How do I set the permissions for a share so that it would be agnostic between SMB/NFS protocols?

alpha754293

Dabbler
Joined
Jul 18, 2019
Messages
47
Hello.

I have a dual Xeon E5310 server that's running TrueNAS Core 12.0 U1.1.

I have created a user for myself and also a pool and dataset that is to be shared on my network using both the SMB and NFS protocols (pointing to the same location), so the share profile is set to "GENERIC".

For the ACL permissions on the SMB share side of things, it is set to "OPEN" and everybody has full control.

The same share/mount point/dataset is also shared as a NFS share as well.

However, I've noticed that when I am copying data to the location using NFS, the owner is set to "nobody" and the group is set to the name of my user that I had also used to create a group as well.

The problem that I am running into is when I am trying to manipulate the files on a Windows 7 SP1 x64 Pro client over SMB, it says that I don't have permissions to manipulate the files.

How should I set the permissions up so that the NFS operations will create files/folders with the same owner:group as when I create files/folders using my Windows client?

Or can I set the permissions in such a way that neither protocol cares about the permissions (since I am the only one who is using my server)?

Thank you.
 

c77dk

Patron
Joined
Nov 27, 2019
Messages
467
I've setup some shares used for both SMB and NFS with the SMB profile, which is working most of the time. But if the programs you're using need to chmod stuff you will have problems with a setup like this - I've had to make a sub-dataset for an application where logrotate handles the rotation, since it really don't like not being able to chmod :P

Do you have multiple users on NFS? or just one? If it's just one I believe you can fix your issues with "mapall" in the NFS share.
 

alpha754293

Dabbler
Joined
Jul 18, 2019
Messages
47
I've setup some shares used for both SMB and NFS with the SMB profile, which is working most of the time. But if the programs you're using need to chmod stuff you will have problems with a setup like this - I've had to make a sub-dataset for an application where logrotate handles the rotation, since it really don't like not being able to chmod :P

Do you have multiple users on NFS? or just one? If it's just one I believe you can fix your issues with "mapall" in the NFS share.

Just one - myself.

Do I need to use the mapall user AND mapall group or just one (mapall user) or the other (mapall group)?

Also, the other thing that I am noticing that's a bit of a peculiar behaviour is when I am trying to connect to the server using my Qnap TS-832X NAS unit, I can connect using NFS, but I can't connect using CIFS/SMB despite the fact that the credentials are correct.

How would I fix that?

I am guessing that it has something to do with how the credentials are set up.

Your help is greatly appreciated.

Thank you.
 
Joined
Jan 4, 2014
Messages
1,644
Just letting you know that what you're trying to achieve is not recommended.

tn21.jpg


Refer to Sharing in the documentation.
 

alpha754293

Dabbler
Joined
Jul 18, 2019
Messages
47
Just letting you know that what you're trying to achieve is not recommended.

View attachment 48479

Refer to Sharing in the documentation.

Thank you.

I appreciate that.

But here is the problem:

My Qnap NAS units won't mount the share using CIFS/SMB (but with NFS, it works great) whilst on my Windows clients, trying to get Windows 7 x64 Pro to mount a NFS mount is vastly more difficult than mapping a network drive that points to a SMB share.

I understand that for multi-user environments, the recommendation would most definitely be valid and true, but if I am the only user on my network/systems, as long as I take care to not to try and access the same data at the same time with two different protocols, I shouldn't have this issue, correct?

Here is how I know this:

I ssh into the TrueNAS Core server as myself (i.e. not root).

On my Windows client, I create a folder and create a blank text file called "New Text Document.txt".

On the TrueNAS Core ssh session, I type in

`ls -l`

and it shows that the user and group that owns both the folder and the file is myself.

But if I create the same over NFS, and check the permissions using the same command, it shows up as:

nobody:me for the user:group respectively.

This creates a problem because then when I try to open the same file with my Windows client, it says that I don't have the right permissions to do so.

