Permissions problem in freeNAS 11.3-U5

[avalon60]

I have a a pool of 1 disk solely for CCTV, and have created datasets for the cctv program and the cameras. In 11.2-U8 the cctv program was able to write to the said data sets. So I could then view the media which had being recorded by the cctv cameras.

Now with 11.3-U5 the same cctv cameras and program cannot record and failed to create a directory for the archive, in other words the program is not able to write to the same datasets.
For recording to happen what permissions do I need to apply in 11.3-U5, as they seem to be different than they are/were in 11.2-U8.

thanks

 

[anodos]

I have a a pool of 1 disk solely for CCTV, and have created datasets for the cctv program and the cameras. In 11.2-U8 the cctv program was able to write to the said data sets. So I could then view the media which had being recorded by the cctv cameras.

Now with 11.3-U5 the same cctv cameras and program cannot record and failed to create a directory for the archive, in other words the program is not able to write to the same datasets.
For recording to happen what permissions do I need to apply in 11.3-U5, as they seem to be different than they are/were in 11.2-U8.

thanks

There were many changes that happened between 11.2-U8 and 11.3-U5. On disk permissions though should not have been affected. What's the output of "testparm -s"?

 

[avalon60]

I can't access the shell from within 11.3, it's disabled along with services and shares in the left hand menu. I click on them and nothing happens!

Anyway I can ssh into my NAS and this is the result of testparm -s for xeoma

[xeoma]
aio write size = 0
available = No
comment = The CCTV share
ea support = No
guest ok = Yes
level2 oplocks = No
mangled names = illegal
oplocks = No
path = /mnt/CCTV/xeoma
read only = No
strict locking = Yes
vfs objects = streams_xattr zfs_space zfsacl
root@freenas:~ #

 

[anodos]

Try opening in private browsing tab (might be a caching issue in browser). What's output of getfacl /mnt/CCTV/xeoma?

 

[avalon60]

root@freenas:~ # getfacl /mnt/CCTV/xeoma
# file: /mnt/CCTV/xeoma
# owner: nobody
# group: xeoma
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:rwxpDdaARWc--s:fd-----:allow
everyone@:--------------:fd-----:allow
root@freenas:~ #

 

[anodos]

What is output of "pdbedit -Lv" and "net groupmap list"?

 

[anodos]

Also "getfacl /mnt/CCTV"

 

[avalon60]

root@freenas:~ # pdbedit -Lv" and "net groupmap list
Unknown parameter encountered: "Enable SMB1 support"
Ignoring unknown parameter "Enable SMB1 support"
Username not found!
root@freenas:~ #

root@freenas:~ # getfacl /mnt/CCTV
# file: /mnt/CCTV
# owner: root
# group: nobody
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow
root@freenas:~ #

Thanks

 

[anodos]

Can you give me output of cat /usr/local/etc/smb4.conf

 

[avalon60]

root@freenas:~ # cat /usr/local/etc/smb4.conf
#
# SMB.CONF(5) The configuration file for the Samba suite
# $FreeBSD$
#


[global]
dns proxy = No
aio max threads = 2
max log size = 51200
allocation roundup size = 0
load printers = No
printing = bsd
disable spoolss = Yes
dos filemode = Yes
kernel change notify = No
directory name cache size = 0
nsupdate command = /usr/local/bin/samba-nsupdate -g
unix charset = UTF-8
log level = 1
obey pam restrictions = True
enable web service discovery = True
server min protocol = NT1
map to guest = Bad User
server string = FreeNAS Server
bind interfaces only = Yes
netbios name = freenas
netbios aliases =
server role = standalone
workgroup = NETWORK
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
Enable SMB1 support =

include = /usr/local/etc/smb4_share.conf
root@freenas:~ #

Netgroupmap list:
root@freenas:~ # net groupmap list
Unknown parameter encountered: "Enable SMB1 support"
Ignoring unknown parameter "Enable SMB1 support"
Unknown parameter encountered: "Enable SMB1 support"
Ignoring unknown parameter "Enable SMB1 support"
xeoma (S-1-5-21-2814442701-2521436182-3283488189-1008) -> xeoma
Guests (S-1-5-32-546) -> 90000006
rob-ssd (S-1-5-21-2814442701-2521436182-3283488189-1002) -> 1001
guest (S-1-5-21-2814442701-2521436182-3283488189-1003) -> guest
nobody (S-1-5-21-2814442701-2521436182-3283488189-1004) -> nobody
plex (S-1-5-21-2814442701-2521436182-3283488189-1011) -> plex
media (S-1-5-21-2814442701-2521436182-3283488189-1005) -> media
Administrators (S-1-5-32-544) -> 90000004
plex-plexpass (S-1-5-21-2814442701-2521436182-3283488189-1012) -> 991
Users (S-1-5-32-545) -> 90000005
rob-Z97 (S-1-5-21-2814442701-2521436182-3283488189-1001) -> rob-Z97
root@freenas:~ #

 

[avalon60]

I deleted the xeoma dataset and the datasets ones below, then re added them in 11.3-U5. Now I don't get the smb snum 10 error, but the the xeoma program is failing to create the directories for the archive (/mnt/CCTV/xeoma0

I have edited the ACL for each dataset and have user as root and group as wheel, with the ACL option to OPEN. When I view the permissions on my Linux desktop the owner is 0 for all the directories or datasets.
I'm lost as to what else to do now.

