ACL Permissions on SMB Share new items issue

anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Okay. What type of client is `myuser`? It looks like this is something that the client may be explicitly setting. A workaround might be to add an explicit ("GROUP" not "GROUP@") entry for gid 2000 to the SMB share.
 
T

TurtleFX

Dabbler
Joined
Nov 20, 2018
Messages
11
I'm accesing SMB share simply using Windows Explorer (on WIndows 11) using UNC path.
As I mentioned above, if group entry is added for GID 2000, everything works ok. But somehow it does not feel right that both group@ and group (same GID) has to be added with same permissions :)
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
TurtleFX said:
I'm accesing SMB share simply using Windows Explorer (on WIndows 11) using UNC path.
As I mentioned above, if group entry is added for GID 2000, everything works ok. But somehow it does not feel right that both group@ and group (same GID) has to be added with same permissions :)
Click to expand...
group@ and group have entirely different meanings. Group@ is roughly equivalent to CREATOR_GROUP in Windows, which means that how it is evaluated entirely depends on file ownership. In case of Linux, it will change based on the primary group of the user creating the file. Use group if you want to ensure that a specific group will _always_ have access to a path.
 
T

TurtleFX

Dabbler
Joined
Nov 20, 2018
Messages
11
Ok, I will leave group explicitly added and forget it for now.
Although in CORE everything was working with just group@ specified.

Anyway, thanks for your assistance and patience :)
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
TurtleFX said:
Ok, I will leave group explicitly added and forget it for now.
Although in CORE everything was working with just group@ specified.

Anyway, thanks for your assistance and patience :)
Click to expand...
I'll take a look at this later. Different samba versions between Core and SCALE and different VFS modules. In Core we offloaded inherited ACL calculation to ZFS, but in SCALE the samba VFS module forces its "inherit acls = yes". It's possible that Samba is doing the wrong thing.
 
T

T.Abraham

Cadet
Joined
Sep 8, 2022
Messages
1
anodos said:
I'll take a look at this later. Different samba versions between Core and SCALE and different VFS modules. In Core we offloaded inherited ACL calculation to ZFS, but in SCALE the samba VFS module forces its "inherit acls = yes". It's possible that Samba is doing the wrong thing.
Click to expand...
Hi, i was wondering if there has been any update with the issue or any possible solution for it?
 
S

sikailegend

Cadet
Joined
Apr 19, 2021
Messages
3
I recently watched your video and updated the Scale. There are some permission issues that I can't understand. I have read the Up video back and forth several times and still have no clue. The problem is that when the APPS permission is given to the folder (PLEX is used to read existing media files), there will be a problem that the permission cannot be given. The error message is as follows: [EPERM] Filesystem permissions on path /mnt/Media_disk prevent access for group apps to the path /mnt/Media_disk/media. This may be fixed by granting the aforementioned group execute permissions on the path: /mnt/Media_disk.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
sikailegend said:
I recently watched your video and updated the Scale. There are some permission issues that I can't understand. I have read the Up video back and forth several times and still have no clue. The problem is that when the APPS permission is given to the folder (PLEX is used to read existing media files), there will be a problem that the permission cannot be given. The error message is as follows: [EPERM] Filesystem permissions on path /mnt/Media_disk prevent access for group apps to the path /mnt/Media_disk/media. This may be fixed by granting the aforementioned group execute permissions on the path: /mnt/Media_disk.
Click to expand...
Does the video instruct to change permissions on `/mnt/Media`? What is output of `stat /mnt/Media_disk`?
 
D

Damncold

Cadet
Joined
Nov 4, 2022
Messages
1
anodos said:
group@ and group have entirely different meanings. Group@ is roughly equivalent to CREATOR_GROUP in Windows, which means that how it is evaluated entirely depends on file ownership. In case of Linux, it will change based on the primary group of the user creating the file. Use group if you want to ensure that a specific group will _always_ have access to a path.
Click to expand...
THIS should be mentioned somewhere here: https://www.truenas.com/docs/core/coretutorials/sharing/smb/managingsmbshares/

Was so close before opening a thread with the exact same problem (new files dont have correct group permissions).
Just replaced "group@" with "group" and everything is working ...

THX
 
You must log in or register to reply here.

Similar threads

S
SMB Share not honoring permissions/ACL for new items
Replies
3
Views
2K
shimian5
S
P
Scale ACL SMB Help
Replies
2
Views
890
indivision
indivision
N
Is it safe to leave Group - builtin_users Allow on private datasets that are not SMB shared but have nested datasets that are shared
Replies
1
Views
894
Tazlord
T
J
Dataset ACL Permissions Help
Replies
0
Views
506
johndanoob
J
I
ACLs problem maybe, for macOS smb share
Replies
11
Views
2K
ieronymous
I
Top