Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[dacker]

• My family's primary PC has four users accounts, 3 are Standard Users and mine is Admin
• My DNS-323 has four corresponding directories, one for each Windows User, plus a "Public" directory
• I would like each Standard User to have read/write permission on their own directory and on the Public directory but have no access of any kind to any other directories.  As the Admin for both the PC and the NAS drive, I want to retain complete access to everything.
• I also want all four accounts to be able to access the NAS drive as described above seamlessly, without having to login to the NAS drive as an extra step.

What's the best/easiest way to set this up? Should I be doing this via Windows security, the NAS drive's User controls, or a combo of both?  I know just enough to be dangerous, so I'd appreciate an expanded explanation.

Thanks!

[jhtopping]

I would start by using the web interface and go to Advanced-> Users / Groups and add a user for each family member.  Next I would create a group for each family member AND a group named Public.  Next, I would add each user to the the proper group with the desired Read/Write permissions.  When done, the Group List would look like the following.
    NO.       Group Name     User Name
       1        Father             Father
       2        Mother            Mother
       3        Daughter         Daughter
       4        Son                Son
       5        Public             Father, Mother, Daughter, Son

Under Windows you would need to create 5 Mapped drives with the drive letters F:, M:, D:, S: and P:.
I would hope that Windows would allow you, as Admin, the ability to restrict the drives that can be accessed by each user.

This should get you started.

[Steve Pitts]

Not the OP, but how do you achieve your suggested configuration?? I am using v1.10 firmware, which I guess may play into this issue, but I can only assign each user to a single group

[jhtopping]

When you are in Users / Groups, select the Group option and you can create a new group.  When the groups are created, use the Group Settings section to select a user, then select the desired group from the drop-down list and finally select Add function to the right of the list of users.  Finally, review the two lists at the bottom of the page.

[Steve Pitts]

I do all of that and each user is only a member of the last group they were added into not all of them.

[jhtopping]

It is a good thing I am not a betting person, Steve is correct.  I have never had a reason to try this, but it does appear that a user can not be a member of two different groups, at least when viewed through the web interface.

@Steve Pitts, since you are running fun_plug 0.5, can you confirm what is happening under the covers?

Updated 11/09/11.  On my primary 323 unit, I have two and one group.  The Group List at the bottom of the page will show both user names.  

On a test/backup 323 unit, I created four users and four groups and then added different users to multiple groups.  When I tried different things the information reported in the User List and Group List would change.  It appears to me that the Web User Interface has a buffer space problem and is not able to create accurate user and group lists.  JHT

[Steve Pitts]

since you are running fun_plug 0.5, can you confirm what is happening under the covers?

Ooh, a challenge

Just because I'm running funplug doesn't mean that I know my way around Linux, but you have just forced me to expand my knowledge a little bit, and the more that I read about Unix/Linux users, groups and file permissions, the more it makes sense that a user is restricted to a single group.

Anyone that knows more about Linux, especially the implementation on the DNS-323, is welcome to correct me, but from my reading it seems that each file is associated with a single user and a single group and that each user has a default (primary) group associated with it. Whilst it is possible (through the command line tools) to assign a user to multiple groups (and indeed, on my unit, all users are associated with a group allaccount, with a group id of 100, as well as the one it is assigned to by the web interface) the remotely connected user is going to have no way of changing their primary group and thus only that group is going to matter when they are trying to access files over the network.

It appears to me that the Web User Interface has a buffer space problem and is not able to create accurate user and group lists

No idea whether it is a buffer space issue, or something else, but on my system the list of groups displayed by the web interface doesn't tie up with what is in /etc/groups but also isn't restricted to the groups mentioned in /etc/passwd, so I'm at a loss as to where it gets the list from. I've tried having a dig around in the ASP source that drives that page but I can't figure out where it gets the functions that it uses to display the two lists, as they don't seem to be anywhere within the page or either of the Javascript files it pulls in.