SMB File Share On Storage Gateway With Windows Permission


I'm testing out file shares using an on-prem storage gateway to S3 buckets configured for SMB (with AD integration). I setup a file share (SMB), added our admin group to the Admin group file access setting and left the default setting for File Share Access to allow everyone to access the root. But I'm having a hard time locking down the root share so that no one but admins can create folders. If I look at the Windows permission on the root, there "Everyone" group has full access to the root. It's my understanding that root permissions should not be messed with for each file share because they are not persisted on S3.
What's my best option in creating a root share folder so that only admins can create subfolders while everyone only has access to their respective sub folder?

asked 9 months ago367 views
2 Answers

You can give Everyone read only access on the root directory. And provide full access to the respective sub folder to Everyone user.

answered 9 months ago
  • If I select "Read-only" under the File access setting then no one can create folders...not even admin group. I don't see another read-only option anywhere.


Hi, to only have admin users full control access to root of the share and other users only access to their respective subfolders under root, you would be able to add admin users/groups with full control access on to the root of the file share and set apply to this folder, subfolders and files. After this, you would need to remove Everyone on root.

Next, you can add the respective users/groups with read-only access on the root and set apply to This folder only. Then, using admin users apply read/write or full control permissions for the subfolders for the respective users.

This way admin users can only create subfolders under root and respective users would be able to list/traverse the folders under root but access only their respective subfolders.

Since root ACLs aren't persisted to S3, when you delete the gateway/share, you would lose them upon recreating the share using the same bucket. I would suggest saving a copy of the root ACLs to re-apply in such scenarios.

answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions