What are the octal permissions of the directories /usr/lib?

Centrally manage FreeNAS permissions?

Is it possible to centrally control permissions on a FreeNAS or other UNIX-like filesystem? The FreeNAS http://doc.freenas.org/index.php/Volumes#Setting_Permissions indicate that the client OS is involved in setting permissions: "Once a share is available, the client operating system can be used to fine-tune the permissions of the files and directories that are created by the client." I'd prefer to be able to centrally establish permissions and have new files and folders inherit from their parent folder. Because I don't know any better way, I added some cron jobs that perform recursive chmod commands on the top-level folders once a minute. Without these jobs in place new files and folders are created with bizarre permissions by the clients (OS X seems particularly troublesome, since it appears local group IDs get sent along with the files sometimes?) resulting in people being unable to collaborate on items across workstations. Is there a better way to achieve this? In short, I'm trying to get the same kind of thing that you can easily do with Windows Active Directory shares and permissions.
Answer:

Part of the reason AD has better integration is because all clients use the same protocol to access data. AFP has a very different idea of permissions than SMB does. I'd suggest as a first solution try making the OS X clients use SMB also.

odinsdream at Ask.Metafilter.Com Visit the source

Was this solution helpful to you?

Other answers

I'm unfamiliar with how FreeNAS works. What protocol are the OS X clients using? AFP? SMB/CIFS? NFS? Something special?

sbutler

AFP for the OS X clients, SMB for the Windows clients, both clients operating on the same underlying data shares.

odinsdream

When I did something along these lines, I used SMB on the OS X clients as sbutler suggested on a painfully bizarre AD / Linux mongrel of an authentication system/file storage network. I still had a couple of cron jobs that did some chmod work on a couple of client shares that would not play well with others, so you're not too far off the path by my experience. Cron makes the world work.

ndfine

Alright, does anyone have advice on a more formal work-around for the cron approach? If this is a common issue surely someone's come up with a bash script that: Loops through top-level directories Takes the permissions, user and group settings for the directory Applies those permissions recursively to the sub-directories and files This would at least simplify the process so that I could easily add top-level directories without adding new cron jobs and new commands. Either that, or surely I'm missing something about how to set up inherited permissions on Unix filesystems?

odinsdream

Use NFS. You can (in theory, anyway) set up an Open Directory server that can work with your AD domain for authentication. This will centralize your UID/GID distribution. NFS uses POSIX permissions, and things work mostly as you'd expect. The main problem I have found is that sometimes OSX understands nested groups, and other times it just doesn't, so try to avoid that if you can. You'll have a bitch of a time getting all your UID/GIDs matched up and fixing the home directory permissions on the client machines. It is doable though.

Pogo_Fuzzybutt

You can (in theory, anyway) set up an Open Directory server that can work with your AD domain for authentication. I don't have an AD domain. User authentication was via the FreeNAS box's own users and groups. I need to preserve the ability for both OS X and Windows clients to connect, as well as remote connections via SCP. Are you saying I need to get the local client UID/GIDs to match the ones on the server?

odinsdream

Are you saying I need to get the local client UID/GIDs to match the ones on the server? Yeah, you life will be much easier if you do. A directory server can simplify this, but might be overkill if you have like 4 machines and users.

Pogo_Fuzzybutt

We're not very large, but I don't want to redirect the entire home directory to NFS, and I still want to offer share access to Windows clients, and via SCP. I'd just like the username with which you connect to the share, through whatever means, to dictate the user and group that's associated with new files created via that connection. This seems like a simple concept. Surely I'm not alone in wanting this.

odinsdream

to make files/directories inherit the parent's ownership, you need to enable the sgid (set group id) bit on the parent directories. http://www.library.yale.edu/wsg/docs/permissions/sgid.htm, or check the chmod manpage. depending how client machines access the share you may need to do this directly on the NAS rather than from a connected client.

russm

Related Q & A:

How To Manage Personal Debt?Best solution by Yahoo! Answers
is there a way to manage DNS without being a sysadmin?Best solution by Server Fault
Is there a way to fix home folder permissions remotely?Best solution by Super User
Can I change devices permissions with chmod?Best solution by Unix and Linux
How to check on all the permissions granted to a user and apply the same permissions to another user?Best solution by Stack Overflow

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.