Permission problem after upgrade

shadowempire

Dabbler
Joined
Apr 13, 2021
Messages
31
Hi TrueNAS community,
maybe somebody can help with my problem...

I have a HP Microserver Gen8 which I just upgraded from "TrueNAS CORE 12.0-U5.1" to "TrueNAS-SCALE-21.08-BETA.1".
Upgrade did not work, got some error messages (maybe because I changed booting from "with USB chainloader" to "Raid boot").
But this is another story...

So in the end I did a fresh install.
Now I did an import from my data pools, created a new user and share, assigned the user permissions to the share...
Under Windows I can connect to the share with the user, and I can create folders....
But I can not access the existing folders within the share.

My username is roci


Code:
root@truenas:/# ls -lrta /mnt
total 19
drwxr-xr-x 20 root root 30 Aug 31 01:23 ..
drwxr-xr-x  3 root root  3 Sep 13 14:05 Pool4TB
drwxr-xr-x  5 root root  5 Sep 13 14:06 .
drwxr-xr-x  6 root root  6 Sep 13 14:07 PoolSSD256GB
drwxr-xr-x  3 root roci  3 Sep 14 11:15 tray3

root@truenas:/# ls -lrta /mnt/tray3/
total 10
drwxr-xr-x 5 root root 5 Sep 13 14:06 ..
drwxrwx--- 6 roci roci 6 Sep 14 10:40 media
drwxr-xr-x 3 root roci 3 Sep 14 11:15 .

root@truenas:/# ls -lrta /mnt/tray3/media/
total 27
d---------  3 roci roci  3 May  2 13:56  archiv
d--------- 10 roci roci 12 Sep  2 18:08  downloads
d---------  8 roci roci  8 Sep 13 19:11  2watch
drwxrwxrwx  2 roci roci  2 Sep 14 10:40 'Neuer Ordner'
drwxrwx---  6 roci roci  6 Sep 14 10:40  .
drwxr-xr-x  3 root roci  3 Sep 14 11:15  ..


I think it is related to acl reset permissions, but I could not figure it out.

thx for an help!
 

Attachments

  • 3.png
    3.png
    22.4 KB · Views: 230
  • 2.png
    2.png
    27.9 KB · Views: 245
  • 4.png
    4.png
    11 KB · Views: 215

shadowempire

Dabbler
Joined
Apr 13, 2021
Messages
31
ls -l is the wrong tool to see ACLs. If it's nfs4 acl `nfsxdr_getfacl` if posix1e `getfacl`.


root@truenas:~# getfacl /mnt getfacl: Removing leading '/' from absolute path names # file: mnt # owner: root # group: root user::rwx group::r-x other::r-x root@truenas:~# getfacl /mnt/tray3 getfacl: Removing leading '/' from absolute path names # file: mnt/tray3 # owner: root # group: roci user::rwx group::r-x other::r-x root@truenas:~# getfacl /mnt/tray3/media/ getfacl: Removing leading '/' from absolute path names # file: mnt/tray3/media/ # owner: roci # group: roci user::rwx group::rwx other::---
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
root@truenas:~# getfacl /mnt getfacl: Removing leading '/' from absolute path names # file: mnt # owner: root # group: root user::rwx group::r-x other::r-x root@truenas:~# getfacl /mnt/tray3 getfacl: Removing leading '/' from absolute path names # file: mnt/tray3 # owner: root # group: roci user::rwx group::r-x other::r-x root@truenas:~# getfacl /mnt/tray3/media/ getfacl: Removing leading '/' from absolute path names # file: mnt/tray3/media/ # owner: roci # group: roci user::rwx group::rwx other::---
If this came from FreeBSD it should have NFSv4 acltype if you want to preserve your permissions. POSIX1e getfacl will fake-up and ACL if one is not present. These particular tools are not meant to be user facing and so they are somewhat inconvenient. You can also try `midclt call filesystem.getacl <path>` which will show the right thing regardless of ACL type.
 

shadowempire

Dabbler
Joined
Apr 13, 2021
Messages
31
If this came from FreeBSD it should have NFSv4 acltype if you want to preserve your permissions. POSIX1e getfacl will fake-up and ACL if one is not present. These particular tools are not meant to be user facing and so they are somewhat inconvenient. You can also try `midclt call filesystem.getacl <path>` which will show the right thing regardless of ACL type.
If this came from FreeBSD it should have NFSv4 acltype if you want to preserve your permissions. POSIX1e getfacl will fake-up and ACL if one is not present. These particular tools are not meant to be user facing and so they are somewhat inconvenient. You can also try `midclt call filesystem.getacl <path>` which will show the right thing regardless of ACL type.


