“Edit Share ACL” not working anymore (edit panel not showing up)

[Papid1975]

I tried to figure out what the SMB share ACL is all about. So I hit the three little dots next to my SMB share and clicked “Edit Share ACL”. I then edited thing that didn’t work as expected. So I tried several settings. Up to the point where now the panel for editing the ACL doesn’t show up anymore when clicking “Edit Share ACL”. There seems to be a serious bug where some settings prevent you from future edits.

Where can I find the edits the GUI makes, so I delete them to be able to use the GUI again?

UPDATE: actually “Edit Share ACL” doesn’t work anymore for all the SMB shares I have. Is there some log or something to debug this? Or should I reinstall TrueNAS?

 

[Ericloewe]

It would be helpful to know which version of FreeNAS/TrueNAS you're running, otherwise we might as well be reading tea leaves.

 

[sretalla]

I think you're looking for setfacl and getfacl which are the standard tools for reading the POSIX standard ACL data which is stored in the filesystem (but not visible as a file).

 

[Papid1975]

It would be helpful to know which version of FreeNAS/TrueNAS you're running, otherwise we might as well be reading tea leaves.

Sorry, I use TrueNAS 12.0.

I think you're looking for setfacl and getfacl which are the standard tools for reading the POSIX standard ACL data which is stored in the filesystem (but not visible as a file).

I entered getfacl after which the terminal stalls. I needed to cancel with ^C. This might be the reason why “Edit Share ACL” in the web GUI doesn’t work?

 

[Samuel Tai]

No, you've mucked up the ACLs so much even getfacl doesn't have permissions to read the ACLs. I'm not sure this is recoverable, even with a reinstall. (A reinstall doesn't reset your pool.) You may have to destroy your pool and start over.

I don't have high confidence this will work but try setfacl -b <dataset path>. This is intended to reset the ACLs back to defaults, but if they're messed up enough setfacl itself may not have permissions to work.

 

[sretalla]

Probably worth pointing out that getfacl . (for the current directory ACL) or getfacl * (for each of the files and directories' ACLs from the current directory) is what you should really be typing. if you're not specific, it tries to get all the files and directories' ACLs recursively and will potentially take a long time.

 

[Papid1975]

No, you've mucked up the ACLs so much even getfacl doesn't have permissions to read the ACLs. I'm not sure this is recoverable, even with a reinstall. (A reinstall doesn't reset your pool.) You may have to destroy your pool and start over.

I don't have high confidence this will work but try setfacl -b <dataset path>. This is intended to reset the ACLs back to defaults, but if they're messed up enough setfacl itself may not have permissions to work.

Thank you very much for your reply. People say “Use the GUI, so you don’t mess up your system” ;)

Does this really regard the filesystem ACL? I think my pool is fine. I just edited the ACL for the SMB Share, not the dataset it uses. I did this under “Sharing -> SMB -> Edit Share ACL”.

Does the configuration of a SMB share have a <dataset path> I can use for setfacl -b <dataset path>? The dataset itself is fine. It is just a problem with the ACL of the share configuration.

Probably worth pointing out that getfacl . (for the current directory ACL) or getfacl * (for each of the files and directories' ACLs from the current directory) is what you should really be typing. if you're not specific, it tries to get all the files and directories' ACLs recursively and will potentially take a long time.

I see. getfacl . and getfacl * work flawlessly. At least in the directory I am. What command do I have to use for viewing or resetting the SMB ACL?

Edit Share ACL -> not working
Edit Filesystem ACL -> working

 

[Papid1975]

For some reason the almoste identically titled post “Edit Share ACL suddenly stopped working” didn’t show up when I was searching the forum. In this post I found the solution that helped me as well:

Hi again, somehow, a bad SID was causing the ''crash''.
-Disabling SMB service
-Fixing the issue
-Re enabling the service

Seems to work now.

Looks like there's a missing error message in the code

Cheers

HRX

Thanks, @Hellrazorx for posting problem and solution :)

 

[Papid1975]

Sorry…turns out this only helped with the share that I played around with. The other (untouched) shares still don’t show up the panel to edit the Share ACL. Even when I disable the SMB service. There seems to be something flawed in the GUI/SMB/ACL config.

UPDATE: apparently here the issue was that the other shares where disabled. Instead of not providing the option to “Edit Share ACL” the GUI offers this option without function. In other places in the GUI it disables or doesn’t show invalid options.