Linux based NAS with a Windows domain controller: Permissions


Recommended Posts

Hello

I seem to have trouble with a Linux based NAS that I have made part of a Windows (SBS 2003) Active Directory domain. When I made it part of the domain, all the domain users have passed to it.

I cant write to the "root" of the NAS so I make a folder. Inside this folder, I copy all of my old data to it. The problem is that the permissions dont seem to pass or pass only sometimes....

To copy I use this: http://ipmsg.org/tools/fastcopy.html.en because it supports ACL.

The domain clients are Windows 7 and Windows XP. The NAS is a QNAP TS469U-RP.

Thank you for all the help

And what are the permissions? Just set them! And don't copy ACLs -- when you copy files they should use the permissions of the folder / drive you copy them too.

Set the permissions you want on the drive/folders of your nas! Sounds like you want to be able to copy to root? if so then correct the permissions..

What are you having trouble with about understanding permissions?

  On 16/07/2013 at 11:14, BudMan said:

And what are the permissions? Just set them! And don't copy ACLs -- when you copy files they should use the permissions of the folder / drive you copy them too.

Set the permissions you want on the drive/folders of your nas! Sounds like you want to be able to copy to root? if so then correct the permissions..

What are you having trouble with about understanding permissions?

The problem is that it is suppose to be automatic: When I copy from the server to the NAS, the permissions go with it. The permissions I am talking about are:

FolderA : User1 can write, User2 is owner, All of group Users can write, etc.....

That is what is not being passed.

And I do not want to do it manually because there are a lot files/folders and one of the features is that it supports passing ACLs....

Lets see the permissions please!

Screen shots works, lets see the effective permissions tab as well with a couple different user names put in.

example - this is from a client just right clicking on the share

post-14624-0-60632500-1373995178.png

If you NAS is linux based, make and model like sc302 suggested would be helpful.

ls -la listing from linux console for your files and directories would be helpful in seeing permissions set via linux.

for linux to use windows permissions you have to map them to a linux user normally.

Also you can copy ACLs with /0 in the builtin xcopy command

 /O           Copies file ownership and ACL information.
Or robocopy as well, another built in tool can copy permissions

/COPY:copyflag[s] :: what to COPY for files (default is /COPY:DAT).
                     (copyflags : D=Data, A=Attributes, T=Timestamps).
                     (S=Security=NTFS ACLs, O=Owner info, U=aUditing info).

      

             /SEC :: copy files with SECurity (equivalent to /COPY:DATS).
Keep in mind where you making a copy from - if any local permissions have been set its unlikely those would work, match up to domain accounts via SID, etc.

As setting permissions on your NAS, I would assume your wanting to remove the old files after you copy them.. So its just easier and cleaner to create the permissions you want to use on the device doing the shares vs trying to copy them.. Only reason to take the permissions along would be if you had complex permissions on each file, etc.

You can run into problems if inherit flags are being used on source or dest and they conflict or don't line up, accounts to map correctly, etc.

  On 16/07/2013 at 23:19, sc302 said:

what I would suggest is to use iscs vs nfs.  it will be much better for you if your ad permissions aren't being applied.  It would be best if you could dedicate a nic for it, but it is not needed.

I actually was intrested in iSCSI the problem with it is that Im not completely sure how it works and we were already using a "shared folder" type structure so the transition would be "transperent", we just decided to go with this.

If you could share some document with iSCSI and AD permissions, Ill consider trying it out :)

Another kicker: On the server there are groups I can add permissions for and on the NAS I cant!

On the left side, you see users/groups I can add for setting their different permission settings. This is the AD server.

But on the right hand side, you see the users/groups I can add for the NAS server. Shouldnt it, since I am accessing from the AD server, be the same?

Scratch all that: Just read it is by design. God, this is going to make my life a bitch :(

Not sure how in-depth you want to get into Linux but I managed to set this up using Software RAID6 on Linux with mdadm, 4TB  and got results of about 300MB/s read and 300MB/s write (That's MegaBytes not bits).  Wired that up through my place over a 1Gig/s network for around 120MB/s R/W to from that.  About 6 steps. 1 step to do the RAID.  So around $800 for 4TB and those speeds.

 

Here's the page about all that and it actually works as posted:  

 

All shared with CIFS and secured by selinux (Having said selinux, maybe that's where the issue is with yours?  Not sure.  Ran into the same thing with my custom one):

HTPC / NAS Backup

 

Sharing with Samba / CIFS

 

But like I said, not sure how in depth you want to get into Linux though having an entire OS behind the setup will give you lot's of tools in case of issues and not a closed down box.

 

HF!

