solarisguy
Guru
- Joined
- Apr 4, 2014
- Messages
- 1,125
“in real life™, access to the same storage area using multiple protocols is a highly desirable feature. Even if locking remains incompatible”
-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
CIFS, Permissions and Linux
- Thread starter STREBLO
- Start date
- Status
- Joined
- Mar 6, 2014
- Messages
- 9,554
I think file corruption can be avoided entirely if you add the auxiliary parameter "oplocks = no" to the share definition of a share being modified locally or through NFS. This will degrade performance because clients won't cache files.
If you decide to use 'unix permissions' on a CIFS share, be sure to disable the zfsacl vfs object.
pirateghost
Unintelligible Geek
- Joined
- Feb 29, 2012
- Messages
- 4,219
But I don't need to do these things. LOL. I have been operating my shares this way for over 12 years on my home network. I still maintain that I know what system is modifying what files at what times.
- Joined
- Mar 6, 2014
- Messages
- 9,554
Of course. I was thinking in terms of a larger environment. :)
ChiknNutz
Patron
- Joined
- Nov 6, 2015
- Messages
- 217
Curious, if this is such a big deal (mixing Unix permissions on a CIFS share), then why is the option even there? I will fully admit to being a novice with this, but I have been struggling with the permissions just on a single Windows box and FreeNAS. Seems like the only way I've been able to get it to work so far is with this very no-no way of doing it. I've watched a number of videos and such, a few made by IXsystems too, and during the video they leave the Unix permissions on a CIFS share.
- Joined
- Mar 6, 2014
- Messages
- 9,554
Post link to said ixsystems video with unix permissions on a CIFS share. I'd love an opportunity to troll cyberjock.
I have a guide somewhere here on how to configure permissions correctly. Follow it and let me know if it doesn't work.
ChiknNutz
Patron
- Joined
- Nov 6, 2015
- Messages
- 217
Yeah.. that's before the devs realized how Samba works internally to do permissions along with lots of other "seat belts".
Basically anything before the summer of 2014 is probably really bad advice.
Edit: Sorry, I meant summer of 2014.. not 2015.
Basically anything before the summer of 2014 is probably really bad advice.
Edit: Sorry, I meant summer of 2014.. not 2015.
Last edited:
Robert Trevellyan
Pony Wrangler
- Joined
- May 16, 2014
- Messages
- 3,778
I don't see this in the list of available or selected VFS objects in 9.3.
To be fair, the Unix/Windows options are properties of datasets, not shares.
ChiknNutz
Patron
- Joined
- Nov 6, 2015
- Messages
- 217
So I have a question specific to these last few comments. I have my media dataset currently set up with Unix permissions and have a CIFS share to access it via Windows PCs. This is primarily due to the video I mentions, where they don't really go into any detail either way on how to setup the dataset. I have Plex in place and all seems to be working fine as related to Music, Photos and a few home videos that I've added. My questions are this, (1) what are the implications of leaving it alone and (2) what are the implications of changing it to Windows permissions given that I have now added all of my Music and Photos? If I do change this over to using Windows permissions, I assume I would want to enable the Set the Permissions Recursively checkbox...correct?
pirateghost
Unintelligible Geek
- Joined
- Feb 29, 2012
- Messages
- 4,219
Leave it. It's fine
- Joined
- Mar 6, 2014
- Messages
- 9,554
That's because it's explicitly excluded from the listing of available vfs modules in freenas/gui/choices.py:
Code:
class CIFS_VFS_OBJECTS(object):
def __init__(self):
self.__vfs_module_path = '/usr/local/lib/shared-modules/vfs'
self.__vfs_modules = []
self.__vfs_exclude = [
'zfsacl',
]
But hard-coded in the smb4.conf generation script
Code:
vfs_objects = []
if task:
vfs_objects.append('shadow_copy2')
if is_within_zfs(share.cifs_path):
vfs_objects.append('zfs_space')
vfs_objects.append('zfsacl')
vfs_objects.extend(share.cifs_vfsobjects) You can overwrite the vfs objects lists generated through this script by just adding an auxiliary parameter with the vfs objects you desire to use. This is because samba only interprets the last "vfs objects" line in the share definition in an smb.conf file. Yay, samba! For instance:
Code:
vfs objects = zfs_space streams_xattr
I can't recall where they were in the forums, but I remember some edge cases where problems users were having with the combination of CIFS + Unix permissions type were resolved by removing the zfsacl VFS object. I'm reasonably confident that past problems users had with CIFS + Unix permissions type were caused by having the 'zfsacl' VFS object on a dataset with the zfs aclmode property set to "passthrough" (i.e. a 'unix' share). Hence, it's more of an incompatibility between 'zfsacl' and the 'passthrough' aclmode than an incompatibility between CIFS and 'unix permissions'. Note that these issues primarily affect people in multi-user environments (businesses, not home users).
There was also a separate bug where the zfsacl vfs object was being appended to the [sysvol] share when samba was configured as an ADDC, causing it to go nuts and break.
Maybe some time when I'm less lazy I'll try to find the appropriate threads for reference.
Last edited:
Robert Trevellyan
Pony Wrangler
- Joined
- May 16, 2014
- Messages
- 3,778
Thanks for the additional info, much appreciated. I did some googling on the terms but didn't learn much. The hits I was able to follow seem to be recommending the use of zfsacl in combination with aclmode and aclinherit set to passthrough.
After seeing so many tales of woe in these forums, the thought of having to get CIFS working for many users, with proper access control, perhaps with different versions of Windows, makes me queasy.
Fortunately I'm the only user, and the primary use for CIFS is to backup one Windows machine via an authenticated connection. I occasionally set up a read-only share in the context of a data recovery operation, and haven't had any problems with that either. I believe all my CIFS-related settings are pretty much default. Maximum protocol is set to SMB2.
After seeing so many tales of woe in these forums, the thought of having to get CIFS working for many users, with proper access control, perhaps with different versions of Windows, makes me queasy.
#@%&!
I see PirateGhost saying it's fine for the moment, so I'll probably leave my setup alone until recommendations become somewhat uniform, but this is not the news I wanted to hear today. Sigh....
What's the current (at least short term) advice? Let sleeping dogs lie if an existing share is working OK, but don't set it up this way on a new share?
- Joined
- Mar 6, 2014
- Messages
- 9,554
If it's a home setup, don't fix it if it ain't broke.
- Status
