I am having real problems with ACLs based on Active Directory domain.

J

j.lanham

Explorer
Joined
Aug 25, 2021
Messages
68
morganL said:
There are two major differences between CORE and SCALE:

1) FreeBSD and linux are very different. The way they handle file systems permissions are different. TrueNAS tries to mitigate those differences, but there are no guarantees. Millions of lines of code are different.

2) SCALE Bluefin is a .0 release with much less deployment time than 13.0. There may be bugs yet to be found. Complex use cases, such as this one are more likely to find untested pieces of code. There are billions of potential configurations.

If the use case doesn't allow time to troubleshoot and fix, we recommend CORE to users.
Click to expand...
@morganL Thanks for the explanation. I was assuming the acl aspect of the operating systems were basically the same especially since they are both unix like and they were both running ZFS for providing storage. I really didn't realize it's that different.
 
Last edited:
J

j.lanham

Explorer
Joined
Aug 25, 2021
Messages
68
j.lanham said:
@anodos I just noticed when looking at the share parameters page that all of the advanced options are greyed out except "allow guest access" and "legacy AFP Compatibility". I seem to remember that being the case when I deleted and readded the share while troubleshooting the ACL problems I'm having. Is that normal for Scale?
Click to expand...
Okay, I figured it out. I don't have to select a default setup, that opens everything up.
 
M

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,694
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
morganL said:
Linux (is not Unix) and OpenZFS did not support windows-style (NFSv4) ACLs until developed for SCALE.

https://www.softwaremag.com/truenas...orm-brings-full-windows-acl-support-to-linux/
Click to expand...
I'm working on other issues related to SCALE right now and haven't looked at this particular case closely yet. I don't see anything here that specifically indicates a bug in the implementation. Broadly speaking ACL implementation in SCALE and Core is identical if NFSv4 ACLs are used (in fact it's the same vfs module in Samba now). There is _potentially_ an edge-case issue with kernel DOS modes that I just worked aroud here: https://github.com/truenas/samba/commit/d4e2468348f0e393ffe3f5a95691cbd25e36201b

There was an issue with SCALE before bluefin where an upstream samba change regarding its userspace ACL inheritance algorithm basically broke the ability to disable auto-inheritance, but this doesn't impact things post-angelfish.
 
Last edited:
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Cursory review of your config shows you have auxiliary parameters on at least some of your shares. Remove them. If that still doesn't fix your issue then you can PM me a debug and I'll review as I have time. Do note that generally I limit the scope of my investigations to finding / fixing bugs (not fixing configuration issues).
 
J

j.lanham

Explorer
Joined
Aug 25, 2021
Messages
68
anodos said:
Cursory review of your config shows you have auxiliary parameters on at least some of your shares. Remove them. If that still doesn't fix your issue then you can PM me a debug and I'll review as I have time. Do note that generally I limit the scope of my investigations to finding / fixing bugs (not fixing configuration issues).
Click to expand...
@anodos I appreciate that and I understand. And I do appreciate your guidance. And I do believe it is a configuration problem from when I first setup the server under core. Just shows how little I understood of the underpinnings of the operating system. The root data set NASVOL1 is owned by an active directory user. Specifically Administrator. I think this is at the root of the problem (no pun intended). Do you know if there is a non destructive way to change it to root or am I in a world of hurt.
morganL said:
Linux (is not Unix) and OpenZFS did not support windows-style (NFSv4) ACLs until developed for SCALE.

https://www.softwaremag.com/truenas...orm-brings-full-windows-acl-support-to-linux/
Click to expand...
I appreciate it. Thank you.
 
Last edited:
J

j.lanham

Explorer
Joined
Aug 25, 2021
Messages
68
This is how it migrated it when I upgraded to Scale.

1673550789340.png
 
You must log in or register to reply here.

Similar threads

J
Explanation of NFSV4 ACL group@ in relation to active directory groups
Replies
2
Views
1K
j.lanham
J
O
SAMBA "Permission denied" in log.smbd
Replies
5
Views
2K
opana
O
cannfoddr
Messing with ACLs - Inheritance
Replies
0
Views
1K
cannfoddr
cannfoddr
U
File and Directory ACL Permissions difference when created from Linux vs Windows
Replies
1
Views
1K
bcat
bcat
S
SMB permissions with Active Directory integration
Replies
0
Views
5K
sysadmin97
S
Top