SMB Sharing issues

kirkdickinson

Contributor
Joined
Jun 29, 2015
Messages
174
I set up a new TrueNAS machine back in December. It is just running pretty much as a backup machine right now and my main server is an older FreeNAS machine. On the FreeNAS machine, I set up the SMB shares following a YouTube video and they have all been working for years flawlessly. With the TrueNAS machine I have never been able to get them set up correctly.

I first noticed that all wasn't well when I couldn't install a program file that was saved on the server. I have to copy the exe to the workstation to install. I usually keep copies of updated programs on my server and once a month update all the out of date programs on a workstation. Think Firefox, Thunderbird, Glary Utilities, Libre Office... That worked fine with the FreeNAS, but not on the TrueNAS machine. Next I noticed that I cannot open files from the TrueNAS machine using command line from a windows machine. I can with the old FreeNAS Machine. I posted a thread about this but never got a solution. See... https://www.truenas.com/community/t...ne-cant-open-from-cmd-line.90347/#post-626636

Today, I found a new problem that is even more serious. Something has changed. When I try to create a new folder on the TrueNAS machine, Windows immediately give me an error saying "Destination Folder Access Denied"... "You need permission to perform this action."
1614132695417.png

It goes ahead and creates a folder named "New folder" but I can't access it. I can't delete it. I can't even view security permission for it. I get this error:

1614132222846.png


Now, this gets weirder, I can add folders under different subdirectories that I can read and write to.

I am completely at a loss what to try. I don't really understand how permissions work and though they were set up ok. Apparently not.
Thanks,
Kirk
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,543
I set up a new TrueNAS machine back in December. It is just running pretty much as a backup machine right now and my main server is an older FreeNAS machine. On the FreeNAS machine, I set up the SMB shares following a YouTube video and they have all been working for years flawlessly. With the TrueNAS machine I have never been able to get them set up correctly.

I first noticed that all wasn't well when I couldn't install a program file that was saved on the server. I have to copy the exe to the workstation to install. I usually keep copies of updated programs on my server and once a month update all the out of date programs on a workstation. Think Firefox, Thunderbird, Glary Utilities, Libre Office... That worked fine with the FreeNAS, but not on the TrueNAS machine. Next I noticed that I cannot open files from the TrueNAS machine using command line from a windows machine. I can with the old FreeNAS Machine. I posted a thread about this but never got a solution. See... https://www.truenas.com/community/t...ne-cant-open-from-cmd-line.90347/#post-626636

Today, I found a new problem that is even more serious. Something has changed. When I try to create a new folder on the TrueNAS machine, Windows immediately give me an error saying "Destination Folder Access Denied"... "You need permission to perform this action."
View attachment 45402
It goes ahead and creates a folder named "New folder" but I can't access it. I can't delete it. I can't even view security permission for it. I get this error:

View attachment 45401

Now, this gets weirder, I can add folders under different subdirectories that I can read and write to.

I am completely at a loss what to try. I don't really understand how permissions work and though they were set up ok. Apparently not.
Thanks,
Kirk
The multiple folders thing is symptomatic of user having permissions to write data, but not write attributes and extended attributes. Can you post getfacl output for each path component leading to the share?
 

kirkdickinson

Contributor
Joined
Jun 29, 2015
Messages
174
OK, I am floundering around a bit in the shell. I am a windows guy but here are some of the permissions.

This first directory is where all my photos are stored.
1614180958881.png


This is a subdirectory of Photos that seems to work fine
1614181148117.png


This is a subdirectory of Photos that doesn't work fine. Looks like something is wrong. It isn't even reporting the permissions.
1614181275605.png


The subfolders that got created last night from Windows 10 just have the default name New Folder. I can't get any information on that. I thought if there were spaces in the name, then I needed to put single quotes around the name. That didn't work.
1614182058981.png


Here is a directory that I can copy to but can't install a program directly from:
1614181474645.png


Here is something that I don't understand. When I open the Shell, there is a message that says no settings changed through the CLI will be saved. What is the point of that?
1614182235777.png
 

kirkdickinson

Contributor
Joined
Jun 29, 2015
Messages
174
Here is how the permissions are set on my Photos Directory on the old server:
old-server-photos.jpg


Here is how the permissions are set on my Programs Source File Directory on my old server:
old-server-utilities.jpg
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,543
Okay. Looks like issue is caused by the ACL set on /mnt/Texas-29-Z2. It's generally best practice to create datasets and share those out rather than sharing the your zpool mountpoint.
You can fix by running the following command
setfacl -m owner@full_set:fd:allow,group@full_set:fd:allow,everyone@:rxaRc:fd:allow /mnt/Texas-29-Z2
Then you can verify that it's correct by running the command getfacl /mnt/Texas-29-Z2.

If "photos" is a ZFS dataset then you can use the ACL editor for the dataset to grant owner@, group@, and everyone@ relevant permissions (perhaps FULL_CONTROL), and set FLAGS to "BASIC: INHERIT". In this case you can apply recursively.

If "photos" is an SMB share, then you can do the same through the share filesystem permissions editor.
 

kirkdickinson

Contributor
Joined
Jun 29, 2015
Messages
174
Okay. Looks like issue is caused by the ACL set on /mnt/Texas-29-Z2. It's generally best practice to create datasets and share those out rather than sharing the your zpool mountpoint.
You can fix by running the following command
setfacl -m owner@full_set:fd:allow,group@full_set:fd:allow,everyone@:rxaRc:fd:allow /mnt/Texas-29-Z2
Then you can verify that it's correct by running the command getfacl /mnt/Texas-29-Z2.

