Local User Management

The first step to creating a user is in fact to create a group. Each user must belong to a group. Groups are sets of users who are associated with one another. So in your business, you might have a sales group and a engineering group. At home, you probably only want one group, for example home.

1. To create a group, go to Access: Users and Groups and click on the Group tab.
2. Now click on the add circle.
3. The form is very simple; you need to add a name and a description. For example sales and "The sales people".
4. Now click Add and then apply the changes.

Only a-z, A-Z, and 0-9 are supported in the group name. _ (underscores) and spaces are not supported, neither are punctuation characters like $%&* etc.

Now that you have a group created, you can create a user.

1. Click on the Users tab.
2. And then on the add circle.
   • Login: This is the unique login name of user. If the user already has a login name on other servers or workstations, like a Windows user name or a Linux user name, it is best to keep it the same here. This way the user doesn't need to try an remember an extra username and also some programs (particularly Windows) try and log in with the Windows user name before asking which name it should use. Keeping them the same will ease integration.
   • Full Name: The user's full name. Often, the login name is an abbreviation or short name for the user like john, gary. Here you need to enter the full name so that it is easy to tell which login name belongs to which person.
   • Password: Their password (with confirmation). The colon ':' character isn't allowed in the password.
   • Primary Group: The group to which they belong, for example sales.

There are four mandatory fields:



3. To finish, you need to click Add and apply the changes.

You now have a user added to your FreeNAS server. Let's look at what effect adding a user has on the rest of the FreeNAS server.

Using CIFS with Local Users

To use the users you have defined with Windows networking, you need to go to the Services: CIFS/SMB page and change the Authentication field to Local User. Then click Save and Restart to apply your changes.

What this means is that only authenticated users can now access the FreeNAS shares via CIFS.

In version 0.6, this user authentication is for all the shares, the user has access to everything or nothing. This should change with 0.7.

When trying to connect now from a Windows Vista machine, a window pops up asking for a user name and password.

Once authenticated, the user has access to all the user shares on the FreeNAS server.

FTP and User Login

On the Services: FTP, there are two fields that control how users log in to the FreeNAS server:

• Anonymous login: This allows you to enable anonymous login. This means the user connects with the user name anonymous and any password.
• Local User: This enables a local user login. Users log in using the user name and passwords defined in the Access: Users and Groups page.

The two can be used together; however, they do negate one another in terms of security. It is best to run the FTP with either anonymous logins enabled and local user logins disabled or vice versa. If you run with both enabled, then people can still log in using the anonymous method even if they don't have a user account and so, it diminishes the benefits of having the user accounts enabled.

Other than the security benefits, another advantage of local user login with FTP is that you can define a home directory for the user and when the user logs in, they will be taken to that directory and only they have access to that directory and those below it. This effectively offers each user their own space on the server and other users cannot interfere with their files.

To get this working, you need to create a directory on your shared disk. You can do this with any of the access protocols CIFS, NFS, FTP, and AFS. You need to connect to the shared disk and create a new folder.

Then, in Access: Users, either create a new user or edit an existing one (by clicking on the 'e' in a circle). In the Homedirectory, you need to enter the directory for that user. For example for the user john, you might create a directory cunningly named john. Assuming the disk is named store (as per the quick start guide) then the path for the home directory would be: /mnt/store/john.

Click Save and apply the changes. Now when John logs in using the user name john he will be taken directly to the john directory. He doesn't have access to other files or folders on the store disk, only those in john and any sub folder.

chroot() Everyone, but Root

In the advanced settings section of the Services: FTP page, there is a field called chroot() everyone, but root. What this means is that when a user logs in via FTP, the root directory (top or start directory) for them will be the directory set in the Home directory field. Without this set, the user will log in to the server at the physical / and will see the server in its entirety including the FreeNAS and FreeBSD system files. It is much safer to have this box checked. The exception to this is the user root (which in FreeBSD terms is the system administer account). If Permit root login is enabled, then the user root can log in and they will be taken to the root of the actual server. This can be useful if you ever need to alter any of the system files on the FreeNAS, but this isn't recommend unless you absolutely know what you are doing!