FwuXi
Cadet
- Joined
- Sep 26, 2022
- Messages
- 3
Hi, I recently upgraded (sidegraded?) A TrueNAS Core 13 install to TrueNAS SCALE. However there were some issues in getting my Samba shares back up and running. I only had three, so I just opted to recreate the shares, and the issue seemed dealt with; however, while working with and learning the new container apps, I went to edit the ACLs of a share, and add the apps user as read-only, and in testing this I discovered that inheritance isn't respected?
For example, if I have a userA, and userB, besides the root user, and each user's primary group is their respective groups created on account creation, and they both share an auxiliary group of 'aGroup' then setup a dataset owned by root and aGroup, with ACLs for user@root and group@aGroup set to full-control with inheritance, and a SMB share is created for this dataset with defaults. A Windows client logged into userA can create a file, but the group is reported as userA, and not as aGroup. Thus userB cannot modify, delete, or otherwise interact with the file. If you create a file with the shell as root, the file correctly inherits the group and its permissions, and can be modified or deleted by members of aGroup.
Is there something I'm missing in regards to the ACL setup here, or is this an issue with TrueNAS SCALE today? I searched and found a few threads from back when Scale was in beta, each ending rather abruptly with no resolution. So I'm not 100% on whether this is a known issue, or if there's a fix for this behavior if I'm not mistaken in my ACL setup.
For example, if I have a userA, and userB, besides the root user, and each user's primary group is their respective groups created on account creation, and they both share an auxiliary group of 'aGroup' then setup a dataset owned by root and aGroup, with ACLs for user@root and group@aGroup set to full-control with inheritance, and a SMB share is created for this dataset with defaults. A Windows client logged into userA can create a file, but the group is reported as userA, and not as aGroup. Thus userB cannot modify, delete, or otherwise interact with the file. If you create a file with the shell as root, the file correctly inherits the group and its permissions, and can be modified or deleted by members of aGroup.
Is there something I'm missing in regards to the ACL setup here, or is this an issue with TrueNAS SCALE today? I searched and found a few threads from back when Scale was in beta, each ending rather abruptly with no resolution. So I'm not 100% on whether this is a known issue, or if there's a fix for this behavior if I'm not mistaken in my ACL setup.