  • 3 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Mozilla shuts down even more Firefox services you might still be using by David Uzondu A few weeks ago, Mozilla announced that its Pocket and Fakespot services were getting the axe as the company focuses more on Firefox. It is a complete shutdown. Pocket, the read-it-later service Mozilla bought in 2017, will stop working on July 8, 2025. You have until October 8 to get your saved articles out before they are deleted forever. Fakespot, which helped you spot garbage product reviews, is also being sunsetted. But the house cleaning does not stop with those two. Neowin has spotted a shutdown notice dated June 26, 2025 for Deep Fake Detector, the Firefox extension that was supposed to tell you if a piece of text was written by a human or an AI chatbot. That tool used a combination of Mozilla's own proprietary ApolloDFT engine and open-source models like ZipPy to give you a verdict on what you were reading. The notice says: This brings us to the AI tools. Following the pattern, the Orbit website was updated with a banner that announced the service would shut down by June 26. Orbit was Mozilla's big privacy-first experiment in AI. It was a Firefox add-on that could summarize articles and answer questions about a webpage's content without sending your data to a third party. This is not an AI exit. Mozilla is simply changing how it delivers AI features. Orbit's private, self-contained setup can be replaced with the new sidebar built directly into Firefox, letting you connect to third-party chatbots like ChatGPT and Gemini. But, for Orbit users, this is still a huge loss, as a key feature of the service was privacy. Your prompts were handled by Mistral LLM (Mistral 7B) within Mozilla's GCP instance and were not shared with other companies for model training, which was a huge selling point for people tired of being the product. Mozilla keeps saying these cuts are necessary. As the only major browser not owned by a tech giant, its resources are limited; hence, the need to focus its cash and engineering talent on the core Firefox browser to compete.
    • Too close to the Ultra, I have and love an Ultra but have held onto my watch 6 classic because it is nicer when wearing a suit to work.
    • Intel v32.0.101.6881 graphics driver fixes a popular multiplayer hero shooter by Taras Buria Intel is rolling out a new graphics driver under version 32.0.101.6881. This WHQL release does not contain much. In fact, there is only a single fix for a popular multiplayer hero shooter. The new driver fixes crashes when launching Overwatch 2 (DirectX 12) on High or Ultra graphics settings on Intel Arc A-Series graphics cards. From the changelog: Overwatch 2 (DX12) may experience an application crash while launching the game with High or Ultra graphics quality settings. Known bugs in the drive include the following: Intel Arc B-Series Graphics Products: Fortnite may experience an application crash when “Performance - Lower Graphical Fidelity” is selected as Rendering Mode. Recommendation is to use default Rendering Mode – DX12. Visual corruptions may appear in certain scenarios with multiple application interactions. Call of Duty: Black Ops 6 (DX12) may exhibit flickering corruption in certain scenes during gameplay. Returnal (DX12) may experience an application crash during gameplay with Ray-Tracing settings turned on. Call of Duty: Warzone 2.0 (DX12) may exhibit corruptions on water areas in certain scenarios. SPECapc for Maya 2024 may experience intermittent application freeze during benchmark. PugetBench for Davinci Resolve Studio V19 may experience an application crash while running the benchmark. HWiNFO may incorrectly report number of Xe Cores for certain Intel Arc B-Series Graphics Products. Intel Arc A-Series Graphics Products: Returnal (DX12) may experience an application crash during gameplay with Ray-Tracing settings turned on. Marvel’s Spider-Man 2 (DX12) may experience an application crash with Ray-Tracing and XeSS enabled. PugetBench for Davinci Resolve Studio V19 may experience an application crash while running the benchmark. Intel Core Ultra Series 1 with built-in Intel Arc GPUs: Adobe Premiere Pro may fail to import video. Mitigation is to use Intel NPU Driver version 32.0.100.3717 or lower. PugetBench for Davinci Resolve Studio V19 may experience errors intermittently with benchmark preset set to Extended. Intel Core Ultra Series 2 with built-in Intel Arc GPUs: Valorant (DX11) may fail to enumerate supported resolutions in game settings. Adobe Premiere Pro may experience an intermittent application crash. Adobe Premiere Pro may fail to import video. Mitigation is to use Intel® NPU Driver version 32.0.100.3717 or lower. PugetBench for Davinci Resolve Studio V19 may experience errors intermittently with benchmark preset set to Extended. You can install Intel 32.0.101.6881 WHQL driver on PCs with 64-bit Windows 10 and Windows 11 with the following graphics products from Intel: Discrete GPUs Integrated GPUs Intel Arc A-Series (Alchemist) Intel Arc B-Series (Battlemage) Intel Iris Xe Discrete Graphics (DG1) Intel Core Ultra Series 2 (Lunar Lake and Arrow Lake) Intel Core Ultra (Meteor Lake) Intel Core 14th Gen (Raptor Lake Refresh) Intel Core 13th Gen (Raptor Lake) Intel Core 12th Gen (Alder Lake) Intel Core 11th Gen (Tiger Lake) You can download the driver from the official website here. Full release notes are available here (PDF).
    • Just look at the shiney shiney Vista clone, ignore the fact that they are a disaster in anything AI related. Roll on the class actions for all iPhone 16 owners.
  • Recent Achievements

    • Collaborator
      Carltonbar earned a badge
      Collaborator
    • Explorer
      MusicLover2112 went up a rank
      Explorer
    • Dedicated
      MadMung0 earned a badge
      Dedicated
    • Rookie
      CHUNWEI went up a rank
      Rookie
    • Enthusiast
      the420kid went up a rank
      Enthusiast
  • Popular Contributors

    1. 1
      +primortal
      508
    2. 2
      ATLien_0
      268
    3. 3
      +FloatingFatMan
      248
    4. 4
      +Edouard
      201
    5. 5
      snowy owl
      168
  • Tell a friend

    Love Neowin? Tell a friend!