Hi guys,
I have a problem with QNAP NAS, subfolder and ACL permissions.
That has been discussed over and over in this forum but sadly I did not find a solution to my issue yet
The System
QNAP TVS-671-i5-8G
Firmware 4.3.3.0210
The Problem
I try to set up the folder structure to be used by Windows clients/users with active directory-authentication afterwards.
The users shall not change anything on the share itself (read-only) but should have write access to some subfolders.
Example:
Share "Documents"
--- Folder "Department A"
--- Folder "Department B"
People that work in "Department A" shall not access "Department B" and otherwise around.
Configuration
QNAP
Connected to the local domain.
Created the share "Documents" with full access for QNAP\admin and domain\domain-administrators.
Activated the use of ACL and extended folder permissions on the QNAP.
Windows
In Windows Explorer I created the folder "Department A" with read/write access for group domain\department a, full access for domain\domain-administrators.
Created a GPO that gives "Department A" a network share with UNC \\QNAP\Documents\Department A.
The same with "Department B".
Result
That way users from "Department A" are not able to access the folder "Department A" at all
No problems with a domain administrator account.
Adding read-only to the share "Documents" for domain\domain-users lets me access the Folder "Department A" but it is just read-only.
Somehow the permissions from the Share above overwrite the permissions for the department.
So I deactivated permission inheritance on the subfolders and set all permissions manually:
Folder "Department A"
full access for qnap\admin
full access for domain\domain-administrators
read-write for group department a
Still no joy, the problem stays the same.
Checked share permissions and they are set to anyone with full access.
I have the strong feeling that I am overlooking something.
Right now I am scratching my head and try to figure out what I am missing.
Hopefully you can point me in the right direction.
Greetings
isard
Edit:
Seems that I am pretty much doing the same as mentioned by schumaku in his first post here: viewtopic.php?t=115371.
I guess I am on the right track somehow...
Nested Folder Permissions
Windows Access Rights Management
Jump to
- QNAP General
- ↳ Announcements
- ↳ Features Wanted
- ↳ Users' Corner
- ↳ Official Apps
- ↳ Prestashop
- ↳ Webalizer
- ↳ Virtualization Station
- ↳ Notes Station
- ↳ SocialLink Station
- ↳ McAfee Antivirus
- ↳ IT Management Station
- ↳ Container Station
- ↳ Qsirch & Qfiling
- ↳ Community Apps
- ↳ Apps Wanted
- ↳ Partner Apps
- ↳ BitTorrent Sync
- ↳ EZPhone
- ↳ Plex Media Server
- ↳ Ragic
- ↳ Tonido
- Getting Started
- ↳ Frequently Asked Questions
- ↳ Presales
- ↳ Turbo Station Installation & Setup
- General
- ↳ Hardware & Software Compatibility
- ↳ HDD Spin Down (HDD Standby)
- ↳ Seagate Drive Discussion
- ↳ Western Digital Drive Discussion
- ↳ File Sharing
- ↳ Mac OS
- ↳ Linux & Unix (NFS)
- ↳ Windows
- ↳ Backup & Restore
- ↳ Symform
- ↳ Microsoft Azure
- ↳ OpenStack Swift
- ↳ Amazon Glacier
- ↳ Amazon S3
- ↳ WebDAV-based Backup
- ↳ Google Cloud Storage
- ↳ Object Storage Server
- ↳ ElephantDrive
- ↳ Xopero
- ↳ System & Disk Volume Management
- ↳ Web Server & Applications (Apache + PHP + MySQL / SQLite)
- ↳ Download Station and QGet
- ↳ myQNAPcloud service
- ↳ Surveillance Solution
- ↳ Miscellaneous
- ↳ QIoT
- ↳ QuAI
- ↳ QVR Face
- Business
- ↳ Windows Domain & Active Directory
- ↳ iSCSI – Target & Virtual Disk
- ↳ Remote Replication/ Disaster Recovery
- ↳ Server Virtualization & Clustering
- ↳ NAS Management
- ↳ QES Operating System (QNAP Enterprise Storage OS)
- Multimedia
- ↳ Photo Station, Music Station, Video Station
- ↳ Media Streaming
- ↳ Mobile Devices