En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

SMB File Share On Storage Gateway With Windows Permission

0

I'm testing out file shares using an on-prem storage gateway to S3 buckets configured for SMB (with AD integration). I setup a file share (SMB), added our admin group to the Admin group file access setting and left the default setting for File Share Access to allow everyone to access the root. But I'm having a hard time locking down the root share so that no one but admins can create folders. If I look at the Windows permission on the root, there "Everyone" group has full access to the root. It's my understanding that root permissions should not be messed with for each file share because they are not persisted on S3.
What's my best option in creating a root share folder so that only admins can create subfolders while everyone only has access to their respective sub folder?

Sujets
Stockage
Balises
Simple service de stockage AmazonPasserelle de stockage AWS
Langue
English
AWS-User-0751726
demandé il y a 2 ans1552 vues
2 réponses
1

Hi, to only have admin users full control access to root of the share and other users only access to their respective subfolders under root, you would be able to add admin users/groups with full control access on to the root of the file share and set apply to this folder, subfolders and files. After this, you would need to remove Everyone on root.

Next, you can add the respective users/groups with read-only access on the root and set apply to This folder only. Then, using admin users apply read/write or full control permissions for the subfolders for the respective users.

This way admin users can only create subfolders under root and respective users would be able to list/traverse the folders under root but access only their respective subfolders.

Since root ACLs aren't persisted to S3, when you delete the gateway/share, you would lose them upon recreating the share using the same bucket. I would suggest saving a copy of the root ACLs to re-apply in such scenarios.

profile pictureAWS
Surya
répondu il y a 2 ans
0

You can give Everyone read only access on the root directory. And provide full access to the respective sub folder to Everyone user.

AWS
V
répondu il y a 2 ans
  • AWS-User-0751726
    il y a 2 ans

    If I select "Read-only" under the File access setting then no one can create folders...not even admin group. I don't see another read-only option anywhere.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents