Newbie permissions confusion

[MindMusic]

Hey there everyone,
I'm setting up a pair of FreeNAS Mini XL servers - one as a local Windows Network Share and one as an offsite mirror. I'm intending on syncing the two servers via SyncThing. In order for me to share a given directory directory over Samba I'm supposed to set up the Windows Share, via my FreeNAS GUI (my preferred method, being a newb) by going to Storage > Pools > "DataPool" > "WindowsShares" > Edit Permissions, where I specify the ACL Type as Windows. I seem to have that working and domain users can read from and write to that directory over the network...

Now I'm trying to make that share accessible to the Syncthing Jail's user... and I'm confused... https://www.youtube.com/watch?v=Xh2f1FdWWS4 says (around the 11:30 mark) that in order to make that directory accessible to Syncthing I have to go to that same place in the GUI and specify ACL Type Unix and basically blow open the perms. That seems to conflict with the permissions that I set up to allow that directory to be a Windows share, since I can't select ACL Types Windows and Unix at the same time... aaaaand now I'm confused...

Any suggestions on how to do this? I've a rudimentary knowledge of Unix and Windows permissions, but I'm learning as I go... Suggest that utilize the GUI are the most helpful... Thanks in advance... :)

 

[garm]

Why not use the built in synchronization? You have both ZFS Send and rclone available without the need of any added complexity with jails

 

[MindMusic]

Because I'm doing this for my work, have already presented the current plan to my boss, and designed the system to use Syncthing, gotten funding and purchased the hardware, and don't want to re-architect the entire solution because of a silly permissions hangup. I honestly don't know enough about ZFS Send and rclone to be able to compare and contrast it's capabilities with that of Syncthing.

Can anyone shed some light on this permissions issue? Surely I can't be the first person to try to use syncthing to sync a network fileshare... Thanks so much!

 

[garm]

You say you have a finished design but you do not have the permission schema solved? I would argue that you have some design work left to do..

Mixing ACL and Unix permissions isn’t trivial and I would say you need to pick one. Managing ACLs can be done in FreeBSD of course but you need to go to Syncthing for documentation if it can handle it.

Spend a few minutes to look through the documentation of the solution you include in your design. Start with https://www.ixsystems.com/documentation/freenas/11.2-U4.1/freenas.html

Specifically https://www.ixsystems.com/documentation/freenas/11.2-U4.1/tasks.html#replication-tasks
And
https://www.ixsystems.com/documentation/freenas/11.2-U4.1/tasks.html#cloud-sync-tasks

A jail is an added complexity you should have down prioritized early in your design process, I cannot see what restrictions would lead you to inventing the wheel in a jail for a off site replication. As an example, keeping Syncthing and the jail updated is added administration (=cost) and will make FreeNAS updates more complex as well. While the FreeNAS replication tasks are an integral part of FreeNAS and follow FreeNAS updates.

 

[MindMusic]

You say you have a finished design but you do not have the permission schema solved? I would argue that you have some design work left to do..

*sigh* Yes Garm. Thank you for your constructive criticism. You did notice that the first thing I said in the title was that I'm a newbie with this tech, right? Suffice it to say that I've already learned a shit-tonne for this endeavor, but with the steep learning curve designing on paper only goes so far. At some point I had to get beyond the sales brochures and docs, purchase some of the hardware and try to muddle my way through from there. That's the stage I'm currently at. And I just naturally expected that my FreeNAS mini could run Syncthing (since there's a plugin for it... and since each plugin runs within a jail, I'm using a jail), and expose SMB shares (since it's a NAS). I did not anticipate that there'd be a pedantic permissions issue preventing the two systems (Syncthing and SMB shares) touching each other, but hey... even the very wise cannot see all ends. At some point I just had to jump in and figure it out. I'm doin my best here. :p

As for the synchronization, I don't want to use the scheduled, built-in sync processes. They don't do what I'm looking for. With sync-thing I can create a virtualized network of OS-independent nodes that all self-coordinate and help share folders and files in real-time. I also have experience with BitTorrentSync so it's a style of technology that I'm more comfortable with. I therefore, for right or wrong, want to use the sync-thing plugin. Can anyone help me with my original permissions problem of allowing Syncthing to have Unix access perms to my SMB share? Thanks everyone. :)

 

[anodos]

*sigh* Yes Garm. Thank you for your constructive criticism. You did notice that the first thing I said in the title was that I'm a newbie with this tech, right? Suffice it to say that I've already learned a crap-tonne for this endeavor, but with the steep learning curve designing on paper only goes so far. At some point I had to get beyond the sales brochures and docs, purchase some of the hardware and try to muddle my way through from there. That's the stage I'm currently at. And I just naturally expected that my FreeNAS mini could run Syncthing (since there's a plugin for it... and since each plugin runs within a jail, I'm using a jail), and expose SMB shares (since it's a NAS). I did not anticipate that there'd be a pedantic permissions issue preventing the two systems (Syncthing and SMB shares) touching each other, but hey... even the very wise cannot see all ends. At some point I just had to jump in and figure it out. I'm doin my best here. :p

As for the synchronization, I don't want to use the scheduled, built-in sync processes. They don't do what I'm looking for. With sync-thing I can create a virtualized network of OS-independent nodes that all self-coordinate and help share folders and files in real-time. I also have experience with BitTorrentSync so it's a style of technology that I'm more comfortable with. I therefore, for right or wrong, want to use the sync-thing plugin. Can anyone help me with my original permissions problem of allowing Syncthing to have Unix access perms to my SMB share? Thanks everyone. :)

zfs set aclmode=passthrough <pool>/<dataset> Once you do that add permissions for a group for SMB users to the dataset: setfacl -a0 g:<smbgroup>:modify_set:fd:allow /mnt/<pool>/<dataset>.