Cannot login with root to SMB shares

[Daisuke]

I cannot login remotely with user root but I can login with a another user, I'm was wondering what is the fix to login with user root?

 

[LarsR]

They disabled root acces to SMB shares as a security measure, its no longer possible. So it's not a bug.

 

[Daisuke]

I see, but it has to be a way to override this, right? I’m the owner of the NAS and I want to configure SMB sharing the way I prefer.

Let’s look at it from a different angle. All files are owned by root:wheel and I want user alpha which has wheel as primary group to be able to modify the files. If I login with alpha, I cannot edit a text file, how is this possible.

 

[Patrick M. Hausen]

Is the file in question group writeable?

• rw-rw-r-- group writeable
• rw-r--r-- not group writeable

Ownership or group ownership does not imply write privilege.

 

[Daisuke]

My goal is not to fiddle with permissions and keep it standard as it was intended, file owned by root:weel 0644, if I change the @group to full control, I should be able to edit the file with that user but it will also change the permissions to 0664 which I do not want. Best solution for me is to override the root user block.

@Patrick M. Hausen, why the ACL is changing the file permissions from 0644 to 0775? It is adding executable permissions to a regular file, I want to keep my files with readable permissions.

Before applying the ACL:

Code:

# ls -lah /mnt/default/software/cleanup.sh
-rw-r--r--  1 root  wheel   400B Feb 21 17:30 /mnt/default/software/cleanup.sh

After ACL:

Code:

# ls -lah /mnt/default/software/cleanup.sh
-rwxrwx---+ 1 root  wheel   400B Feb 21 17:30 /mnt/default/software/cleanup.sh

I want to maintain the 0644 permissions, as intended by any Linux/Unix operating system.

 

[G8One2]

Here's what I did when I ran into this. Create an admin user, and add this user to Primary Group "built in administrators". Then add auxiliary groups "wheel" "built in users" and whatever else you think you might want in that aux group. Then under the SMB folders you're trying to access, use the ACL manager, set it to open and set group to "built in administrators" and tick the box apply group. May have to tick "recursive" and "apply to child datasets". This has worked for me, cant say for sure it it will work for you, or that it is even the correct way to go about this, but it did work for me so..... Just my 2 cents YMMV.

 

[Daisuke]

Yes, I have that already for user alpha, main group is wheel and auxiliary group is builtin_administrators. :)

@Patrick M. Hausen or anyone else, I think I know why the file permissions are changed, there is a default setting in Samba:

Code:

map archive = yes

What is the proper way in TrueNAS to change the Samba settings?

I believe is in this service location, is there a terminal way to define the aux parameters?
Edit: The map archive = No did not have any effect at service level, nor ar share definition level.

Code:

# testparm -v | grep archive

Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

    map archive = No

# setfacl -bnR /mnt/default
]# ls -lah /mnt/default/software/cleanup.sh
-rwxrwxr-x  1 root  wheel   400B Feb 21 17:30 /mnt/default/software/cleanup.sh
# chmod 0644 /mnt/default/software/cleanup.sh
# ls -lah /mnt/default/software/cleanup.sh
-rw-r--r--  1 root  wheel   400B Feb 21 17:30 /mnt/default/software/cleanup.sh

Next, I set the ACL recursively and test the file permissions, they are back to executable insanity.

Code:

# ls -lah /mnt/default/software/cleanup.sh
-rwxrwxr-x+ 1 root  wheel   400B Feb 21 17:30 /mnt/default/software/cleanup.sh

 

[Kreuzkopf]

Here's what I did when I ran into this. Create an admin user, and add this user to Primary Group "built in administrators". Then add auxiliary groups "wheel" "built in users" and whatever else you think you might want in that aux group. Then under the SMB folders you're trying to access, use the ACL manager, set it to open and set group to "built in administrators" and tick the box apply group. May have to tick "recursive" and "apply to child datasets". This has worked for me, cant say for sure it it will work for you, or that it is even the correct way to go about this, but it did work for me so..... Just my 2 cents YMMV.

Dear, G8One2. I'm not the most experienced user of this system. After switching from Freenas to Truenas, there was a similar problem that continues to break my life. Can you explain in more detail how you solved this problem? If it is possible to show screenshots. Thank you.