Error when adding ACL permissions for a user

[TM2222]

Hi guys,

I recently got my system back online, but I'm not sure it's working correctly.
My system was a freenas build that was upgraded to a truenas build during the reinstall.
I recreated my user account and SMB share and I got it connected to my laptop, but the permissions were very inconsistent.

Wiping users and shares clean, I went through the tutorial, but every time I try to give the user permissions I got this error.
I don't know what it means or how to fix it.

Many thanks

Code:

Error: Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 367, in run
    await self.future
  File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 405, in __run_body
    rv = await self.middleware.run_in_thread(self.method, *([self] + args))
  File "/usr/local/lib/python3.9/site-packages/middlewared/utils/run_in_thread.py", line 10, in run_in_thread
    return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))
  File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 52, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 979, in nf
    return f(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/filesystem.py", line 1070, in setacl
    return self.setacl_nfs4(job, data)
  File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/filesystem.py", line 902, in setacl_nfs4
    self._common_perm_path_validate(data['path'])
  File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/filesystem.py", line 445, in _common_perm_path_validate
    jail_root = self.middleware.call_sync('jail.get_activated_pool')
  File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1283, in call_sync
    return methodobj(*prepared_call.args)
  File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 979, in nf
    return f(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/jail_freebsd.py", line 1074, in get_activated_pool
    pool = ioc.IOCage(skip_jails=True, reset_cache=True).get('', pool=True)
  File "/usr/local/lib/python3.9/site-packages/iocage_lib/iocage.py", line 95, in __init__
    self.generic_iocjson = ioc_json.IOCJson()
  File "/usr/local/lib/python3.9/site-packages/iocage_lib/ioc_json.py", line 1372, in __init__
    super().__init__(location, checking_datasets, silent, callback)
  File "/usr/local/lib/python3.9/site-packages/iocage_lib/ioc_json.py", line 432, in __init__
    self.default_config = self.check_default_config()
  File "/usr/local/lib/python3.9/site-packages/iocage_lib/ioc_json.py", line 1301, in check_default_config
    self.backup_iocage_jail_conf(default_json_location)
  File "/usr/local/lib/python3.9/site-packages/iocage_lib/ioc_json.py", line 919, in backup_iocage_jail_conf
    shutil.copy(
  File "/usr/local/lib/python3.9/shutil.py", line 427, in copy
    copymode(src, dst, follow_symlinks=follow_symlinks)
  File "/usr/local/lib/python3.9/shutil.py", line 316, in copymode
    chmod_func(dst, stat.S_IMODE(st.st_mode))
PermissionError: [Errno 1] Operation not permitted: '/mnt/MediaAndStorage/iocage/defaults_backup.json'

 

[Samuel Tai]

Please provide the output of ls -al /mnt/MediaAndStorage/iocage.

 

[TM2222]

Please provide the output of ls -al /mnt/MediaAndStorage/iocage.

Am I putting that into the Truenas shell? I tried typing that as 1s or Is and command not found.

 

[anodos]

Permissions changes on the iocage dataset will most likely result in breaking jails. It's generally not recommended.

 

[Samuel Tai]

Am I putting that into the Truenas shell? I tried typing that as 1s or Is and command not found.

It's lowercase-L. Yes, you'd enter that in the shell. If command not found, then you've royally screwed up your file system permissions on the system directories. You'll need to reinstall from scratch, and start over.

 

[TM2222]

Got it, I was just dumb and didn't try L.

Here's what it game me.

 

[Samuel Tai]

This is what it's supposed to be:

Code:

drwxr-xr-x  9 root  wheel    12 Jan 10  2021 ./
drwxr-xr-x  9 root  wheel     9 Jan 30  2021 ../
drwxr-xr-x  4 root  wheel     4 Feb 26  2020 .plugins/
-rw-r--r--  1 root  wheel   266 Feb 24  2020 default_rc.conf
-rw-------  1 root  wheel  3325 Jan 10  2021 defaults_backup.json
-rw-r--r--  1 root  wheel  3494 Jan 10  2021 defaults.json
drwxr-xr-x  3 root  wheel     3 Jan 10  2021 download/
drwxr-xr-x  2 root  wheel     4 Jan 13  2021 images/
drwxr-xr-x  3 root  wheel     3 Jan 10  2021 jails/
drwxr-xr-x  2 root  wheel     3 Jan 10  2021 log/
drwxr-xr-x  3 root  wheel     3 Jan 10  2021 releases/
drwxr-xr-x  2 root  wheel     2 Jan 20  2018 templates/

The + indicates you've set an ACL on those directories, so you'll need to strip that out first:
setfacl -b -R /mnt/MediaAndStorage/iocage

Next, change the ownership of everything in that directory to root:wheel:
chown -R root:wheel /mnt/MediaAndStorage/iocage

From the presence of the .DS_Store directory, I gather you've shared out the /mnt/MediaAndStorage/iocage directory via SMB to a MacOS system. This is a very, very bad idea. Please delete any shares referencing this directory. This directory is reserved for plugins and jails, and should never, ever, be shared out.

Honestly, I'm not sure recovering this from the command line can get you back to good. It's better to reinstall to get back to a known good baseline.

 

[TM2222]

Many thanks for the info. I put the user config together a couple years ago when I was first learning it and it somehow worked. I'll back up my data and start again with the updated tutorials.
Thanks again