Good Afternoon,
Hoping for some help on this issue as I've googled everything I could think of and tried different ways of doing this to no avail.
Goal; Setup permissions on FreeNAS smb shares using groups to control user access.
Issue; I somehow got /mnt/nas/media working correctly as I can browse/edit/add/delete/etc (As far as I can tell-not sure about other users security access) however my /mnt/tank/backups is visible in Windows 10 network browser window list however when I go to browse it I get a permission error.
I've tried matching the owner/group to nasadmin/nasadmins (default is root/wheel) on /mnt/tank/backups which didn't help, I've added the wheel group to my useraccount which didn't help. I'm not sure what I'm doing wrong but the last time I setup ACL was FreeNas 9/10 (2018) on the legacy interface which worked wonders.
Here is my setup
root@freenas[~]# uname -a
/mnt/nas/media
/mnt/tank/backups
Hoping for some help on this issue as I've googled everything I could think of and tried different ways of doing this to no avail.
Goal; Setup permissions on FreeNAS smb shares using groups to control user access.
Issue; I somehow got /mnt/nas/media working correctly as I can browse/edit/add/delete/etc (As far as I can tell-not sure about other users security access) however my /mnt/tank/backups is visible in Windows 10 network browser window list however when I go to browse it I get a permission error.
I've tried matching the owner/group to nasadmin/nasadmins (default is root/wheel) on /mnt/tank/backups which didn't help, I've added the wheel group to my useraccount which didn't help. I'm not sure what I'm doing wrong but the last time I setup ACL was FreeNas 9/10 (2018) on the legacy interface which worked wonders.
Here is my setup
root@freenas[~]# uname -a
Code:
FreeBSD freenas.home.***.ca 11.3-RELEASE-p5 FreeBSD 11.3-RELEASE-p5 #0 r325575+8ed1cd24b60(HEAD): Mon Jan 27 18:07:23 UTC 2020 root@tnbuild02.tn.ixsystems.com:/freenas-releng/freenas/_BE/objs/freenas-releng/freenas/_BE/os/sys/FreeNAS.amd64 amd64
/mnt/nas/media
Code:
root@freenas[~]# ls -al /mnt/nas/media
total 109
dr-xrwxr-x+ 8 nasadmin nasadmins 9 Jan 26 16:47 .
drwxr-xr-x 5 root wheel 6 Dec 7 01:16 ..
-r-xrwxr-x+ 1 nasadmin nasadmins 0 Dec 5 00:36 .windows
dr-xrwxr-x+ 9 nasadmin nasadmins 9 Dec 5 09:26 Applications
dr-xrwxr-x+ 26 nasadmin nasadmins 27 Jan 28 15:49 Games
dr-xrwxr-x+ 30 nasadmin nasadmins 30 Dec 5 16:32 Movies
dr-xrwxr-x+ 4 nasadmin nasadmins 4 Dec 5 09:34 Music
dr-xrwxr-x+ 5 nasadmin nasadmins 7 Dec 5 09:25 PodCasts
dr-xrwxr-x+ 198 nasadmin nasadmins 198 Dec 5 09:20 TV Series
root@freenas[~]# getfacl /mnt/nas/media
# file: /mnt/nas/media
# owner: nasadmin
# group: nasadmins
group:nasadmins:rwxpDdaARWcCo-:fd-----:allow
everyone@:r-x---a-R-c---:fd-----:allow
group:media_user_rw:rwxpDdaARWcCo-:fdi----:allow
root@freenas[~]# sharesec Media -v
REVISION:1
CONTROL:SR|DP
OWNER:
GROUP:
ACL:S-1-1-0:ALLOWED/0x0/FULL
/mnt/tank/backups
Code:
root@freenas[~]# ls -al /mnt/tank/backups
total 10
drw-rw-r--+ 3 root wheel 4 Feb 2 22:25 .
drw-rw-r-- 6 root wheel 7 Jan 26 10:55 ..
----------+ 1 root wheel 0 Jan 26 10:55 .windows
d---------+ 2 root wheel 2 Feb 2 22:25 test
root@freenas[~]# getfacl /mnt/tank/backups
# file: /mnt/tank/backups
# owner: root
# group: wheel
owner@:rw-p--aARWcCos:-------:allow
group@:rw-p--a-R-c--s:-------:allow
everyone@:r-----a-R-c--s:-------:allow
group:nasadmins:rwxpDdaARWcCo-:fd-----:allow
everyone@:--------------:fd-----:allow
root@freenas[~]# sharesec Backups -v
REVISION:1
CONTROL:SR|DP
OWNER:
GROUP:
ACL:S-1-1-0:ALLOWED/0x0/FULL
