Good Afternoon,
Hoping for some help on this issue as I've googled everything I could think of and tried different ways of doing this to no avail.
Goal; Setup permissions on FreeNAS smb shares using groups to control user access.
Issue; I somehow got /mnt/nas/media working correctly as I can browse/edit/add/delete/etc (As far as I can tell-not sure about other users security access) however my /mnt/tank/backups is visible in Windows 10 network browser window list however when I go to browse it I get a permission error.
I've tried matching the owner/group to nasadmin/nasadmins (default is root/wheel) on /mnt/tank/backups which didn't help, I've added the wheel group to my useraccount which didn't help. I'm not sure what I'm doing wrong but the last time I setup ACL was FreeNas 9/10 (2018) on the legacy interface which worked wonders.
Here is my setup
root@freenas[~]# uname -a
/mnt/nas/media
/mnt/tank/backups
Hoping for some help on this issue as I've googled everything I could think of and tried different ways of doing this to no avail.
Goal; Setup permissions on FreeNAS smb shares using groups to control user access.
Issue; I somehow got /mnt/nas/media working correctly as I can browse/edit/add/delete/etc (As far as I can tell-not sure about other users security access) however my /mnt/tank/backups is visible in Windows 10 network browser window list however when I go to browse it I get a permission error.
I've tried matching the owner/group to nasadmin/nasadmins (default is root/wheel) on /mnt/tank/backups which didn't help, I've added the wheel group to my useraccount which didn't help. I'm not sure what I'm doing wrong but the last time I setup ACL was FreeNas 9/10 (2018) on the legacy interface which worked wonders.
Here is my setup
root@freenas[~]# uname -a
Code:
FreeBSD freenas.home.***.ca 11.3-RELEASE-p5 FreeBSD 11.3-RELEASE-p5 #0 r325575+8ed1cd24b60(HEAD): Mon Jan 27 18:07:23 UTC 2020 root@tnbuild02.tn.ixsystems.com:/freenas-releng/freenas/_BE/objs/freenas-releng/freenas/_BE/os/sys/FreeNAS.amd64 amd64
/mnt/nas/media
Code:
root@freenas[~]# ls -al /mnt/nas/media total 109 dr-xrwxr-x+ 8 nasadmin nasadmins 9 Jan 26 16:47 . drwxr-xr-x 5 root wheel 6 Dec 7 01:16 .. -r-xrwxr-x+ 1 nasadmin nasadmins 0 Dec 5 00:36 .windows dr-xrwxr-x+ 9 nasadmin nasadmins 9 Dec 5 09:26 Applications dr-xrwxr-x+ 26 nasadmin nasadmins 27 Jan 28 15:49 Games dr-xrwxr-x+ 30 nasadmin nasadmins 30 Dec 5 16:32 Movies dr-xrwxr-x+ 4 nasadmin nasadmins 4 Dec 5 09:34 Music dr-xrwxr-x+ 5 nasadmin nasadmins 7 Dec 5 09:25 PodCasts dr-xrwxr-x+ 198 nasadmin nasadmins 198 Dec 5 09:20 TV Series root@freenas[~]# getfacl /mnt/nas/media # file: /mnt/nas/media # owner: nasadmin # group: nasadmins group:nasadmins:rwxpDdaARWcCo-:fd-----:allow everyone@:r-x---a-R-c---:fd-----:allow group:media_user_rw:rwxpDdaARWcCo-:fdi----:allow root@freenas[~]# sharesec Media -v REVISION:1 CONTROL:SR|DP OWNER: GROUP: ACL:S-1-1-0:ALLOWED/0x0/FULL
/mnt/tank/backups
Code:
root@freenas[~]# ls -al /mnt/tank/backups total 10 drw-rw-r--+ 3 root wheel 4 Feb 2 22:25 . drw-rw-r-- 6 root wheel 7 Jan 26 10:55 .. ----------+ 1 root wheel 0 Jan 26 10:55 .windows d---------+ 2 root wheel 2 Feb 2 22:25 test root@freenas[~]# getfacl /mnt/tank/backups # file: /mnt/tank/backups # owner: root # group: wheel owner@:rw-p--aARWcCos:-------:allow group@:rw-p--a-R-c--s:-------:allow everyone@:r-----a-R-c--s:-------:allow group:nasadmins:rwxpDdaARWcCo-:fd-----:allow everyone@:--------------:fd-----:allow root@freenas[~]# sharesec Backups -v REVISION:1 CONTROL:SR|DP OWNER: GROUP: ACL:S-1-1-0:ALLOWED/0x0/FULL