Looking for how you normally approach permissions and access control in this setup.
Mac mini is meant to share its hard drive over SMB on Monterey.
Clients are allowed to connect to view and edit files on the host mini.
Each client has a “Sharing Only” user setup on the host mini.
Here’s the “access topology” for lack of better explanation:
mini/ <top level
Shared/ <everybody can access and edit
User1/, User2/, User3/ <each respective user can edit. Nobody else can edit or access
Therefore the Shared directory is accessible to everybody that can log in, then below that each user has their respective personal directory which NOBODY else can access.
This means that you only have to mount Shared directory to your client to be able to pull something from your personal directory and drop it straight into the Shared directory so everybody can get at it.
Problem I’m having is restricting access to anybody but the respective users on their folders. I chown User1 folder to User1, then chmod 700 and still other users can access and even edit the permissions of the folder!
Perhaps Shared should be “read only” and only the folders below that should grant any access to clients? Or there’s some standard setup I’m not aware of ?
Reason I’m asking is that while I could create two access points, one Shared and one for a User, dragging from one to the other forces it to copy rather than simply moving each item. Over the network. Slowly. Agonizing.
Mac mini is meant to share its hard drive over SMB on Monterey.
Clients are allowed to connect to view and edit files on the host mini.
Each client has a “Sharing Only” user setup on the host mini.
Here’s the “access topology” for lack of better explanation:
mini/ <top level
Shared/ <everybody can access and edit
User1/, User2/, User3/ <each respective user can edit. Nobody else can edit or access
Therefore the Shared directory is accessible to everybody that can log in, then below that each user has their respective personal directory which NOBODY else can access.
This means that you only have to mount Shared directory to your client to be able to pull something from your personal directory and drop it straight into the Shared directory so everybody can get at it.
Problem I’m having is restricting access to anybody but the respective users on their folders. I chown User1 folder to User1, then chmod 700 and still other users can access and even edit the permissions of the folder!
Perhaps Shared should be “read only” and only the folders below that should grant any access to clients? Or there’s some standard setup I’m not aware of ?
Reason I’m asking is that while I could create two access points, one Shared and one for a User, dragging from one to the other forces it to copy rather than simply moving each item. Over the network. Slowly. Agonizing.