auxiliary parameters changes need reboot

[ndk]

hi
I just had to reboot my TrueNAS-12.0-U8.1
to enable changes to the auxiliary parameters of a windows smb share.
restarting the smb service was not sufficient.

- is this normal?
- is it fixed with TrueNAS 13?

any suggestions appreciated
thanks

TrueNAS-12.0-U8.1
Supermicro SuperChassis 846BA-R920B with X10DRi-T inkl onboard 8x SATA
2x Xeon E5-2620 v3 (15M Cache, 2.40 GHz) Haswell, 4x 16GB DDR4 2133MHz KVR21R15D4K4/64
Adaptec RAID 71605E, 2x 4TB WD RED, 2x 200G HGST SAS 12Gb/s SSD, 14x 6TB WD RED, 6x 16TB Seagate ExosX16 16TB

 

[anodos]

It's not normal to need auxiliary parameters. What are you trying to set?

 

[ndk]

yes, it is probably not normal, but smb still does support it, doesn't it?

valid users = aaa,bbb,ccc
ea support=no
store dos attributes=no
force user=root
force group=wheel

thanks

 

[anodos]

yes, it is probably not normal, but smb still does support it, doesn't it?

valid users = aaa,bbb,ccc
ea support=no
store dos attributes=no
force user=root
force group=wheel

thanks

Things configured via auxiliary parameters are very much a grey-area. Generally, bug tickets filed that rely on them for reproduction are closed. That said, "ea support = no" is default, as is "store dos attributes = no" on 13.0 (the DOS attributes get stored as file flags). The other options don't require a reboot to become effective, but I'm not sure what use-case there is for them when you can just set an ACL entry (or change group owner) so that aaa, bbb, ccc all have write access without forcing them to act as UID 0 and GID 0.

 

[ndk]

Well, without reboot the user added to "valid user =" had no access.

and please do not mix up the concepts for "share permissions" and for "file permissions with acl"
these are two different concepts and you should avoid using both at the same time, for the same thing.
So no, i can not just set an ACL entry or change group owner.

but please let us focus on the problem: as i sad, it had to reboot to give access to an new user
and smb supports auxiliary parameters.

thanks

 

[anodos]

Code:

root@truenas[/mnt/dozer/middleware/src/middlewared]# smbclient //127.0.0.1/NFS4 -U noaccess%Cats
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
Try "help" to get a list of possible commands.
smb: \> exit

root@truenas[/mnt/dozer/middleware/src/middlewared]# midclt call sharing.smb.update 1 '{"auxsmbconf": "valid users = smbuser"}' 
{"id": 1, "purpose": "DEFAULT_SHARE", "path": "/mnt/dozer/NFS4", "path_suffix": "", "home": false, "name": "NFS4", "comment": "", "ro": false, "browsable": true, "recyclebin": false, "guestok": false, "hostsallow": [], "hostsdeny": [], "auxsmbconf": "valid users = smbuser", "aapl_name_mangling": false, "abe": false, "acl": true, "durablehandle": true, "streams": true, "timemachine": false, "timemachine_quota": 0, "vuid": "", "shadowcopy": true, "fsrvp": false, "enabled": true, "cluster_volname": "", "afp": false, "path_local": "/mnt/dozer/NFS4", "locked": false}

root@truenas[/mnt/dozer/middleware/src/middlewared]# smbclient //127.0.0.1/NFS4 -U noaccess%Cats                               
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
tree connect failed: NT_STATUS_ACCESS_DENIED

No reboot required.

 

[anodos]

Though this test box is on BlueFin, same principle applies. I'm quite aware of the difference between share access and filesystem access. TrueNAS 12 is also EOL and so if you encounter a bug there, the general advice will be to update to 13.

 

[ndk]

wow, thank you for that test!

yes, 12 is EOL, thats is why i ask'd about 13

i did edit the parameter in the gui, maybe thats the difference. i will use your midclt call to try it your way.

thanks for your help!!!

 

[ndk]

it is working perfectly, even with 12
i do not understand the situation, the mount command gave me a "access denied" yesterday, until i rebooted.
a restart of the service was not sufficient.

the good: i learned about "midclt"

thank you anodos for your time and knowledge!