CIFS Share: Folders hidden that user does not have access to

[justein230]

I have noticed an odd thing when using FreeNAS to store my AD user home folders in a CIFS share. They cannot even see anybody else's folder, which was previously the case in our old setup. Now, this presents me a problem, as if the user manually changes permission to deny domain admins or administrator from accessing the file or folder, the administrator account can no longer see that folder or file. Is there a way to enable the functionality that I can see all folders, even if I get permission errors when trying to open them? Thanks in advance for answers.

 

[anodos]

I have noticed an odd thing when using FreeNAS to store my AD user home folders in a CIFS share. They cannot even see anybody else's folder, which was previously the case in our old setup. Now, this presents me a problem, as if the user manually changes permission to deny domain admins or administrator from accessing the file or folder, the administrator account can no longer see that folder or file. Is there a way to enable the functionality that I can see all folders, even if I get permission errors when trying to open them? Thanks in advance for answers.

If you add an inheriting allow ACE for "domain users" that contains "Read attributes" and "Read extended attributes", then the folders will be visible but you will be unable to open them.

 

[justein230]

If you add an inheriting allow ACE for "domain users" that contains "Read attributes" and "Read extended attributes", then the folders will be visible but you will be unable to open them.

In my previous setup, which involved me setting up shares on an Ubuntu Server, all the other user folders were visible, however if a regular user clicked on it it would specify permission errors. Now, the folders simply do not show if the user has no permission to access it. I'm not sure the ACE is what I'm looking for, as I did not have to set that up on my Ubuntu Server.

 

[anodos]

In my previous setup, which involved me setting up shares on an Ubuntu Server, all the other user folders were visible, however if a regular user clicked on it it would specify permission errors. Now, the folders simply do not show if the user has no permission to access it. I'm not sure the ACE is what I'm looking for, as I did not have to set that up on my Ubuntu Server.

You probably weren't using ZFS ACLs on the Ubuntu server.

 

[justein230]

You probably weren't using ZFS ACLs on the Ubuntu server.

Correct, thank you for the clarification of the factor that is causing this to happen. Since I am new to ZFS, if you could point me to how I could make this function like my old file server that would be great. Thanks so much for the swift reply!

 

[anodos]

Correct, thank you for the clarification of the factor that is causing this to happen. Since I am new to ZFS, if you could point me to how I could make this function like my old file server that would be great. Thanks so much for the swift reply!

You can file a bug report (perhaps with the samba project) if you want, but I believe this is one of those edge cases where nfsv4 acls behave differently than NTFS acls. I haven't looked deeply into the issue, but it appears that samba may need to be able to stat files / folders in order to display them, and it can't do that without the privileges I listed above. Once again I haven't verified or tested this.