





















































The first step to creating a user is in fact to create a group. Each user must belong to a group. Groups are sets of users who are associated with one another. So in your business, you might have a sales group and a engineering group. At home, you probably only want one group, for example home.
Only a-z, A-Z, and 0-9 are supported in the group name. _ (underscores) and spaces are not supported, neither are punctuation characters like $%&* etc.
Now that you have a group created, you can create a user.
There are four mandatory fields:
You now have a user added to your FreeNAS server. Let's look at what effect adding a user has on the rest of the FreeNAS server.
To use the users you have defined with Windows networking, you need to go to the Services: CIFS/SMB page and change the Authentication field to Local User. Then click Save and Restart to apply your changes.
What this means is that only authenticated users can now access the FreeNAS shares via CIFS.
In version 0.6, this user authentication is for all the shares, the user has access to everything or nothing. This should change with 0.7.
When trying to connect now from a Windows Vista machine, a window pops up asking for a user name and password.
Once authenticated, the user has access to all the user shares on the FreeNAS server.
On the Services: FTP, there are two fields that control how users log in to the FreeNAS server:
The two can be used together; however, they do negate one another in terms of security. It is best to run the FTP with either anonymous logins enabled and local user logins disabled or vice versa. If you run with both enabled, then people can still log in using the anonymous method even if they don't have a user account and so, it diminishes the benefits of having the user accounts enabled.
Other than the security benefits, another advantage of local user login with FTP is that you can define a home directory for the user and when the user logs in, they will be taken to that directory and only they have access to that directory and those below it. This effectively offers each user their own space on the server and other users cannot interfere with their files.
To get this working, you need to create a directory on your shared disk. You can do this with any of the access protocols CIFS, NFS, FTP, and AFS. You need to connect to the shared disk and create a new folder.
Then, in Access: Users, either create a new user or edit an existing one (by clicking on the 'e' in a circle). In the Homedirectory, you need to enter the directory for that user. For example for the user john, you might create a directory cunningly named john. Assuming the disk is named store (as per the quick start guide) then the path for the home directory would be: /mnt/store/john.
Click Save and apply the changes. Now when John logs in using the user name john he will be taken directly to the john directory. He doesn't have access to other files or folders on the store disk, only those in john and any sub folder.
chroot() Everyone, but Root
In the advanced settings section of the Services: FTP page, there is a field called chroot() everyone, but root. What this means is that when a user logs in via FTP, the root directory (top or start directory) for them will be the directory set in the Home directory field. Without this set, the user will log in to the server at the physical / and will see the server in its entirety including the FreeNAS and FreeBSD system files. It is much safer to have this box checked. The exception to this is the user root (which in FreeBSD terms is the system administer account). If Permit root login is enabled, then the user root can log in and they will be taken to the root of the actual server. This can be useful if you ever need to alter any of the system files on the FreeNAS, but this isn't recommend unless you absolutely know what you are doing!