Author Topic: Network Sharing Question  (Read 3201 times)

Offline bedowyn

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Network Sharing Question
« on: December 14, 2011, 06:15:14 pm »
I have installed the Flex Raid 2.0 Beta and, after a few trials and tribulations, I am almost done.

I have manually created a parity pool, and it is working!
I have manually created a storage pool, and it is also working!!
I have shared said storage pool and can browse via the network!!! 

It is almost ideal.  But I can not seem to secure anything. :(  It seems that no matter what I choose in the sharing setup, anyone who accesses the share can do whatever they want.  I am not following what effect the "username" has on the share permissions, and even when set to read only, I could create files and folders, delete, etc.  Moreover, the relative Windows Security settings seem to have gone out the window when using the storage pool.

To put this plainly, is there a way to secure who can see what via the storage pool, and if so, can anyone point me to a resource for understanding it.  Indeed, is it possible for the FlexRaid drive to query Active Directory for Security?

Thanks in advance!  And regardless of the answers, great work!!!

Offline Brahim

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8,547
  • Karma: +204/-16
    • View Profile
Re: Network Sharing Question
« Reply #1 on: December 14, 2011, 06:20:53 pm »
The shares permission you set are handled by your OS.
As such, there is not FlexRAID involvement in the actual permissions outside of managing the permissions.
Without the permissions you have configured, there is not way to give you pointers.

Offline bedowyn

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Network Sharing Question
« Reply #2 on: December 15, 2011, 06:48:13 am »
The shares permission you set are handled by your OS.
As such, there is not FlexRAID involvement in the actual permissions outside of managing the permissions.
Without the permissions you have configured, there is not way to give you pointers.

Hi Brahim.  As I said, great work.

I am confused by what you are saying about permissions.  In my initial, quick testing, the permissions that I set on the actual drives do not appear to be carrying through to the share.  So if I can control access via the OS, is this something I would do directly on the pool "virtual" drive?  And if so, will these settings be retained after reboot?

I will do some more thorough trial and error testing.

Offline Brahim

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8,547
  • Karma: +204/-16
    • View Profile
Re: Network Sharing Question
« Reply #3 on: December 15, 2011, 09:46:15 am »
Are we talking about share permissions or NTFS permissions or both?
FlexRAID has full support for NTFS permissions (unless you switched to the old driver).
Again, it is hard to follow without knowing what specific permission you are settings.
Screenshots... :)

Offline bedowyn

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Network Sharing Question
« Reply #4 on: December 15, 2011, 10:37:54 am »
Ok... I will start at the beginning and work my way out... with SCREENSHOTS! :D  Let us not worry about Network Sharing for a minute, and just concentrate on local permissions first.

I have a file server called LIBRARY that is running Windows Server 2003.  My storage pool is called ""FlexRaid" and is setup as a Z Drive on the server.  This can be seen in the attached Capture1.PNG (Apologies, I am not figuring out how to post pics inline with the message).

It has two DRU and one parity drive, all of which are mounted as objects in a MOUNT folder, off of the OS root.  I have created a test user called TEST in Active Directory.  If I create a test folder on one these drives and make a point of denying access to my test user, this security works well, as showing in Capture2.png

However, if I access the same folder via the pooled drive, as showing in Capture3.png, then not only can I enter the folder, but I can see and manipulate the permissions on said folder, which is not something that I should be able to do.

It feels and looks like the Z Drive is wide open to anyone, regardless of the security I try to set.

Offline bedowyn

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Network Sharing Question
« Reply #5 on: December 15, 2011, 10:43:09 am »
Are we talking about share permissions or NTFS permissions or both?
FlexRAID has full support for NTFS permissions (unless you switched to the old driver).
Again, it is hard to follow without knowing what specific permission you are settings.
Screenshots... :)

Two more questions, maybe related??? :)
1. How would I determine if I do or do not have the correct driver?  If I do not, how would I correct?
2. How are share permissions implemented?  What do the user names relate to?

Offline Brahim

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8,547
  • Karma: +204/-16
    • View Profile
Re: Network Sharing Question
« Reply #6 on: December 15, 2011, 10:58:27 am »
Okay, much clearer.

If you did not explicitly configured things to use the old driver (System Control Panel -> Storage Pool Preferences), then you are using the new one. :)
Share permissions work just as if you were to create them in Windows. Same rules apply.

Try setting your logs to TRACE, access the "test" folder and post the logs.

Offline bedowyn

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Network Sharing Question
« Reply #7 on: December 15, 2011, 11:41:04 am »
So I finally understand how you implemented permissions; this might be something worth explain in plain language for some of the less technical users.

1. Permissions are implemented through the Windows Operating System, and can be manipulated as such on the fly, through the Windows shell.  However...
2. The Hard Drive is recreated every time the server reboots.  Therefore, any changes are lost.  To compensate for this, you are setting up permissions at the time you build the drive, as showing in the Storage Pool network shares area of your "desktop."
3. The UserName is a fully qualified user name. 

So in my case, I can use Test@TRT.local and it will set an equivalent windows permission on the drive at build time.  You can review/confirm this by looking at the share properties of the drive/folder in question.  But if you attempt to make changes here, they will be lost on reboot.  Instead, they must be setup in the FlexRaid "desktop."

I did not understand all of this, but now that I do, it is easy to control!

So all we have to do is figure out why the NTFS permissions are not working.  Although, this is not as big an issue, now that I can control access to the resources.

Offline Brahim

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8,547
  • Karma: +204/-16
    • View Profile
Re: Network Sharing Question
« Reply #8 on: December 15, 2011, 01:43:27 pm »
Just to create less confusions (I know you finally got it, but this is for other users reading this thread), shares are configured and managed as explained here: http://wiki.flexraid.com/2011/12/03/accessing-your-storage-pool-over-a-network/

To figure out the issue with NTFS permissions, yeah, I would need the logs as explained above.

Offline bedowyn

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Network Sharing Question
« Reply #9 on: December 15, 2011, 01:53:02 pm »
Try setting your logs to TRACE, access the "test" folder and post the logs.

Can you toss me a bone (hint) on how to do this? :)

Offline Brahim

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 8,547
  • Karma: +204/-16
    • View Profile
Re: Network Sharing Question
« Reply #10 on: December 16, 2011, 08:02:14 am »
Can you toss me a bone (hint) on how to do this? :)

Everything is on the wiki.