Hello everybody!
I am having this strange-looking "?" floating above my head that only true misunderstanding of Samba permissions can produce – maybe you can help me changing it to "!"?
On my TrueNAS Core, I have an SMB share I want to give access to a group of users in order to let them share files.
The users are
They are all members in the auxiliary
The users all have SambaAuth=Yes.
The Share has the following filesystem ACL:
Owner: root/wheel
owner@ - Allow - Basic - Full Control - Basic Flags - Inherit
group@ - Allow - Basic - Full Control - Basic Flags - Inherit
Group smb_users - Allow - Advanced - {Read Data, Write Data, Append Data, Read Named Attributes, Execute, Delete Children, Read Attributes, Write Attributes, Read ACL} - Basic Flags - Inherit
The intention of that ACL is: Everybody from the smb_users group shall be able to read and write at the share, but may not start messing around whith ACLs.
But something seems to be wrong with it – when
When I go to the shell and do
What am I obviously doing wrong?
I am having this strange-looking "?" floating above my head that only true misunderstanding of Samba permissions can produce – maybe you can help me changing it to "!"?
On my TrueNAS Core, I have an SMB share I want to give access to a group of users in order to let them share files.
The users are
smb_one
, smb_two
and so on (currently just testing, as you might imagine).They are all members in the auxiliary
smb_users
group (GID=Auto, Sudo=No, SambaAuth=Yes).The users all have SambaAuth=Yes.
The Share has the following filesystem ACL:
Owner: root/wheel
owner@ - Allow - Basic - Full Control - Basic Flags - Inherit
group@ - Allow - Basic - Full Control - Basic Flags - Inherit
Group smb_users - Allow - Advanced - {Read Data, Write Data, Append Data, Read Named Attributes, Execute, Delete Children, Read Attributes, Write Attributes, Read ACL} - Basic Flags - Inherit
The intention of that ACL is: Everybody from the smb_users group shall be able to read and write at the share, but may not start messing around whith ACLs.
But something seems to be wrong with it – when
smb_one
creates a file (or directory), smb_two
can read the file and the directory and he/she can delete both – but he/she cannot modify the file!When I go to the shell and do
getfacl my_file.txt
, I get this:Code:
# file: my_file.txt # owner: smb_one # group: wheel owner@:rwxpDdaARWcCos:------I:allow group@:rwxpDdaARWcCos:------I:allow group:smb_users:rwxpD-aAR-c---:------I:allow everyone:--------------:------I:allow
What am I obviously doing wrong?