The net group map list looks like this now:

root@freenas:~ # net groupmap list
Unknown parameter encountered: "Enable SMB1 support"
Ignoring unknown parameter "Enable SMB1 support"
Unknown parameter encountered: "Enable SMB1 support"
Ignoring unknown parameter "Enable SMB1 support"
Guests (S-1-5-32-546) -> 90000003
Administrators (S-1-5-32-544) -> 90000001
xeoma (S-1-5-21-2814442701-2521436182-3283488189-1000) -> xeoma
Users (S-1-5-32-545) -> 90000002
root@freenas:~ #

I ran the other above cmds since the changes and /mnt/CCTVgetfacl and /mnt/CCTV/xeoma both return allow for group and everyone

Thanks

 

[anodos]

Enable SMB1 support =
^^^ remove this parameter. It's invalid. (under Services->SMB)

 

[avalon60]

Thanks, but it doesn't seem to have made any difference regarding my initial problem. The xeoma cctv program is showing the same error message about not being able to create the directory /mnt/CCTV/xeoma

 

[anodos]

Thanks, but it doesn't seem to have made any difference regarding my initial problem. The xeoma cctv program is showing the same error message about not being able to create the directory /mnt/CCTV/xeoma

Right, but now that you've removed that file, let's try running "midclt call smb.synchronize_passdb". There is an edge-case bug in U5 that prevents passdb synchronization if there's an invalid auxiliary parameter in the global auxiliary parameters for the SMB service.

 

[anodos]

Nevermind. This is your problem:

Code:

root@freenas:~ # getfacl /mnt/CCTV
# file: /mnt/CCTV
# owner: root
# group: nobody
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow

Run the following command:
setfacl -m everyone@:rxaRc::allow /mnt/CCTV

Somehow you ended up stripping traverse rights for everyone who isn't "root" or in the "nobody" group.

 

[avalon60]

root@freenas:~ # midclt call smb.synchronize_passdb
125
root@freenas:~ # setfacl -m everyone@:rxaRc::allow /mnt/CCTV
root@freenas:~ #

I ran these again after the above:
root@freenas:~ # getfacl /mnt/CCTV/xeoma
# file: /mnt/CCTV/xeoma
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:rwxpDdaARWc--s:fd-----:allow
everyone@:--------------:fd-----:allow

root@freenas:~ # getfacl /mnt/CCTV
# file: /mnt/CCTV
# owner: root
# group: nobody
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:r-x---a-R-c---:-------:allow
root@freenas:~ #

I still have the same problem .

Thanks

 

[avalon60]

Ok, I think I have solved my problem now???
I did some reading up on shares in the guide, and then thought to add the xeoma directory as a windows share, I edited the ACL settings to nobody and allowed Guest, and set the ACL option to OPEN.
The said program is running without any error messages now, and has wrote some media files to the xeoma directory, which I have viewed.

In 11.2 xeoma was not added as a share, but /mnt/CCTV was, and xeoma was working fine, but didn't in 11.3.

The only problem I have now is that my linux desktop doesn't retrieve any files when I click on freenas (file sharing) It says Unable to access location, Failed to retrive share list from server: Connection timed out
Also trying to connect to my server by smb no longer works. Is that because SMB1 has been disabled

Thanks

 

[anodos]

Ok, I think I have solved my problem now???
I did some reading up on shares in the guide, and then thought to add the xeoma directory as a windows share, I edited the ACL settings to nobody and allowed Guest, and set the ACL option to OPEN.
The said program is running without any error messages now, and has wrote some media files to the xeoma directory, which I have viewed.

In 11.2 xeoma was not added as a share, but /mnt/CCTV was, and xeoma was working fine, but didn't in 11.3.

The only problem I have now is that my linux desktop doesn't retrieve any files when I click on freenas (file sharing) It says Unable to access location, Failed to retrive share list from server: Connection timed out
Also trying to connect to my server by smb no longer works. Is that because SMB1 has been disabled

Thanks

Possibly. There's a GUI checkbox for SMB1 support.

 

[avalon60]

Yes I realised that and enabled SMB1 again and now all is working as it was before the update.
Thanks