Broke the user rights... Need urgent help!

[dlalonde]

Hello,

My company uses Freenas as a file server and the person who has set it up gave all access to all files to everybody. I tried to follow a tutorial to be able to modify the rights according to specific users on our domain (we use Active Directory with a CIFS share) but it doesn't work anymore and I am unable to set it back.

When I try to change the rights with recurring, it stops after a while and says "An error has occured". I then tried to modify then through CHMOD and CHOWN and tried to put them back as they were and, no luck. We can all access the documents, create and modify new ones, but all the existing ones are read-only.

This is a major problem as all of our files are on there.

From what I can see, the UNIX rights are perfect (owners root:Domain Users and CHMOD 777). But once on Windows the rights are read-only.

What can I do?

Thank you!

 

[ProtoSD]

Do a search for "setfacl" and "getfacl" here in the forums, and read the man page here:

http://www.freebsd.org/cgi/man.cgi?query=setfacl&apropos=0&sektion=0&manpath=FreeBSD+8.3-stable&arch=default&format=html

 

[dlalonde]

What do those do? I'm quite new at the whole Freenas thing and I have a hard time understanding how UNIX and Windows right work together.

The first thing I want to do before setting the rights properly is give back the permission to everyone so the employees can keep working. I'll figure the rest later.

Thank you very much.

 

[dlalonde]

Ok so I found what I needed for "setfacl" and "getfacl" but that did not sort anything out. See the thing is I am unable to set the rights recursively. So I am not able to set the rights at first and then apply "setfacl". I always get "An error has occured" and then my rights are set wrong.

For example, if I choose 777 for root and wheel or root and domain users, I check Windows in the ACL and check "Set permission recursively". It runs for a couple of minutes then stops and says "An error has occured". Then the rights are set 744 and the owners are wrong.

 

[dlalonde]

Still no luck... help me please!

- - - Updated - - -

I noticed that many of the files on my Windows server are actually now set to Deny... what gives?

 

[cyberjock]

I hate to say it, but getting help on permissions via forums is really difficult. Your best bet is to read up on them and figure out out for yourself. I know, not the kind of answer you're looking for. But permissions have to be managed on a 1-on-1 level and its hard to ask for help with something as complex as permissions. There's plenty of ways to get it wrong, and only 1 way to get it right.

 

[ProtoSD]

Give these commands a try and see if they help:

This will list the ACL's for all FILES if you're in the top level directory:

Code:

find . -type f -exec getfacl {} \;

This will show FOLDERS:

Code:

find . -type d -exec getfacl {} \;

Look at what they're set to before you go changing them blindly.

This will open them completely to everyone, first the directories:

Code:

find . -type d -exec setfacl -m everyone@:rwxpDdaARWcCos:fd----:allow {} \;

Now the files:

Code:

find . -type f -exec setfacl -m everyone@:rwxpDdaARWcCos:fd----:allow {} \;

- - - Updated - - -

I hate to say it, but getting help on permissions via forums is really difficult. Your best bet is to read up on them and figure out out for yourself. I know, not the kind of answer you're looking for. But permissions have to be managed on a 1-on-1 level and its hard to ask for help with something as complex as permissions. There's plenty of ways to get it wrong, and only 1 way to get it right.

+1

It's complicated and not very easy to convey to beginners who get tossed into situations they're not ready for.

 

[dlalonde]

Thank you for your replies. I understand it's difficult for permissions. But one of my main concerns is the fact that FreeNas' permission changer returns an error and only changes the permissions partially. I was hoping that could be something easily fixed.

ProtoSD the commands are running right now, I'll keep you updated. Thank you very much.

 

[dlalonde]

The second command, the one for the files, is not working. It keeps saying:

Code:

 acl_set_file() failed: Invalid argument

:(