Trustees management

b_welding · December 18, 2011, 9:12pm

hello,

I’m trying to make the Public folder read only fir a user and to grant write access to a subfolder.

So I edited the trustees.conf file and reload the trustees.

this is what I have in the trustees.conf file

/dev/sda4]/shares:*:CRWBEXU
[/dev/sda4]/backup:*:CRWBEXU
[/dev/sda4]/shares:*:RBEXO
[/dev/sda4]/backup:*:RBEXO
[/dev/sda4]/backup/TimeMachine:*:RWBEX:*:CU
[/dev/sda4]/backup/SmartWare:*:RWBEX:*:CU
[/dev/sda4]/shares/Public:user1:RWBEX:user2:RWBEX:user3:RWBEX:user3:DW:*:CU
[/dev/sda4]/shares:+share:RWBEX:www-data:RWBEX
[/dev/sda4]/shares/user2:user2:RWBEX:*:CU
[/dev/sda4]/shares/user1:user1:RWBEX:*:CU
[/dev/sda4]/shares/user3:user3:RWBEX:*:CU
[/dev/sda4]/shares/Public:user3:DW
[/dev/sda4]/shares/Public/Upload:user3:W

with the 2 last lines I hope to deny write access to user 3 in /shares/Public and to grant write access to user3 in /shares/Public/Upload

But after applying the trustees /usr/local/sbin/setTrustees.sh, user3 doesn’t have the write access to /shares/Public/Upload

can you help me ?

Myron · December 19, 2011, 12:55am

You are aware that the Dashboard UI will always re-write this file? Better to mess about with the Samba server.

I’ll give you an example. Consider the following theoretical tree…

\\MyBookLive\PUBLIC.
├───Shared Videos
├───Shared Music
├───Other Files
└───Shared Pictures

Let’s say you want read only access to everything under Public BUT read/write access to Other Files to only user Jack.

The Public share is still there but read only. A new private share (which does not show up on the Dashboard UI) named Public_OtherFiles appears on the network (no need to reboot the MBL or restart services) that only Jack can write to and it does NOT break the Dashboard UI.

A possible modification to /etc/samba/overall_share:

[Public_OtherFiles]
  path = /shares/Public/Other Files
  comment =
  browseable = no
  invalid users =
  valid users = Jack
  read list =
  write list = Jack
  map read only = no

## BEGIN ## sharename = Public #
[Public]
  path = /shares/Public
  comment = Public share
  public = yes
  browseable = yes
  writable = no
  guest ok = yes
  map read only = no
## END ##

It’s a workaround and will survive a firmware update.

b_welding · December 19, 2011, 7:50am

ok, this could work for samba shares but the aim here is to administrate the rights for ftp access.

Concerning the rewrite of the trustees.conf file what do you think of this solution.

Create a new file named trustees_mod.conf and apply these permissions at startup with something like

settrustees -f /etc/trustees_mod.conf

All modifications made via the UI should be copied to the new trustees_mod.conf but I think I will not add users or modify permissions everyday.