DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#1 2009-01-18 20:59:52
- Pjanssen
- Member
- Registered: 2008-05-23
- Posts: 6
Need some help with setting up permissions
Hi,
I'm trying to set up my NAS users and permissions, so that it suits my needs. Since I'm pretty new to Unix/Linux, this is giving me quite a lot of troubles.
What I'm basically looking for is this:
-root user with access to everything.
-a user with access to pretty much everything (everything on /mnt/HD_a2 )
-users with different specific permissions. (for example a group with access only to /mnt/HD_a2/Data, a group with acces to /mnt/HD_a2/Data/Media, and so on. ).
Another thing that I want to set up is a directory list limit for the users in the last group. I have noticed that when I set up the permissions through the web interface (CH3SNAS), a remote ssh session with a 'restricted' user can still get into /mnt/HD_a2 without any problem. This is something that I want to avoid. When the user logs in, it should automatically be pointed into it's "root" folder.
I hope that you guys can help me getting this set up 
Thanks!
ps. I've got funplug and openSSH running.
Last edited by Pjanssen (2009-01-18 21:15:41)
Offline
#2 2009-01-19 19:25:29
Re: Need some help with setting up permissions
Read any linux tutorial on Samba and especially samba conf file - you can achieve your goals by simply modifying this file.
For how to use a modified samba configuration file on your NAS, http://dns323.kood.org/forum/t1232-wher … ed%3F.html
The wiki also has info on this.
1 DNS-323, HW B1, 2 x 2TB WD Black (WD2001FASS), fw 1.09, fun_plug 0.5
1 DNS-321, HW A2, 2 x 1TB Seagate Barracuda 7200.11 (currently failed)
Here's my Hacking DNS-323 and DNS-321 NAS Guide
Offline
#3 2010-07-15 10:41:58
- mcfly982
- New member
- Registered: 2010-02-06
- Posts: 3
Re: Need some help with setting up permissions
I have the exact same question. Can someone help us out... I have tried to read linux tutorials but it's not as easy as InBonobo makes it out to be.
A little direction would be greatly appreciated.
I've tried editing the passwd file, the sshd_config file and everything using the DNS-321 GUI. Anytime I add a user through the GUI, they get added to my passwd file and when the user logs in using SSH Filezilla, they have "root" type access to EVERY file on the DNS-321.
Offline
#4 2010-07-16 01:46:56
- karlrado
- Member
- Registered: 2009-12-07
- Posts: 229
Re: Need some help with setting up permissions
You are getting "root type" access because when someone stores a file on the DNS from the network via Samba, Samba creates the file with mode 0777. This mode effectively lets any user read/write the file.
If you look at the /etc/samba/smb.conf file, you'll see settings for "create mask", "directory mask", "force create mode", "force directory mode". They are all 0777 on my machine. I'd suggest looking these up in the Samba docs (search online) and change them as needed. The link InBonobo posted explains how to make the changes "stick".
If I wanted files to be writable only by their owners and readable by everyone else, I would set:
create mask 0644
directory mask 0755
force create mode 0444
force directory mode 0555
Then restart samba to pick up the change and then store a new file on the DNS from a Windows box or whatever. If the original file was read-only, the permissions of the new file on the DNS should be 444. If the file on the Windows box was not read-only, then the permissions should be 644. The owner of the file should be the user who created the file; not root.
Once you get that working, you'll have to go through any other existing files in HD_a2 and change their permissions to what is desired, as any other existing files will be 777. Use chmod.
If you want to NOT let everyone have read access to these files and only the owner can read/write, then the settings would be:
create mask 0600
directory mask 0700
force create mode 0400
force directory mode 0500
These values can be specified on a per-share basis and could therefore be used to make "private" areas for people.
Most of the files in the root directory (not HD_a2) should be pretty much set up so that root owns them and only root can write to them. So, you will see a lot of 755 and 644 perms there. 755 is writable only by root, but read and executable by everyone. You probably should not change any of these permissions. Your will probably be able to see, read, and execute many of them, but should not be able to modify them.
As for what shell gets started and the user's starting directory, you might refer to the instructions in ffp setup regarding setting up the root account and apply them to the other users as well.
Anyway, the general way to fix this is to tweak the samba parameters.
DNS-323 FW 1.07 : 2 1TB WD Caviar Green SATA : fun_plug: utelnet + optware (no ffp)
Offline