SOLVED CIFS inherit ownership

[echelon5]

Hi,

I have a question regarding samba shares and folder ownership. I've been using UNIX shares for a while but I'd like to switch to Windows ACLs because they seem simpler for multiple users.

• create users: test1 and owner1
• create group: group1 and contains user test1
• create Windows dataset named Test with owner owner 1 and group owner group 1
  
• logon with test1 and create folder
• owner1 can't modify the folder and isn't listed as having permissions in the security tab. only user test1 and group1 are listed
• folder doesn't inherit owner1 permissions

to continue this scenario:

• create user test2
• login as owner1 and set permissions recursively to full control for user test2
• login as user test1 and create folder1
• security tab for folder1 now shows users test1, test2, group group1 but no owner1
• bottom line is, owner1 never inherits permissions.

So is this expected behavior? Is this the reason the owner is set to nobody in this guide . If so, it would mean that the owner set in FreeNAS has no immediate value.

 

[Spearfoot]

Hi,

I have a question regarding samba shares and folder ownership. I've been using UNIX shares for a while but I'd like to switch to Windows ACLs because they seem simpler for multiple users.

• create users: test1 and owner1
• create group: group1 and contains user test1
• create Windows dataset named Test with owner owner 1 and group owner group 1
  
• logon with test1 and create folder
• owner1 can't modify the folder and isn't listed as having permissions in the security tab. only user test1 and group1 are listed
• folder doesn't inherit owner1 permissions

to continue this scenario:

• create user test2
• login as owner1 and set permissions recursively to full control for user test2
• login as user test1 and create folder1
• security tab for folder1 now shows users test1, test2, group group1 but no owner1
• bottom line is, owner1 never inherits permissions.

So is this expected behavior? Is this the reason the owner is set to nobody in this guide . If so, it would mean that the owner set in FreeNAS has no immediate value.

Have you seen @m0nkey_'s "FreeNAS and Samba (SMB) permissions (video)". It may be useful to you.

Good luck!

 

[anodos]

Hi,

I have a question regarding samba shares and folder ownership. I've been using UNIX shares for a while but I'd like to switch to Windows ACLs because they seem simpler for multiple users.

• create users: test1 and owner1
• create group: group1 and contains user test1
• create Windows dataset named Test with owner owner 1 and group owner group 1
  
• logon with test1 and create folder
• owner1 can't modify the folder and isn't listed as having permissions in the security tab. only user test1 and group1 are listed
• folder doesn't inherit owner1 permissions

to continue this scenario:

• create user test2
• login as owner1 and set permissions recursively to full control for user test2
• login as user test1 and create folder1
• security tab for folder1 now shows users test1, test2, group group1 but no owner1
• bottom line is, owner1 never inherits permissions.

So is this expected behavior? Is this the reason the owner is set to nobody in this guide . If so, it would mean that the owner set in FreeNAS has no immediate value.

Your description is expected behavior. Type getfacl /mnt/<pool>/<dataset> and you'll see an entries such as

Code:

[root@rivendell] ~# getfacl /mnt/Tank/TestShare/
# file: /mnt/Tank/TestShare/
# owner: owner1
# group: group1
	 owner@:rwxpDdaARWcCos:fd-----:allow
	 group@:rwxpDdaARWcCos:fd-----:allow
  everyone@:r-x---a-R-c---:fd-----:allow

and

Code:

[root@rivendell] ~# getfacl /mnt/Tank/TestShare/file1
# file: /mnt/Tank/TestShare/file1
# owner: test1
# group: group1
	 owner@:rwxpDdaARWcCos:fd-----:allow
	 group@:rwxpDdaARWcCos:fd-----:allow
  everyone@:r-x---a-R-c---:fd-----:allow

As you can see, the value of the "owner@" ACE has remained the same / is inherited. owner@:rwxpDdaARWcCos:fd-----:allow

The problem that you are experiencing is that the owner of the file has changed to the user creating the file. You would encounter the exact same problem with the equivalent UNIX mode settings. The solution is simple: set non-trivial ACEs for the groups you want to access the share. You did this for the user test2 in your continued scenario. I wrote a long, rambling, and hopefully correct description of how ACLs / samba permissions work here: https://wiki.freenas.org/index.php/...a_Permissions#Access_Control_Lists_.28ACLS.29

 

[echelon5]

Your description is expected behavior.

Thanks. I suspected it's expected behavior, but I wanted to be sure.

I wrote a long, rambling, and hopefully correct description of how ACLs / samba permissions work here: https://wiki.freenas.org/index.php/...a_Permissions#Access_Control_Lists_.28ACLS.29

I went through your guide some while ago but I completely forgot about it. I think it's exactly what I need to better understand permissions. Thans a lot!

 

[echelon5]

Have you seen @m0nkey_'s "FreeNAS and Samba (SMB) permissions (video)". It may be useful to you.

Good luck!

Thanks! I saw the tutorial and I linked it at the bottom of the post, but it didn't cover details about how ownership works.

 

[Spearfoot]

Thanks! I saw the tutorial and I linked it at the bottom of the post, but it didn't cover details about how ownership works.

You're welcome, and I apologize for missing the fact you'd already seen the tutorial. Doooh!