Cannot set ACLs for SMB share

[flight44]

Hi. I've installed SCALE Beta to take it for a spin, but I ran into a pretty big issue. I was trying to recreate my SMB shares from the previous Core installation, but no matter what I do, I cannot change ACLs on an existing dataset.
To give you an example, I was trying to give r-w-x permission to a group called "SMBAccess". I get the following error: Error: [EINVAL] filesystem.setacl.dacl: Named (user or group) POSIX ACL entries require a mask entry to be present in the ACL.
Then I've added the Mask entry as per the error message and it comes back with this:
Error: [EFAULT] Failed to set ACL [user::rwx,group::rwx,other::---,group:1001:rwx,mask::rwx] on path [/mnt/Main/Storage]: setfacl: /mnt/Main/Storage: Operation not supported
I'm clueless, don't know how to resolve these. I've also attached a screenshot of the changes I was trying to make (adding group and mask entry).
Any help would be appreciated.
Thank you.

 

[morganL]

In TrueNAS 12.0 we changed SMB recommendations to avoid using root as the dataset or share owner. this was to avoid a security vulnerability which might enable a ransomware attack.

This will also be the case for SCALE, even if it is not documented. I'd suggest you remove root ownership and see if the problems still exist.

 

[flight44]

In TrueNAS 12.0 we changed SMB recommendations to avoid using root as the dataset or share owner. this was to avoid a security vulnerability which might enable a ransomware attack.

This will also be the case for SCALE, even if it is not documented. I'd suggest you remove root ownership and see if the problems still exist.

It looks like changing the owner resolved my issues. Thank you! Wouldn't have figured this out myself.
Do you know when is the official documentation coming out?

 

[morganL]

It looks like changing the owner resolved my issues. Thank you! Wouldn't have figured this out myself.
Do you know when is the official documentation coming out?

TrueNAS SCALE documentation is just just starting to emerge from the swamp. It will continue to evolve and should get better each month. However, there's quite a lot of evolution to do, so it will take most of this year to get to CORE standards.

 

[crkinard]

It looks like changing the owner resolved my issues. Thank you! Wouldn't have figured this out myself.
Do you know when is the official documentation coming out?

What exactly did you change if you don't mind my asking? Running into the same issue here.

 

[morganL]

What exactly did you change if you don't mind my asking? Running into the same issue here.

dataset owner was changed so that it was not root. This was to avoid potential ransomware attacks.

 

[shtyrovvs]

dataset owner was changed so that it was not root. This was to avoid potential ransomware attacks.

I got the same problem, and even if I change the owner of the datasheet it doesn't help, am I doing something wrong?

TrueNAS-SCALE-22.02.2.1

 

[anodos]

I got the same problem, and even if I change the owner of the datasheet it doesn't help, am I doing something wrong?

TrueNAS-SCALE-22.02.2.1

You need to add a MASK entry to the ACL. I've filed a jira ticket to improve webui for this. You should use our template POSIX_RESTRICTED ACL then modify it to add your required user or group (along with regular and default MASK entries). MASK can be RWX (defines maximum possible permissions for extended entries.