What's also interesting is that if I right-click on the file (or folder) in Windows, click on properties, and then the security tab, Windows says that quote it needs to "reorder" the permissions and then I would go in and enable "allow all" for everyone, the unix group, and the server\user object in Windows in order to set/reset the permissions.

I don't know why my Qnap NAS units can't mount the CIFS/SMB, but my Windows sytems can without any issue.

This is a part of the reason why I end up having to use the two different protocols pointing to the same dataset/shared folder.

Thank you.
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,211
If your QNAP doesn't need to write to the share, set the NFS share to read-only. That works fine, no conflict. I have my media dataset with an AFP share so I can work with it, and a read-only NFS share so the home-theater software can access it. It's been no problem for years.
 

alpha754293

Dabbler
Joined
Jul 18, 2019
Messages
47
If your QNAP doesn't need to write to the share, set the NFS share to read-only. That works fine, no conflict. I have my media dataset with an AFP share so I can work with it, and a read-only NFS share so the home-theater software can access it. It's been no problem for years.

Qnap does require write permissions to the share because it can't mount the TrueNAS Core dataset as a CIFS/SMB share for some strange reason (which I am still guessing that it has to do with the permissions).

Qnap to Qnap, I can create a shared folder, and share it both using the CIFS/SMB protocol and the NFS protocol and it can talk to each other (read and write) without any issues.
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,211
Well, as I think you know, if you have two different sharing protocols writing to the same dataset you're asking for trouble. If Qnap really needs to write, you'll have to figure out the problem with it using SMB.
 

alpha754293

Dabbler
Joined
Jul 18, 2019
Messages
47
Well, as I think you know, if you have two different sharing protocols writing to the same dataset you're asking for trouble. If Qnap really needs to write, you'll have to figure out the problem with it using SMB.

To your first point, yes, but that's also why I typically don't have the NFS managing the same folder(s) that the CIFS/SMB is managing.

But this is what I don't fully grasp/understand with the way that the permissions are set up for CIFS/SMB and NFS in TrueNAS Core.

I understand that having unauthenticated access would likely resolve all of these issues (can you even set up unauthenticated access for NFS shares?), but per the FreeNAS 11.3-U5 documentation that was cited, that's generally a bad idea due to it being not secure.

This, coupled with the fact that I am the only user, using my server(s) - means that I am fine with the systems requiring an authenticated user, but for some reason, there is a problem where the Qnap server can't authenticate in to the TrueNAS Core 12.0 U1.1 CIFS/SMB share (again, NFS works), but then I run into a whole different set of permissions issue when I then try to use the files that were migrated over using NFS. --> i.e. I use the Qnap system to migrate the data over from the Qnap server to my TrueNAS Core server using NFS (because it works).

And once the data has been migrated over, then I point my Windows clients to the new TrueNAS server and away from the former Qnap server (if that makes (more) sense).

Sounds like that there's some kind of a conflict with the permissions between CIFS/SMB and NFS on the host TrueNAS/FreeBSD side of things and I don't know enough about TrueNAS/FreeBSD to be randomly assigning permissions in an attempt to try and resolve this discrepancy (with the permissions) between the NFS share and the CIFS/SMB share that points to the same location.
 

bruor

Cadet
Joined
Dec 27, 2021
Messages
7
I have NFS/SMB working side by side for my media library.

I use a Linux box to add files, windows has read/write as a guest on the share, and my kodi apps on Xbox etc all access via NFS.

I made sure the dataset permission is set to global RWX.

Created a group called "smboverride", and added the nobody user to this group.

In the SMB service settings, I set the administrators group to smboverride, set the guest user to nobody, file mask 0666 directory mask 0777.

In NFS service settings I'm using v4, and allowing not-root mount.

In SMB share settings, purpose is set to multi-protocol, browseable, and allow guest.

In NFS share settings, mapall user is nobody, authorized networks is set to my LAN subnet.
 
Top