Issues with moving my shares to freenas

[xCatalystx]

so long story short i've been using versions of linux for my home servers for years and have recently made the jump to freenas. I just cannot seem to get my head around the way permissions are handled as there are not providing the results I expected. Some guidance would be helpful. Im use to using the read write allow ignore lists in the samba conf. ie:

[someshare]
read list = "user1"
write list = "user2"

Than setting the appropriate file/folder masks.

I tried using the windows ACL's and they were kind of working, but than jails would be broken. If i swapped to unix than i couldn't get the windows restrictions (root level) i wanted, but jails would work fine.

An example of what i am trying to accomplish is (the previous way i did it):
[Share 1]
path = /path/to/dir
invalid users = "guest"
read list = "user1"
write list = "admin",@"administrators"
valid users = "admin",@"administrators","user1"
inherit permissions = yes
recycle bin = yes

I would than need a jail to have read/write access to a subfolder in that share; but still allow users to read/write any files the jail added/removed when mounted.

Hope this makes sense.. Spent several days trying to get this to work and about to give up and go 777 guest everything >_<

 

[anodos]

You want to use unix permissions and share definitions for access control. That's understandable. What is the problem you are having? Authentication (access denied to share) or permissions (share read-only or can't delete, etc)?

For reference post following:

• Version of freenas
• Hardware specs
• /usr/local/etc/smb4.conf
• Output of "getfacl <folder>" for share

 

[xCatalystx]

You want to use unix permissions and share definitions for access control. That's understandable. What is the problem you are having? Authentication (access denied to share) or permissions (share read-only or can't delete, etc)?

For reference post following:

• Version of freenas
• Hardware specs
• /usr/local/etc/smb4.conf
• Output of "getfacl <folder>" for share

anodos,

I just fixed this like 5mins ago. Taken me days... I was use to using the smb access lists (write read etc) but it wasn't working even if i edited the conf file.

Anyways after finding the getfacl / setfacl cmds i gave windows acl another shot. Seems to all be working and playing nice with my jails atm. Guess will see.

Guess the big change of freebsd + samba4 has been abit rattled. =P (been a Debian/Linux user for way to long...)

3am so i guess ill report back tomorrow if i run into any issues.

 

[xCatalystx]

So far so good. Only problem ive ran into is a mirror one.

It seems one of my jails cannot chmod files ( i believe this might be due to inheritance)

Layout is like so:

-/rootfolder (owner: full, group:full, everyone: read)
---/subfolder (owner:full, group:full, everyone: none)

Now i believe the scirpt is copying the file (to subfolder) than running chmod 664 on it.

With permissions being inherited from the subfolder , i think it is stopping it. The jail user is a member of the group inside the jail and has full rights to the files/folders in the jail (can test by ee a file that was created by another user)

Any ideas, or is what is concluded correct? Heres the output of getfacl from both inside n out.

FreeNAS-9.3-STABLE-201412090832

###FILE: INSIDE OF THE JAIL ###

# file: examplefile.log
# owner: media
# group: Administrators
user:media:rwxpDdaARWcCos:------:allow
everyone@:r-x---a-R-c---:------:allow
group@:rwxpDdaARWcCo-:------:allow
user:1002:rwxpDdaARWcCo-:------:allow //1002 is admin local to freenas, not required by jail
owner@:rwxpDdaARWcCo-:------:allow

###FILE: FREENAS ###

# file: examplefile.log
# owner: media
# group: Administrators
user:media:rwxpDdaARWcCos:------:allow
everyone@:r-x---a-R-c---:------:allow
group@:rwxpDdaARWcCo-:------:allow
user:admin:rwxpDdaARWcCo-:------:allow
owner@:rwxpDdaARWcCo-:------:allow

###ParentFolder: FREENAS ###
# file: Subfolder/
# owner: root
# group: Administrators
everyone@:r-x---a-R-c---:fd----:allow
group@:rwxpDdaARWcCo-:fd----:allow
user:admin:rwxpDdaARWcCo-:fd----:allow
owner@:rwxpDdaARWcCo-:fd----:allow