locked
Share Security vs File/Directory Permissions RRS feed

  • Question

  • Hello....
    Working with servers in a business environment, it seems the norm is to handle security at the directory/file permission
    level, and give everyone full permission at the share level.  This lets for granular permissioning at lower levels.  It seems that WHS handles permissions via 'Groups' (and not individual users) at the Directory/File level and uses the Username for Share rights.  This is fine, but there does not seem to be an easy way to 'change' the rights because it looks like WHS does a self
    heal at times to reset the permissions.  Here is what I am trying to do.  Have a couple of extenders/Vista machines networked.  I have a photo share designated.  This share has a 'Family' directory as well as directories for each family member.  I am the only one who should be able to write to all the directories, and each family member writes to their 'own' directory.  Everyone can read from all the directories.  With this method, The Photo share, and all the subdirectories can be viewed from the extender by looking at the one share (Photos). 

    I tried this, and it works for the most part, but looking for a better way.  I manually (not via home server interface) changed one child to have full r/w share access to photos.  Then I create a group that has full access to her directory and place her in this group, while read access to the other directories.  This works fine until WHS resets the share rights for the user, because in the console she only has RO access.  If I use the interface to change her to RW, then she will have RW access to all photo directories including ones of other children.

    Does anyone know if this can be done easily.  ??

    Thanks,
    Steve
    Saturday, August 8, 2009 4:11 AM

Answers

  • Oh well....

    Thanks again...

    -Steve
    • Marked as answer by syssjr Sunday, August 9, 2009 4:39 PM
    Sunday, August 9, 2009 4:39 PM

All replies

  • Hello....
    Working with servers in a business environment, it seems the norm is to handle security at the directory/file permission level, and give everyone full permission at the share level.

    FYI, if you want to learn how to effectively use WHS, you have to let go of your business server tendencies.  :)

    This lets for granular permissioning at lower levels.  It seems that WHS handles permissions via 'Groups' (and not individual users) at the Directory/File level and uses the Username for Share rights.  This is fine, but there does not seem to be an easy way to 'change' the rights because it looks like WHS does a self heal at times to reset the permissions.

    That's correct.
     
    Here is what I am trying to do.  Have a couple of extenders/Vista machines networked.  I have a photo share designated.  This share has a 'Family' directory as well as directories for each family member.  I am the only one who should be able to write to all the directories, and each family member writes to their 'own' directory.  Everyone can read from all the directories.  With this method, The Photo share, and all the subdirectories can be viewed from the extender by looking at the one share (Photos). 

    I tried this, and it works for the most part, but looking for a better way.  I manually (not via home server interface) changed one child to have full r/w share access to photos.  Then I create a group that has full access to her directory and place her in this group, while read access to the other directories.  This works fine until WHS resets the share rights for the user, because in the console she only has RO access.  If I use the interface to change her to RW, then she will have RW access to all photo directories including ones of other children.

    Does anyone know if this can be done easily.  ??

    Thanks,
    Steve
    No, it can't.  Changing the permissions anywhere other than through the Console is unsupported (and will periodically reset itself as you found out).  The closest you can get would be to create new shares for each user (or use the shares that are automatically created when you add a user to WHS through the Console), then use the Console to set permissions through the Windows Media Center tab.
    Saturday, August 8, 2009 4:54 AM
    Moderator
  • And I take it that there is no way to share a directory that is within another share ?

    Saturday, August 8, 2009 12:33 PM
  • And I take it that there is no way to share a directory that is within another share ?


    That's correct.
    Saturday, August 8, 2009 12:46 PM
    Moderator
  • Oh well....

    Thanks again...

    -Steve
    • Marked as answer by syssjr Sunday, August 9, 2009 4:39 PM
    Sunday, August 9, 2009 4:39 PM