Problem with permission

DonCorleone · Jul 23, 2019

Hello, I have a problem with disk permissions. I have created users and groups. Each dataset has a designated group with permissions. However, something has started to go wrong for some time. The user x in the group with read / write rights to the given folder opens the document for read only. Nothing has changed in what can be a problem?

anodos · Jul 24, 2019

You should investigate the permissions on the file. (getfacl /mnt/<pool>/<dataset>/<file>) and compare them with the user you've actually authenticated as (smbstatus).

DonCorleone · Jul 25, 2019

Code:

# file: /mnt/DaneVolume/Foto2
# owner: radek
# group: Radek
            owner@:rwxpDdaARWcCos:fdi----:allow
            group@:rwxpDdaARWcCos:fdi----:allow
         everyone@:r-x---a-R-c---:fdi----:allow
            owner@:rwxp--aARWcCos:-------:allow
            group@:rwxp--a-R-c--s:-------:allow
         everyone@:------a-R-c--s:-------:allow
root@EF[~]# getfacl /mnt/DaneVolume/Foto2/werwer.txt
# file: /mnt/DaneVolume/Foto2/werwer.txt
# owner: radek
# group: Radek
            owner@:rwxp--aARWcCos:-------:allow
            group@:rwxp--a-R-c--s:-------:allow
         everyone@:------a-R-c--s:-------:allow
root@EF[~]# getfacl /mnt/DaneVolume/Foto/Magazyn
# file: /mnt/DaneVolume/Foto/Magazyn
# owner: root
# group: Magazyn
            owner@:rwxpDdaARWcCos:fdi---I:allow
            group@:rwxpDdaARWcCos:fdi---I:allow
         everyone@:r-x---a-R-c---:fdi---I:allow
            owner@:rwxp--aARWcCos:-------:allow
            group@:rwxp--a-R-c--s:-------:allow
         everyone@:------a-R-c--s:-------:allow
root@EF[~]# getfacl /mnt/DaneVolume/Foto/Magazyn/MiejscaMagazynowe.xlsx
# file: /mnt/DaneVolume/Foto/Magazyn/MiejscaMagazynowe.xlsx
# owner: root
# group: Magazyn
            owner@:rwxp--aARWcCos:-------:allow
            group@:rwxp--a-R-c--s:-------:allow
         everyone@:------a-R-c--s:-------:allow

radek user is in the Magazyn group and the file is read-only..

anodos · Jul 26, 2019

Depending on how you plan to use this share, the following may be appropriate:

Code:

setfacl -b /mnt/DaneVolume/Foto2,/mnt/DaneVolume/Foto/Magazyn
setfacl -m owner@:full_set:fd:allow,group@:full_set:fd:allow,everyone@::fd:allow /mnt/DaneVolume/Foto2,/mnt/DaneVolume/Foto/Magazyn
setfacl -a 0 g:Radek:modify_set:fd:allow /mnt/DaneVolume/Foto2
setfacl -a 0 g:Magazyn:modify_set:fd:allow /mnt/DaneVolume/Foto/Magazyn
winacl -a clone -rv -p  /mnt/DaneVolume/Foto2
winacl -a clone -rv -p /mnt/DaneVolume/Foto/Magazyn

This will add an explicit ACL entry granting the relevant groups "modify" permissions on the datasets you showed above. 11.3 will make this easier by having a GUI-based ACL editor.

Important Announcement for the TrueNAS Community.

Problem with permission

DonCorleone

Cadet

anodos

Sambassador

DonCorleone

Cadet

anodos

Sambassador

Similar threads