Permissions in SMB Dataset

[corin.corvus]

Hi,

sry for this noob question, but how i can force Owner and Group?
If i copy files in the dataset, my user and group is on the file. The app need owner and group permissions to read the file.
I wont give everyone permissions. At the moment i must copy the data and after i need to apply the permissions recursive again.

Its a SMB Dataset with default Share.
Do i need a generic Dataset?





Thanks

 

[Samuel Tai]

No, you just need some auxiliary parameters in your share:

force user = apps
force group = apps

See https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html.

 

[corin.corvus]

Can i do this in the Truenas Webgui?

 

[Samuel Tai]

Can i do this in the Truenas Webgui?

Yes, edit your share parameters.

 

[corin.corvus]

Ok.

I tried, but it is not working:

I tested it 4 times:

force user = 568 \
force group = 568

force user = 568
force group = 568

force user = apps \
force group = apps

force user = apps
force group = apps

No Option work.
Every Change i restart SMB Service.
After i copy some testfile. The User and Group is not apps.

 

[Samuel Tai]

Are you using Active Directory?

 

[spuky]

after creating your share click on the 3 dots and then Filesystem ACL

then set user and Group to apps and make sure to check the Apply User and And Apply Group checkbox
Need to give the Users coping to that share the required Permissions...

Edit:

Are you using Active Directory?

this works without active directory but I have no expirence with active directory

 

[corin.corvus]

Are you using Active Directory?

Yes

 

[corin.corvus]

after creating your share click on the 3 dots and then Filesystem ACL

then set user and Group to apps and make sure to check the Apply User and And Apply Group checkbox
Need to give the Users coping to that share the required Permissions...


View attachment 59893


Edit:

if i click on the 3 dots and go in the filesystem acl i am here:

I dont find an Option to come in your Picture.
I cant force user in my ACL Edit.

 

[spuky]

you are on scale from what it looks like... ( I am using core )

 

[Samuel Tai]

As you're using Active Directory, you need to specify the local domain; otherwise, the force user/group call will search your domain for a match. Try:

force user = .\apps
force group = .\apps

However, I don't run Active Directory myself, so I don't know if this will work or not. @anodos, is this the correct way of doing this?

 

[anodos]

That seems like a rather poorly-designed app if it must be owner and group.
Depending on context, you can set "inherit owner = yes" as a share-level auxiliary parameter, and change owner of existing files to what you want it to remain.

This ensures that newly-created files via SMB will keep same owner without completely eliminating flexibility of using different accounts with different access levels.

 

[yng_griff]

That seems like a rather poorly-designed app if it must be owner and group.
Depending on context, you can set "inherit owner = yes" as a share-level auxiliary parameter, and change owner of existing files to what you want it to remain.

This ensures that newly-created files via SMB will keep same owner without completely eliminating flexibility of using different accounts with different access levels.

Hello, can you help me with question of this topic. Can i add this auxiliary parameter in version TrueNAS 23.10, after update this fields just disappired?

 

[anodos]

Hello, can you help me with question of this topic. Can i add this auxiliary parameter in version TrueNAS 23.10, after update this fields just disappired?

They are accessible via CLI.