Need help with setting permissions and groups

jbarry14

Explorer
Joined
May 23, 2022
Messages
56
I am fairly new to TrueNas and servers in general. I built a server and installed TrueNas. I then ran an Rsync command to transfer all documents from an older server to the new TrueNas. The server is running TrueNas 13. I have multiple users both on Mac and PC. I need to be able to allow everyone to read and write on all folders. But we are experiencing a lot of locked folders. When I try to unlock them, they just revert back to locked. How do I just set it up so all users have all access to the entire server. It seems like no matter what settings I change, It doesn't matter. I have made several users and added them all to the wheel group. In edit permission for my pool, I have all users and groups set to full control. It is becoming a pain when multiple designers can't work on a project, or the machine operators cant save files to those folders, because the folders are locked. Again, I am new to this so I would appreciate any advice or explanations as to how permissions work. I have tried searching the forums for a similar problem to mine, but I have not found one yet.
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,211
You are more likely to get help if you give more information about your settings.
  1. Are you sharing TrueNAS folders using SMB, NFS, or what?
  2. Give all the share settings for an example share where you are having trouble.
  3. The Edit Permissions settings for the shared dataset.
  4. If you have ever changed Permission settings for the dataset, did you change permissions recursively?
  5. How/what user is authenticating from a client computer when trying to access the share.
I'm guessing ACLs might be causing your problems. I don't know much about them except that they are a PITA.

You ask how to give all access to everyone. What have you tried? In the dataset permissions (not the pooll permissions), have you tried checking all permissions for all users and groups, and the changing permissions recursively?
 

jbarry14

Explorer
Joined
May 23, 2022
Messages
56
I'm sorry, a lot of this is new to me.
I am sharing using SMB and AFP.
I have added a screenshot of my edit permissions for the shared dataset.
When I have tried to change permissions, I stripped ACLS and tried both changing permissions recursively and without.
We have about 8 users connecting from both mac and PCs, It seems it happens to mac users. They create a folder and it is locked to them and other users cant write to it.

I also tried just using the simple ACL to allow all users to read and write and that didn't make a difference with the locked folders. I would just like to find a way to allow access to all folders from all users.


editoermissions.jpg
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,211
Please clarify - are you sharing the same dataset with both SMB and AFP? If so, there's your problem. That's a big no-no. You would have to use SMB for all. Macs can deal with SMB and Apple is apparently deprecating AFP.
 

jbarry14

Explorer
Joined
May 23, 2022
Messages
56
Please clarify - are you sharing the same dataset with both SMB and AFP? If so, there's your problem. That's a big no-no. You would have to use SMB for all. Macs can deal with SMB and Apple is apparently deprecating AFP.

Ok, I will try shutting off AFP. This is how i have it setup now.

AFP.png
SMB.jpg
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,211
1. I don't know if just turning off AFP will be enough to fix things. There may be residual effects of having used AFP.
2. I have no idea why the SMB share settings include these multi-protocol (AFP/SMB) presets. I thought that was verboten, unless one was read-only. I think we need to ask the Sambassador, @anodos , for help with this issue.
 

jbarry14

Explorer
Joined
May 23, 2022
Messages
56
1. I don't know if just turning off AFP will be enough to fix things. There may be residual effects of having used AFP.
2. I have no idea why the SMB share settings include these multi-protocol (AFP/SMB) presets. I thought that was verboten, unless one was read-only. I think we need to ask the Sambassador, @anodos , for help with this issue.
I did try turning off AFP and reconnecting the Mac computers using SMB. That seemed to have fixed the problem with locked folders.

