How to create/edit subfolders ACLs?

[Vbritesp]

Hi guys!

I've been having a hard time understanding and finding a way to create subfolder-level ACLs. I can easily see that it is possible to determine folder permissions in the smb sharing section, but for workflow reasons, I really need to be able to configure the following ACL:

* Imagine the following folder: "/volume1/production/exemple/". Inside it there are folders called "1-Recordings", "2-Edit" and "3-Mixing";
* The following user groups exist: "Operators", "Editors" and "Mixers"
* I need everybody to be able to read-only every folder and subfolder included in "/volume1/" (this is easy to do and is done);
* I need the "Operators" group to be able to write in the "1-Recording" folder, while the editors write in the "2-Edit" and the mixers read and write in the "3-Mixing" folder.

I'm used to using synology NAS and there the creation of permissions on folders and subfolders is extremely simple and straightforward. As a new user of TrueNAS scale, I've been having this difficulty. I've read in some places people saying to use chmod and chown, but I'm not sure if it should be done only through ssh or if there is some other way.

Thank you very much for your attention and I would appreciate it if you could take a little time to answer my question. Have a nice day!

 

[Ericloewe]

I've read in some places people saying to use chmod and chown,

Avoid those places, they're wrong.

The standard way of doing this is from a client that speaks SMB, which more often than not means Windows. You simply edit the permissions of individual directories or files just as you would on a share served by Windows Server, for instance.

 

[Vbritesp]

Thank you very much Ericloewe! So this means that there is no way to do those changes using the TrueNAS scale web interface, right?

Thank you for helping me.

 

[Ericloewe]

I don't think so - you could hack them directly from the CLI, but that's painful and error-prone.

 

[winnielinnie]

So this means that there is no way to do those changes using the TrueNAS scale web interface, right?

Only if they ever implement a file manager built into the GUI, like with some other NASes.

The feature was "accepted": https://ixsystems.atlassian.net/browse/NAS-100085

But it's unclear when/if it will be implemented: https://ixsystems.atlassian.net/browse/NAS-109580

Maybe it'll see a debut in Dragonfish or... Extreme Electric Eel?

 

[Ericloewe]

The impetus was substantially reduced by the implementation of the per-dataset ACL editor. That solves 90% of the problem as far as permissions go, and there are already options to access the files.

 

[Vbritesp]

Well, if the acls of subfolders was implemented in the GUI this would be excellent! Thats because i'm planning to use TrueNAS in production (with a 6 core 12 thread cpu, 10Gbe network and SSDs) and to this objective I really need the capability to change subfolders permissions because of the natural workflow of the bussiness...

Well, I validated that the only/correct way to change subfolders permissions is using a smb client with an authorized account. But more than that, windows seems to be the best choice, what is a problem for me, because 99% of the computers in my company are MacOS, meaning that I'm facing a hard time to find a windows pc to be exclusivelly destinated to do this job. The problem with MacOS is that the advanced ACLs are not available, this means that using a Mac its only possible to choose read/write/full permissions, so the options to deny deletion of the folder is not available and this is ultra usefull for me.

I'm trying to find a way to change advanced permissions with MacOS.


THANK YOU VERY MUCH GUYS! your help was very important for me. Have a nice day!

 

[Ericloewe]

That's the sort of thing where you probably want datasets instead of directories, rendering this a moot point in the process...

 

[Vbritesp]

You're right. I did not undestood previously that I could create sub-datasets... So, after searching and reading it looks like datasets are more slow to be created (because of the manual effort), but can apply lots of features (like compression, snapshots, etc) that a conventional directories can't...

I'll follow your advice and substitute the conventional directories folders and subfolders for datasets and subdatasets. Also, after testing it, it looks like there is no practical diference for users accessing those folders over SMB, doesn't matter if they are directories or datasets, right?

Is there any performance diference?

Also, if applying compression, which CPU will handle the decompression, the SMB client or the TrueNAS server? I mean, compressing datasets might have a performance impact, won't it?

 

[Ericloewe]

Also, after testing it, it looks like there is no practical diference for users accessing those folders over SMB, doesn't matter if they are directories or datasets, right?

Mostly no difference.

Is there any performance diference?

No.

Also, if applying compression, which CPU will handle the decompression, the SMB client or the TrueNAS server? I mean, compressing datasets might have a performance impact, won't it?

Two things: your question reveals a fundamental misunderstanding - everything is inside a dataset, compression and similar features apply to everything inside the dataset (unless child datasets are configured differently). You don't magically lose compression because the share is a directory and not a dataset (mounted at said directory).
As for performance, LZ4 is typically considered fast enough that it will increase performance (on spinning rust anyway) by virtue of needing to write less. You probably have it enabled already, since it's the default. Other options exist, but they are mostly slower, offering better compression in exchange.

 

[Vbritesp]

Understood. Thank you very much for your clarification! I'll begin to this it in production, i think it you perform much better our Synology NAS. Have a nice day!