well, I am on TrueNAS-SCALE-21.08-BETA.1 which runs under Linux.
here is more info:

root@truenas:~# uname -a Linux truenas.local 5.10.42+truenas #1 SMP Mon Aug 30 21:54:59 UTC 2021 x86_64 GNU/Linux root@truenas:~# midclt call filesystem.getacl /mnt {"uid": 0, "gid": 0, "acl": [{"default": false, "tag": "USER_OBJ", "id": -1, "perms": {"READ": true, "WRITE": true, "EXECUTE": true}}, {"default": false, "tag": "GROUP_OBJ", "id": -1, "perms": {"READ": true, "WRITE": false, "EXECUTE": true}}, {"default": false, "tag": "OTHER", "id": -1, "perms": {"READ": true, "WRITE": false, "EXECUTE": true}}], "flags": {"setuid": false, "setgid": false, "sticky": false}, "acltype": "POSIX1E", "trivial": true} root@truenas:~# midclt call filesystem.getacl /mnt/tray3 {"acl": [{"tag": "owner@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": true, "EXECUTE": true, "APPEND_DATA": true, "DELETE_CHILD": false, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": true, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": true, "READ_ACL": true, "WRITE_ACL": true, "WRITE_OWNER": true, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}, {"tag": "group@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": false, "EXECUTE": true, "APPEND_DATA": false, "DELETE_CHILD": false, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}, {"tag": "everyone@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": false, "EXECUTE": true, "APPEND_DATA": false, "DELETE_CHILD": false, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}], "trivial": false, "uid": 0, "gid": 0, "path": "/mnt/tray3", "nfs41_flags": {"protected": false, "autoinherit": true}, "acltype": "NFS4"} root@truenas:~# midclt call filesystem.getacl /mnt/tray3/media {"acl": [{"tag": "owner@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": true, "EXECUTE": true, "APPEND_DATA": true, "DELETE_CHILD": true, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": true, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": true, "READ_ACL": true, "WRITE_ACL": true, "WRITE_OWNER": true, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}, {"tag": "group@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": true, "EXECUTE": true, "APPEND_DATA": true, "DELETE_CHILD": true, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}, {"tag": "everyone@", "id": -1, "perms": {"READ_DATA": false, "WRITE_DATA": false, "EXECUTE": false, "APPEND_DATA": false, "DELETE_CHILD": false, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}], "trivial": true, "uid": 1001, "gid": 1001, "path": "/mnt/tray3/media", "nfs41_flags": {"protected": false, "autoinherit": false}, "acltype": "NFS4"}
 

shadowempire

Dabbler
Joined
Apr 13, 2021
Messages
31
Got no support yet :(
somebody else experiencing this problem or having a solution? - thx
Is there a command to repair my permissions?
 

oumpa31

Patron
Joined
Apr 7, 2015
Messages
253
I had the same issues I ended up removing all the permissions on all of my datasets and starting over. It took a couple hours but finally had access to everything. I noticed when i was trying to set ACL permissions in Scale21.08 it wouldn't set them recursively. I had to do that in windows.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
I had the same issues I ended up removing all the permissions on all of my datasets and starting over. It took a couple hours but finally had access to everything. I noticed when i was trying to set ACL permissions in Scale21.08 it wouldn't set them recursively. I had to do that in windows.
There's a webui bug in 21.08 unfortunately that prevents setting permissions recursively. With nfs4 acltype, you can force inheritance by running the command `nfs4xdr_winacl -a clone -rv -p <path>`
 

shadowempire

Dabbler
Joined
Apr 13, 2021
Messages
31
There's a webui bug in 21.08 unfortunately that prevents setting permissions recursively. With nfs4 acltype, you can force inheritance by running the command `nfs4xdr_winacl -a clone -rv -p <path>`
thx, will try.
I agree, looks like there is a bug setting permissions recursively.
 

shadowempire

Dabbler
Joined
Apr 13, 2021
Messages
31
There's a webui bug in 21.08 unfortunately that prevents setting permissions recursively. With nfs4 acltype, you can force inheritance by running the command `nfs4xdr_winacl -a clone -rv -p <path>`
thx, seems it worked!
 
Top