, nevertheless, and I am grateful to the more-experienced users in this forum who have ever so patiently nursed me along in my own learning process.
I wish other FreeNAS users would take the time to post instructions on how they implemented a variety of successful builds.
--Soli Deo gloria