Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Permission problem after upgrade

shadowempire

Member
Joined
Apr 13, 2021
Messages
26
Hi TrueNAS community,
maybe somebody can help with my problem...

I have a HP Microserver Gen8 which I just upgraded from "TrueNAS CORE 12.0-U5.1" to "TrueNAS-SCALE-21.08-BETA.1".
Upgrade did not work, got some error messages (maybe because I changed booting from "with USB chainloader" to "Raid boot").
But this is another story...

So in the end I did a fresh install.
Now I did an import from my data pools, created a new user and share, assigned the user permissions to the share...
Under Windows I can connect to the share with the user, and I can create folders....
But I can not access the existing folders within the share.

My username is roci


Code:
root@truenas:/# ls -lrta /mnt
total 19
drwxr-xr-x 20 root root 30 Aug 31 01:23 ..
drwxr-xr-x  3 root root  3 Sep 13 14:05 Pool4TB
drwxr-xr-x  5 root root  5 Sep 13 14:06 .
drwxr-xr-x  6 root root  6 Sep 13 14:07 PoolSSD256GB
drwxr-xr-x  3 root roci  3 Sep 14 11:15 tray3

root@truenas:/# ls -lrta /mnt/tray3/
total 10
drwxr-xr-x 5 root root 5 Sep 13 14:06 ..
drwxrwx--- 6 roci roci 6 Sep 14 10:40 media
drwxr-xr-x 3 root roci 3 Sep 14 11:15 .

root@truenas:/# ls -lrta /mnt/tray3/media/
total 27
d---------  3 roci roci  3 May  2 13:56  archiv
d--------- 10 roci roci 12 Sep  2 18:08  downloads
d---------  8 roci roci  8 Sep 13 19:11  2watch
drwxrwxrwx  2 roci roci  2 Sep 14 10:40 'Neuer Ordner'
drwxrwx---  6 roci roci  6 Sep 14 10:40  .
drwxr-xr-x  3 root roci  3 Sep 14 11:15  ..


I think it is related to acl reset permissions, but I could not figure it out.

thx for an help!
 

Attachments

shadowempire

Member
Joined
Apr 13, 2021
Messages
26
ls -l is the wrong tool to see ACLs. If it's nfs4 acl `nfsxdr_getfacl` if posix1e `getfacl`.


root@truenas:~# getfacl /mnt
getfacl: Removing leading '/' from absolute path names
# file: mnt
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

root@truenas:~# getfacl /mnt/tray3
getfacl: Removing leading '/' from absolute path names
# file: mnt/tray3
# owner: root
# group: roci
user::rwx
group::r-x
other::r-x

root@truenas:~# getfacl /mnt/tray3/media/
getfacl: Removing leading '/' from absolute path names
# file: mnt/tray3/media/
# owner: roci
# group: roci
user::rwx
group::rwx
other::---
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
7,517

root@truenas:~# getfacl /mnt
getfacl: Removing leading '/' from absolute path names
# file: mnt
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

root@truenas:~# getfacl /mnt/tray3
getfacl: Removing leading '/' from absolute path names
# file: mnt/tray3
# owner: root
# group: roci
user::rwx
group::r-x
other::r-x

root@truenas:~# getfacl /mnt/tray3/media/
getfacl: Removing leading '/' from absolute path names
# file: mnt/tray3/media/
# owner: roci
# group: roci
user::rwx
group::rwx
other::---
If this came from FreeBSD it should have NFSv4 acltype if you want to preserve your permissions. POSIX1e getfacl will fake-up and ACL if one is not present. These particular tools are not meant to be user facing and so they are somewhat inconvenient. You can also try `midclt call filesystem.getacl <path>` which will show the right thing regardless of ACL type.
 

shadowempire

Member
Joined
Apr 13, 2021
Messages
26
If this came from FreeBSD it should have NFSv4 acltype if you want to preserve your permissions. POSIX1e getfacl will fake-up and ACL if one is not present. These particular tools are not meant to be user facing and so they are somewhat inconvenient. You can also try `midclt call filesystem.getacl <path>` which will show the right thing regardless of ACL type.
If this came from FreeBSD it should have NFSv4 acltype if you want to preserve your permissions. POSIX1e getfacl will fake-up and ACL if one is not present. These particular tools are not meant to be user facing and so they are somewhat inconvenient. You can also try `midclt call filesystem.getacl <path>` which will show the right thing regardless of ACL type.

