Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Lost in Windows]

I am trying to figure out if I can set up the DNS-323 to allow for users and groups to have or restrict access to certain directories on the 323. We want to use the DNS as a file storage server but we want each user to have a private area where they can keep files away from prying eyes. When I read the User manual and browse the forum I can't really tell if this is possible. Can anyone assist me with this?

If I set up users and groups on the 323 and the 323 doesn't use windows authentication how do I allow or deny access to a specific folder?

[fordem]

The DNS-323 does not support Windows AD authentication - so you have to manually create your users and assign passwords and access rights.

If all you want is a private area per user you should have no problems, it's when you start to get complex and want to have mutliple users accessing the same areas that problems will arise

[jswashburn]

...it's when you start to get complex and want to have mutliple users accessing the same areas that problems will arise

Which brings up an interesting question...

Does the device lock a file if a user opens it, thus preventing another use from making modifications? Take Word or Excel files for example. If user "A" opens a file, will user "B" be prevented from opening and/or making modifications to the file in the same directory? In a Windows enviroment, this would be the case. But how does Samba deal with file handles?

[ECF]

Which brings up an interesting question...

Does the device lock a file if a user opens it, thus preventing another use from making modifications? Take Word or Excel files for example. If user "A" opens a file, will user "B" be prevented from opening and/or making modifications to the file in the same directory?

Yes it does work as it should with these files. I have tried this on two XP machines. I opened my Word .doc and then on another PC accessed the same Word .doc and was prompt with the choices of how to open this file since it was being modified by another user. It seems to be working as it should.

[sowens01]

I do not see any setting other than read only and read/write.  I have one person in my work group that I do not want to have access to the NAS drives at all.
Can I set it up to prevent them from accessing it?

[ECF]

Just remove them from the group.

[kramerind]

I am having difficulty in understanding the logic of users and groups and perhaps this will help...below is a directory tree on the DNS-323...next to each are comments of what I would like to accomplish for each folder in that tree:

-Volume_1  (I don't want people to see this as a share name so no one can read/write to the root)
     |
     |-----  ShareA  (this is company wide information, accessible to everyone)
     |
     |-----  ShareB  (say this is sensitive for accounting/payroll only, read accessible by only certain users)
     |
     |------ ShareC  (user's personal shares, Read accessible by any user)
                 |
                 |--- UserA  (R/W accessible by any user)
                 |
                 |--- UserB  (R/W accessible by any users
                          |
                          |--FolderA  (R/W accessible by any user)
                          |
                          |--FolderB  (Read accessible by any user)
                          |
                          |--FolderC  (Accessible only by one user, the owner of folder UserB)


I have accomplished some of this already.

Volume_1:   Accomplished by removing the default rule

ShareA:  Accomplished by giving ShareA access to ALL users with R/W capabilities

ShareB:  Accomplished by creating a group, adding users to that group, then giving group R/W access to this folder.   Problem is, it seems users can only be in ONE group at a time (which is bizarre and seems to minimize the whole reason of having groups, albeit having one is still better than none).  Worse case, I can just assign individual users R/W access to this share as needed effectively freeing them up to be in a different group, just more entries to manage.

The next part is where the problems start..it seems the security of the parent directory is inherited into all sub directories and there is no "deny" functionality in the user interface.  So, if I give users access to ShareC, then there is no way to do the security I want to achieve on FolderB and FolderC.    If I create access to FolderB and FolderC, I cannot logically seem to find a way to allow access to ShareC

Is there a way I am just missing?   Is there a back way into the device through telnet or something that I could use linux commands to set access control lists?    Do I need to set up my heirarchy differently?   Right now the users want their folders wide open to other users, but have one folder inside their folder that has private access only.   


Suggestions?