Modify Network Share
The Network Share Modify dialog controls general settings, user access, and permissions settings for the NAS share. Some settings like the User Access settings apply to CIFS access whereas the system permissions settings apply to both CIFS and NFS access.
- Network Shares created in ZFS based storage pools have compression enabled by default. You can also set a per share compression setting which is helpful in cases where the Network Share's data is either not compressible (jpgs, compressed video) or needs higher compression for a particular use case (long term archive of documents, email, etc).
- Network shares support quotas to control the total maximum amount of data that can be written to the share by all users. User specific quota management in handled in a separate User Quotas dialog.
- Sync Policy
- This setting is inherited from the Storage Pool just like the compression parameter. By default the 'standard' mode is a hybrid where synchronous IO (O_SYNC) is always written to disk before the client is told the write is complete and non-sync IOs are allowed to be cached for a very short amount of time in the storage pool's intent log for better write performance. The 'sync' mode is the most strict where all I/O is treated as O_SYNC and the 'disabled' mode indicates all writes can be cached for a short amount of time in order to boost write performance.
Navigation: Storage Management --> Network Shares --> Network Share --> Modify (toolbar)
The AD User and AD Group tabs provide access assignment for the share (i.e. can they even loin to the share) and some basic ACL permissions depending on the option selected.
- When you configure as 'Admin User' the user or group is given root user account privileges and van bypass any ACL settings on the share. We recommend assigning your Active Directory Administrator group or Administrator users that need to be able to configure permissions/security inside of Windows with the 'Admin User' access.
- If you assign 'valid user' then the user is mapped to a UID/GID that is generated for that user and the ACL's of the files and folders are used for security of that group or user. These ACL's should be setup and managed by the Security Tab inside of Windows when you right click on the Folder and open the properties window.
- 'Invalid user' blocks that specific user or group in the event they have other permissions from another assignment. for example if you have groupsin Active Directory that contain both users and groups, you could use this option to block specific group or user access.
- 'none' means that the user or group has no access assignment rules defined for that specific group or user name.
- AD User Searching and Caching
- The list of users shown in the AD Users and AD Groups sections come from the configured Windows Active Directory server. QuantaStor shows the first 500 entries plus all users that have been explicitly assigned or denied access to a share. To search for users to assign access to use the 'Search' button and QuantaStor will look for all users that start with the specified search string. QuantaStor maintains a cache of the users so that searching is fast and efficient but this also means that the cache can get stale. If you've recently added new users and groups to your AD configuration that are not showing up, use the 'Search & Clear Cache' to force the service to update its cache of AD user and group information. For systems that have very large AD environments you'll need to configure the QuantaStor appliance with an on-disk cache of the AD users using the 'sudo qs-util adcachegenall' command line utility. This is because the 'winbind' commands which QuantaStor uses to gather AD user and group information are not fast enough for very large environments which leads to sluggish performance when searching for users. By generating an on-disk cache the search performance problem is solved and becomes very fast and efficient even for large AD environments with 100K users.