Some clarifications about secondary groups

Discussion about using NAS on Linux and Unix OS.
Post Reply
lmarceg
Starting out
Posts: 26
Joined: Wed Feb 20, 2019 4:44 pm

Some clarifications about secondary groups

Post by lmarceg »

Hi,
I am using a Mac with a TS231-P connected via NFS, as I cannot make Advanced Folder Setting a viable option under SMB.
Now, what I would like to achieve is in theory very simple, but still I haven't fully succeeded.
I have many folders which should be set as RW for me and RO for the rest of my family. Some specific folders should be set as RW for User J, some other folders as RW for user C. I would have the possibility to RW everything.

So far, I have created the users with the same name and uid in both the Mac and the QNAP.
I have changed ownership of all the folders to myself, RW and I have created a group called nas (gid 503) as RO. I have configured setgid for the folders, so that the group rights are preserved (therefore, the gid is not important, after all). For the folders that the rest of the family is entitled to write, I have configured folder group as RW
So, for instance, these two folders are RW for me and RO for the rest

drwxr-sr-x 19 luca nas 4096 Feb 9 2020 Alessandro
drwxr-sr-x 13 luca nas 4096 Aug 10 2018 Amici

and

drwxrwsr-x 11 507 nas 4096 Sep 1 17:05 03.Scuola Elementare
drwxrwsr-x 3 507 nas 4096 Feb 3 2021 04.Scuola Media

are instead RW for everyone

Now, this way I have only created two options, as user J can write where also user C can. Next step would be to create groups, but I have some problems:

1) the Mac already has a gid and a series of secondary gid

uid=501(luca) gid=20(staff) groups=20(staff),502(access_bpf),503(nas),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),33(_appstore),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae)

As you see, the first issue is that gid is 20 and I cannot add a gid lesser than 100 in the QNAP, because it will not show up in the GUI. Can I just create the group and then manually change it in /etc/passwd?
I also see that the group everyone is in the QNAP as well but the gid is not 12
The second issue is that the secondary groups shouldn't be more than 16, as far as I read, and in the Mac there are already 16 group, plus the one I added (nas, gid 503).

Now, the questions:

Can I use secondary groups to achieve my goal? I could create a group per user, like member1:member1 and member2:member2, with their RW attributes, and then a common group, family, read-only. I should also be part of member1 and member2, I would say.
This means that I need to add groups to the Mac, so there will be more than 16. Is that an issue? What happens if I go past 16?
Should I configure the groups only on the Mac or also on the QNAP?

I prefer to have some hints from you rather than trying, because you it's easy to mess up things once all these ids are created/modified/removed....

Thanks!
Luca
Post Reply

Return to “Linux & Unix (NFS)”