If "photos" is a ZFS dataset then you can use the ACL editor for the dataset to grant owner@, group@, and everyone@ relevant permissions (perhaps FULL_CONTROL), and set FLAGS to "BASIC: INHERIT". In this case you can apply recursively.

If "photos" is an SMB share, then you can do the same through the share filesystem permissions editor.

Thanks for getting back to me quickly. :)

Photos is not a separate share. It is a sub directory of the mountpoint.

What about the notice that these changes to the CMD are not saved and get cleared out on reboot?

Thanks,
Kirk
 

kirkdickinson

Contributor
Joined
Jun 29, 2015
Messages
174
Okay. Looks like issue is caused by the ACL set on /mnt/Texas-29-Z2. It's generally best practice to create datasets and share those out rather than sharing the your zpool mountpoint.
You can fix by running the following command
setfacl -m owner@full_set:fd:allow,group@full_set:fd:allow,everyone@:rxaRc:fd:allow /mnt/Texas-29-Z2
Then you can verify that it's correct by running the command getfacl /mnt/Texas-29-Z2.

If "photos" is a ZFS dataset then you can use the ACL editor for the dataset to grant owner@, group@, and everyone@ relevant permissions (perhaps FULL_CONTROL), and set FLAGS to "BASIC: INHERIT". In this case you can apply recursively.

If "photos" is an SMB share, then you can do the same through the share filesystem permissions editor.

I don't understand what all that command does so don't know how to fix it. I got an error when I tried to run it.

1614186600468.png
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,543
Sorry. Forgot the extra colons in that setfacl command.
setfacl -m owner@:full_set:fd:allow,group@:full_set:fd:allow,everyone@:rxaRc:fd:allow /mnt/Texas-29-Z2
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,543
What about the notice that these changes to the CMD are not saved and get cleared out on reboot?
that's mostly a notice to users that want to hack on config files that are automatically regenerated. Permissions changes are persistent.
 

kirkdickinson

Contributor
Joined
Jun 29, 2015
Messages
174
that's mostly a notice to users that want to hack on config files that are automatically regenerated. Permissions changes are persistent.

Thanks you so much for helping me. Making progress. I was able to change the permissions on those newly created directory and then I could get rid of them from Windows.

I still have the other two issues that were mentioned in the other thread and I am sure this is just a permission issue.

I have a directory on the server where I keep all my program updates. I can't update any computer by running those exe's from the server.
1614188192246.png


Is this a windows permission issue instead of a TrueNAS issue? I can perform this action on my old FreeNAS machine no problem.

That other issue that I have... I have a DOS bat file that I use to open multiple photos from my server. The batch runs fine on the old FreeNAS machine, but fails on the TrueNAS machine.
1614188434083.png


Thanks again. :)
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,543
Thanks you so much for helping me. Making progress. I was able to change the permissions on those newly created directory and then I could get rid of them from Windows.

I still have the other two issues that were mentioned in the other thread and I am sure this is just a permission issue.

I have a directory on the server where I keep all my program updates. I can't update any computer by running those exe's from the server.
View attachment 45428

Is this a windows permission issue instead of a TrueNAS issue? I can perform this action on my old FreeNAS machine no problem.

That other issue that I have... I have a DOS bat file that I use to open multiple photos from my server. The batch runs fine on the old FreeNAS machine, but fails on the TrueNAS machine.
View attachment 45429

Thanks again. :)
You'll most likely need to fix permissions server-side through GUI ACL editor. Same sort of operation I described earlier. Grant owner / group full control (with inherit) recursively as earlier. The setfacl command I gave you was non-recursive because we don't want to break permissions on jails or other things.
 

kirkdickinson

Contributor
Joined
Jun 29, 2015
Messages
174
Okay. Looks like issue is caused by the ACL set on /mnt/Texas-29-Z2. It's generally best practice to create datasets and share those out rather than sharing the your zpool mountpoint.

Should I be concerned that this is not best practice and work on fixing it before this server actually is in full production? This server is kind of a standby server right now. Should I create a new Dataset and then move everything over to it. Doing that would lose my 3-4 months of snapshots though... right?

I only have one Pool and that is shared.
1614192095577.png

1614192155080.png


It looks like my ACL shares are permissions are set to full.
1614192249368.png


Thanks again.
Kirk
 

kirkdickinson

Contributor
Joined
Jun 29, 2015
Messages
174
You'll most likely need to fix permissions server-side through GUI ACL editor. Same sort of operation I described earlier. Grant owner / group full control (with inherit) recursively as earlier. The setfacl command I gave you was non-recursive because we don't want to break permissions on jails or other things.

Still don't have this fixed. I want to move some file based database files to this server too and those completely fail with the permissions that are currently there. The DB can't get a proper lock and can't update the files. This works perfectly fine on my old FreeNAS system.

I have some automated backup tasks that can't seem to get the proper locks to delete old copies and backup new. (ViceVersa)

I think if I could get these issues straightened out, I could complete the process of promoting this server to the main server, but right now, it doesn't cut it.

Thanks,
 

kirkdickinson

Contributor
Joined
Jun 29, 2015
Messages
174
You'll most likely need to fix permissions server-side through GUI ACL editor. Same sort of operation I described earlier. Grant owner / group full control (with inherit) recursively as earlier. The setfacl command I gave you was non-recursive because we don't want to break permissions on jails or other things.

I have not been able to get this working. Are there people that will consult and remote in to repair this for me?
 

kirkdickinson

Contributor
Joined
Jun 29, 2015
Messages
174
Still having issues. Can anybody recommend a technician that can remote in and fix these permissions for me?
 
Top