I’m setting up a Deadline render queue at a University and am working on the issue of user access to a network share where the rendered output will end up.
There is a file share for render outputs with read access to a group named ALLSTUDENT containing all of the students. They log into a workstation, connect to the NAS and create a folder with a name matching their username. The permissions on “Creator Owner” give full control over all subfolders and files which means that when students create a folder, they have full control over it, and other students can see that their folder exists (from the ALLSTUDENT permissions), but don’t have permission to open the folder and see what is inside.
The Deadline program runs on a server as a domain user account “render-client” and this user also has full control over the render output share allowing it to create files in the student directories. The problem is that once a file has been created, it is owned by render-client and the students don’t have permission to view, copy, or delete the output.
This is definitely a Windows NTFS permissions question, rather than a Deadline question. But I’m curious to know how any of the other Deadline administrators were able to find a solution.
I’m not sure how Windows ownership on creation works. In the Linux world, I’d make a group both are a member of and make sure the umask setting for the Slave allows group access to the files created.
Is there a deny rule on modification for the “render-client” group? I’ll bump one of my co-workers to see if his AD kung fu is stronger than my own.
I didn’t have any deny rules. I went round and round in circles over the weekend and ended up contacting another University to see how they did it.
The other University’s method was to remove the “CreatorOwner” permission and give the end-users (students) modify access to the Output folder, charging them with the responsibility to not mess around with other student’s projects.
I’m a bit wary of putting that much trust in the students, but I suppose giving them that responsibility isn’t a bad thing. They can have that freedom and if they abuse it, then the folder auditing will clear up any foul play and the administration can punish them.
For what its worth, that’s how I run our system at this school too - open permissions. I know that at least a few professional studios run like this as well.
I don’t know if you have the budget to enable snapshots, but it is worth it. How much space you would need for that depends on how long your students need to keep their data in their directory.