Unraid Sub-Folder Permissions

[wolfslab]

I am setting up an Unraid Server (64TB) for the film department in my High School. It's all up and running. I have one main share for the whole server, along with Nextcloud running on top of it for a web GUI for files just connecting through different SMB directories (I have permissions for that all good). I want to have the following user permissions for the main share.

 

• I want to have an admin account (like teacher or special case students) that have access to everything in the main share and all of its subdirectories. 
• I would like to have a few different users (general student ones) that can only access a specific sub-folder or a few of the sub folders. Preferably, I would like them to have zero read access as well to the folders they shouldn't be accessing. 

I know Unraid doesn't exactly support this, but I know SMB does. The Unraid way of doing this would be one user per share, but some people would need access to multiple shares that way, and it would be more confusing and a hassle for them to setup many shares, rather than just 1 main share. I am new to SMB shares, but I have read that you have to add stuff into the "smb-extra.conf" file. I have no idea how to format that or what I should put.

 

How would I format and write out the extra config for SMB? Especially in terms of Unraid, as I am not sure if it is different.

 

PS: I did set SMB to use SMB2, as the computers here require that to be a minimum for SMB access.

[Jarsky]

For SMB, security is per 'share'.  So e.g \\tower\project1  \\tower\project2  \\tower\project3

You would have 1 security setup per each of those SMB shares. UnRAID and SMB in particular doesnt support granular group permissions, it really only supports a user share permission.

 

The problem with UnRAID is that if you want to do group permissions using Linux security groups, the /etc/groups doesn't survive through reboots since UnRAID runs in memory. I imagine this could probably be worked around by creating a job that runs at startup to copy the groups file from another storage to the /etc/groups at boot and periodically and you edit that copy of the groups file when you need to make changes. I havent tried doing this though. 

 

If the folders stay fairly static, I guess the users could be setup with a home share e.g /mnt/user/<username> and you could symlink the shares (e.g /mnt/user/project1) to their home folders.....you could make a script to do this, but you'd obviously have to run this script with every new user, and it would require a lot of manual rework if you need to add more access for them. I imagine this probably isn't an ideal solution. 

 

UnRAID does support ACL's, so if you're using a Domain Controller (Active Directory) you could join it to the domain, and assign your groups using setfacl