Connect only to sub-directories over VPN

[HCHTech]

I have a customer with a Sonicwall and a Synology NAS. They are on a workgroup, no file server. We have a user share with subdirectories for each user. We have granular permissions setup and each employee's (Windows) computer has a mapped drive letter pointing to their individual user directory.

Enter remote access. There is an employee who only has Macs at home, so I loaded up the Sonicwall Mobile Connect app on their iMac, which lets them connect ok, but i find that I cannot use the "Connect to server" feature of Finder to mount the user directory. You can only mount the root of the share, apparently. This is no good because that gives them access to everyone's directory.

I don't know if this is a limitation of OSX, or an incompatibility between OSX & the Synology OS, or has something to do with the Mobile Connect application.

For now, I've "solved" the problem by moving that employee's user directory to the root of the Synology. This let's me keep them from having access to the rest of the files, but is breaking convention. I'm not particularly keen on changing how the existing share is organized just for this one employee who happens to have a Mac at home.

Has anyone else run into this? Maybe there is a tricky way in OSX that I'm missing to mount only a subdirectory?

 

[Markverhyden]

Not sure how you have the Synology setup. Once a VPN tunnel has been created you are on the remote LAN just as if you were onsite. So anything you do locally can be done at the remote site. I just tested Connect to server on my Synology and had no problems drilling down to a sub directory using the command below in the connect to server field. What I have noticed is that the Synology security model is a bit clunky compared to others I use.

smb://1.2.3.4/rootfolder/subdirfolder

 

[HCHTech]

Yeah, that's basically what I'm doing - what I'm getting if I open the mounted drive in Finder, though, is a root folder view. It includes the subfolder, but I'm seeing all of the folders at the same level as the subfolder. I'll go through everything again tomorrow - I've done this before lots of times with Windows PCs - maybe I missed something.

 

[Markverhyden]

And on the Mac. Go into keychain and search for all entries with the ip address of the Synology box and delete them. If credentials were applied previously to folders upstream they will still have access to them.

 

[trevm999]

Are you sure it's not just Finder's viewing settings? (sorry if that is a silly question)

Also if that account can actually access other users files and it is not what @Markverhyden said, then it sounds like there is something wrong with the permissions.

 

[HCHTech]

From the behavior, it sounds like the problem is permission related - this person is the office manager, so may have permissions at a higher level - I guess this is a difference between OSX and WIndows, then? I'm sure in Windows that I can map a subdirectory directly (say that 3 times fast) even if I have permissions to the root, yes? I'll report back when I go through the permissions.

 

[Markverhyden]

I just ejected all shares and did a direct map to a subfolder. It did NOT mount the parent folder along with the target. Best to access the machine and check everything, including login items.