Although, Now I am having an issue with the TrueNas sever completely going offline. The power light goes out, but the disk lights are still on. I have been having to force restart the machine every morning to get it to come back online. I am not sure why this is happening now. It was operating great for months, no problems.
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,211
Although, Now I am having an issue with the TrueNas sever completely going offline. The power light goes out, but the disk lights are still on. I have been having to force restart the machine every morning to get it to come back online.
That sounds bad, but unrelated. I would start looking at logs, like /var/log/messages and /var/log/debug.log, and look for anything bad happening just before it goes offline. Then I suggest starting a new thread.
 

jbarry14

Explorer
Joined
May 23, 2022
Messages
56
That sounds bad, but unrelated. I would start looking at logs, like /var/log/messages and /var/log/debug.log, and look for anything bad happening just before it goes offline. Then I suggest starting a new thread.
Yes, I started a new thread. I think it might have to do with a bios setting and my AMD processors. I will also update OS to 13U2
 

jbarry14

Explorer
Joined
May 23, 2022
Messages
56
Hi guys. I am having to reset this thread. I am having more permissions issues. All of the settings I changed above did work for quite a while. Now, there are files randomly here and there that the designers cannot save over. It says they do not have permission to save. I go into truenas and I strip the ACLS and give full control to all users and groups and then they can save over the file. Why do I need to do this once and a while for them to be able to save over files? There are no permissions or locks on their end. Are there any ideas of what I can do to fix this issue.
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,211
Hi guys. I am having to reset this thread. I am having more permissions issues. All of the settings I changed above did work for quite a while. Now, there are files randomly here and there that the designers cannot save over. It says they do not have permission to save. I go into truenas and I strip the ACLS and give full control to all users and groups and then they can save over the file. Why do I need to do this once and a while for them to be able to save over files? There are no permissions or locks on their end. Are there any ideas of what I can do to fix this issue.
When you make such permission changes, are you doing it recursively? At the dataset level? Changing the share settings accordingly?
 

jbarry14

Explorer
Joined
May 23, 2022
Messages
56
@Glorious1 I am changing the permissions a the dataset level. I am also doing it recursively. Which share settings do I need to change? There are no permissions options. The ACL is set to Open. Also, I have Mac and Windows computers using the server. I only have SMB enabled with multi protocol. The Edit ACL mode type is set to allowed.
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,211
First let me make clear I am far from an expert on SMB and ACLs. So take my advice with a grain of salt.

OK, lets back up. You have a pool called KJData-Z2. The pool has a root dataset of the same name. In Storage > Pools, you can see it under the pool. Any datasets contained in the root dataset are indented under it. In your first screenshot it appears you have a dataset of the same name as the root dataset (/mnt/KJData-Z2/KJData-Z2), which seems needlessly confusing.

You shouldn't put anything in the root dataset (other than other datasets) and you shouldn't share it. One of your screenshots shows an SMB share of the root dataset /mnt/KJData-Z2. You should delete those and just make shares of the sub-datasets.

You asked about share settings. With the share there is a menu option called Edit Share Permissions. I don't know if anything there needs changing.

As I said before, I suspect some lingering ACLs may be playing havoc with your sharing, and causing lack of access where you think there should be. Personally, I don't need ACLs and the complexity they bring. If you want "simple" Unix permissions, you can
1. In the shares, uncheck Enable ACL.
2. In the dataset Edit Permissions, at the bottom, click Strip ACLs.
3. Then you can go back into Edit Permission and see that owner, group, and access modes are what you want (sounds like you want to check all the boxes, but you might want to back off the modes a bit for security after you get it to work). If you change owner or group, check the confirm box with those. If appropriate, check the recursive button.

Sharing then will hopefully be more straightforward.
 

jbarry14

Explorer
Joined
May 23, 2022
Messages
56
I get what you are saying. It is not confusing to me. We had an old drobo server that the best way to transfer all of the data to this new server was using an Rsync command, and that created a new dataset on the root dataset.

I have been looking through all of the settings, and I have yet to find a check box for enabling/disabling ACLs
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,211
It's in the share settings (for Windows shares). I think it's the first checkbox.
 

jbarry14

Explorer
Joined
May 23, 2022
Messages
56
Ok, I have to change it to no presets to uncheck that box. I currently have it set to multi protocol SMB/AFP.
 

Glorious1

Guru
Joined
Nov 23, 2014
Messages
1,211
Okay
 
Top