Permission issues: how do I reclaim root ownership?

[ghostwolf59]

Hi,
I've run into some weird permission issues on some of my volumes and shares.
The other day I decided to take a closer look on how to improve access to data stored on my shares.
In the past I simply used the default Unix/Mac permission across my volumes and datasets and on this occasion I decided to see how I could change this across to a windows based security model.

Set up my primary owner with full control of what's stored (checking the recursive permission)
Then once set and saved I switched over to the windows based security model.
The first I noticed was the the group permission changed from read only to read-write once this was set.
This in turn seem to translate into giving the group full access to the data.

Second problem is that some folders and files is locked down from viewing by the primary owner.
Windows reports full ownership given to the primary owner but all the checks is greyed out and cant be modified. *advanced as well as general option when checking the security against folders.

Something clearly have gone wrong here so I decided to reclaim the ownership via nas admin interface.
1. reset the security model back to Unix/Mac, saved the settings
2. changed the primary owner back to root

Even though the primary owner is changed to root, the permission dont seem to stick.
I've tried to give full control to everyone, nas reports that the change was successful, but when checking it the permission have been reverted back to the limited one.
I also tried to ftp as root where I have made attempts to change the permission but this throws a "Operation not permitted" back.
Similarly I've tried to login from the shell and change permissions as root but so far no luck.
The only way now can see the data stored is by ftp into it. but even as root I am not allowed to change permissions on some folders and content.

I have no idea what's going on here - all I want to is to reclaim ownership that would allow me to retry this a second time.

I only have this problem on some folders and shares - most of them works just fine.

Would appreciate any advice on how to reset this back

cheers

 

[dlavigne]

Which version of FreeNAS?

Changing to Windows permissions should set the default permissions, which is what you saw. You should then use a Windows client to fine-tune the permissions to match your needs.

 

[ghostwolf59]

Which version of FreeNAS?

Changing to Windows permissions should set the default permissions, which is what you saw. You should then use a Windows client to fine-tune the permissions to match your needs.

I've tried this, but the settings were all locked down (both under "normal" and Advanced settings)
It puzzles me why root on the box can do things - even after changing it back to a MAC/Unix security model.

I've managed to work around this, but it requires me to ...
1. ftp into freenas
2. create a new folder
3. copy the offending folder content into the newly created folder
4. delete the offending folder
5. rename the newly created folder to what I just deleted
6. continue setting up the correct permissions

It now works, but it seem a bit screwy to be forced to do this - the only way I could access the content were from the shell or via ftp - so the idea of using the window client to set the correct permission sort of fell down the drain as this didn't allow me to do just that

cheers

 

[anodos]

I've tried this, but the settings were all locked down (both under "normal" and Advanced settings)
It puzzles me why root on the box can do things - even after changing it back to a MAC/Unix security model.

I've managed to work around this, but it requires me to ...
1. ftp into freenas
2. create a new folder
3. copy the offending folder content into the newly created folder
4. delete the offending folder
5. rename the newly created folder to what I just deleted
6. continue setting up the correct permissions

It now works, but it seem a bit screwy to be forced to do this - the only way I could access the content were from the shell or via ftp - so the idea of using the window client to set the correct permission sort of fell down the drain as this didn't allow me to do just that

cheers

I can't find the exact bug report, but the short version is that you can't switch back to Unix permission type through the GUI. Windows permissions work, but you have to configure them correctly. I recommend the following:
1) Post /usr/local/etc/smb4.conf (enclosed in code brackets)
2) Post details of your setup. Is this a home network with a single user? Is this a work network with 100 users?

Assuming that this is a simple home network, do the following:
3) Update to the latest version of FreeNAS (9.2.1.9)
4) Using the GUI, recursively change ownership of your dataset(s) to <user you use to authenticate/administer server> : <group that you will grant access>. Please don't use "root:wheel".
5) Using the GUI, remove all auxiliary parameters from your share config.
6) Using the GUI, open the config for your share. Check the box "apply default permissions" and hit "OK".
7) Stop using FTP to access your samba shares. :)

Steps (4) and (6) may take a while to complete. For reference, I did step (6) on a decent server recently for a share with a few million files. It took about an hour to complete.