QNAP Folder Permission Issue
-
Hi All,
I am having a folder permission issue with our QNAP TS-459U Turbo NAS , we have enabled windows ACL in QNAP ,so that the permission for the folders are applied through windows explorer.
Folder structure are
-- Root Folder
------First Sub Folder
---------Second Sub FolderI have configured full permission to a user for the second sub folder and read only access for Root Folder and First Sub Folder . Please find the image of folder permssion in windows explorer.
The issue is that the user complaint that he doesn't have a write access to the folder. while checking the permission through QNAP web UI ,it is showing read+write access and preview shows Read Only.
Any one face this issue, is this a QNAP bug or we need to do any other configuration.
Please advice.
Thanks in advance.
-
You appear to be mixing permissions. NTFS ACLs are one thing. That is what you are showing up above and that is what you enabled on your QNAP. That's file system permissions.
What you are showing below on the QNAP is the SMB Share Permissions. These two are unrelated. The QNAP cannot read the files and does not know anything about your ACLs. If you are on the QNAP, you are controlling the SMB Share permissions. If you are in Windows Explorer it cannot modify the share, it can only set the NTFS ACLs.
So you need to make sure that you are properly configuring both the share AND the ACLs or you will have broken permissions. The two are cumulative, obviously.
-
@scottalanmiller said:
u are showing below on the QNAP is the SMB Share Permissions. These two are unrelated. T
If i delete the user from windows ACL , then the user will be moved from the QNAP Share permission, how its happen if they are unrelated , its a doubt
-
SMB Share Premissions Filter the NTFS Premissions.
In Otherwords. NTFS Premissions grants you access to files on the share, but you still need the Share permissions to access the share. SMB Shares Premissions should never be a person, it should almost always be a group, many cases either Everyone/Authenticated Users or a Group for the Department etc.
NTFS shares should mostly be groups for administrative shake (users quitting etc) expect the home folder (which can still be done with Creater-Owner when doing GPP Mapped Drives and Folder redirection).
It's somewhat bad practice to use individual users in permissions as it's a management nightmare.
-
@sreekumarpg said:
If i delete the user from windows ACL , then the user will be moved from the QNAP Share permission, how its happen if they are unrelated , its a doubt
That doesn't happen. They are unrelated. What you set in ACLs has no effect on what is in the share permissions.
-
Also, what do you mean "delete" from NTFS ACL? (There is no such thing as a Windows ACL, so don't use that term.) That's an odd thing to say. You might say remove, but the user can't be deleted, you just don't assign them any specific permissions in ACLs.
That you say "Windows ACL" makes me think that you might be confused about more than just the ACL permissions vs. SMB permissions.
For example, if you change the filesystem from NTFS to FAT32, the ACLs vanish as FAT filesystems do not have ACLs at all. But if you share a FAT32 via SMB, SMB Share permissions are the same as always.
-
Both SMB Shares and NTFS ACLs use a user list from Active Directory, of course, if that is set up properly. But AD is just a user list that the two, unrelated systems, pull their list of accounts from. SMB and NTFS can't talk to each other. One is a network protocol, the other is an on disk filesystem. Conceptually, they can't communicate or interact with each other.
-
Thanks for correcting me ..
How can i provide full permission to to that folder to the user . Full permission is configured with Windows ACL . Also am confused that the read/write tick is enabled and preview showing Read Only . i have verified all other folders,non having this issue
-
@sreekumarpg said:
How can i provide full permission to to that folder to the user . Full permission is configured with Windows ACL . Also am confused that the read/write tick is enabled and preview showing Read Only . i have verified all other folders,non having this issue
Because FOLDERS can only have NTFS ACL permissions. Granting "full" in ACL has nothing whatsoever to do with the SMB Share.
It is the SMB Shere where you are seeing Read Only. You can only modify the SMB Share permissions on the QNAP.
Windows cannot change the share permissions, QNAP cannot change the ACL permissions. There is no exception to this.
-
I was referring this link
https://www.qnap.com/i/in/trade_teach/con_show.php?op=showone&cid=9
-
@sreekumarpg said:
I was referring this link
https://www.qnap.com/i/in/trade_teach/con_show.php?op=showone&cid=9
Which part of it? I'm not sure that I follow.
-
@sreekumarpg said:
I was referring this link
https://www.qnap.com/i/in/trade_teach/con_show.php?op=showone&cid=9
That's Talking about Enabling NTFS Permission Support and Changing them. What's the Question?
It sounds like the Issue is you gave them Read Only to the SMB Share but Full to the NTFS Permissions. NTFS Permissions apply both locally and remotely. SMB shares only apply remotely. For example if that user was able to access the folder locally (say it was on a desktop instead of a NAS) He would have full permissions but, since it's remote it gets filtered through the SMB Permissions and and max the user only can have Read-only access.
-
Thanks all , now am cleared
-
Great, glad that we were able to get that sorted. Because the permissions are layered when accessing a share remotely it can get pretty confusing, especially when you never have raw access to the filesystem when on a NAS compared to sharing from a desktop, for example.
-
Dear Sreekumarpg how did you solved the issue then ..
as i am having the same problem. -
@ammarmalhotra said in QNAP Folder Permission Issue:
Dear Sreekumarpg how did you solved the issue then ..
as i am having the same problem.It is possible that your issue is different. I would post a new thread with your details and we will help you track down the problem.