well, I am on TrueNAS-SCALE-21.08-BETA.1 which runs under Linux.
here is more info:


root@truenas:~# uname -a
Linux truenas.local 5.10.42+truenas #1 SMP Mon Aug 30 21:54:59 UTC 2021 x86_64 GNU/Linux

root@truenas:~# midclt call filesystem.getacl /mnt
{"uid": 0, "gid": 0, "acl": [{"default": false, "tag": "USER_OBJ", "id": -1, "perms": {"READ": true, "WRITE": true, "EXECUTE": true}}, {"default": false, "tag": "GROUP_OBJ", "id": -1, "perms": {"READ": true, "WRITE": false, "EXECUTE": true}}, {"default": false, "tag": "OTHER", "id": -1, "perms": {"READ": true, "WRITE": false, "EXECUTE": true}}], "flags": {"setuid": false, "setgid": false, "sticky": false}, "acltype": "POSIX1E", "trivial": true}

root@truenas:~# midclt call filesystem.getacl /mnt/tray3
{"acl": [{"tag": "owner@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": true, "EXECUTE": true, "APPEND_DATA": true, "DELETE_CHILD": false, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": true, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": true, "READ_ACL": true, "WRITE_ACL": true, "WRITE_OWNER": true, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}, {"tag": "group@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": false, "EXECUTE": true, "APPEND_DATA": false, "DELETE_CHILD": false, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}, {"tag": "everyone@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": false, "EXECUTE": true, "APPEND_DATA": false, "DELETE_CHILD": false, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}], "trivial": false, "uid": 0, "gid": 0, "path": "/mnt/tray3", "nfs41_flags": {"protected": false, "autoinherit": true}, "acltype": "NFS4"}

root@truenas:~# midclt call filesystem.getacl /mnt/tray3/media
{"acl": [{"tag": "owner@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": true, "EXECUTE": true, "APPEND_DATA": true, "DELETE_CHILD": true, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": true, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": true, "READ_ACL": true, "WRITE_ACL": true, "WRITE_OWNER": true, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}, {"tag": "group@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": true, "EXECUTE": true, "APPEND_DATA": true, "DELETE_CHILD": true, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}, {"tag": "everyone@", "id": -1, "perms": {"READ_DATA": false, "WRITE_DATA": false, "EXECUTE": false, "APPEND_DATA": false, "DELETE_CHILD": false, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}], "trivial": true, "uid": 1001, "gid": 1001, "path": "/mnt/tray3/media", "nfs41_flags": {"protected": false, "autoinherit": false}, "acltype": "NFS4"}

 

shadowempire

Member
Joined
Apr 13, 2021
Messages
26
Got no support yet :(
somebody else experiencing this problem or having a solution? - thx
Is there a command to repair my permissions?
 

oumpa31

Member
Joined
Apr 7, 2015
Messages
210
I had the same issues I ended up removing all the permissions on all of my datasets and starting over. It took a couple hours but finally had access to everything. I noticed when i was trying to set ACL permissions in Scale21.08 it wouldn't set them recursively. I had to do that in windows.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
7,517
I had the same issues I ended up removing all the permissions on all of my datasets and starting over. It took a couple hours but finally had access to everything. I noticed when i was trying to set ACL permissions in Scale21.08 it wouldn't set them recursively. I had to do that in windows.
There's a webui bug in 21.08 unfortunately that prevents setting permissions recursively. With nfs4 acltype, you can force inheritance by running the command `nfs4xdr_winacl -a clone -rv -p <path>`
 

shadowempire

Member
Joined
Apr 13, 2021
Messages
26
There's a webui bug in 21.08 unfortunately that prevents setting permissions recursively. With nfs4 acltype, you can force inheritance by running the command `nfs4xdr_winacl -a clone -rv -p <path>`
thx, will try.
I agree, looks like there is a bug setting permissions recursively.
 

shadowempire

Member
Joined
Apr 13, 2021
Messages
26
There's a webui bug in 21.08 unfortunately that prevents setting permissions recursively. With nfs4 acltype, you can force inheritance by running the command `nfs4xdr_winacl -a clone -rv -p <path>`
thx, seems it worked!
 
Top