Chris Dill
Contributor
- Joined
- Jan 1, 2014
- Messages
- 116
I run a Windows domain, and over the years my storage permissions have gotten JACKED. They work, but every directory is its own form of nasty. Can someone point me to, or write up a comprehensive guide on Windows and Unix Permissions? Consider the following scenario:
Fresh Install of 11.X
One Volume, One Pool
On the pool, there are several windows shares
These shares need to be accessible and mappable by all domain users, once authenticated
These shares need to be used by multiple plugin/jails
Plex, Transmission, Sonarr, Etc
Basically, what are the initial settings once AD is integrated and the Pool is setup? Then, what commands have to be run to fix permissions to allow plugins to do things? Then, what permissions inside of jails need to be handed out?
This is my root:
I believe recursive was done initially. I think on older Freenas, I saw my domain accounts under Users, but now just:
These are commands that I run very often:
find . -type d -exec setfacl -m everyone@:full_set:fd:allow {} \;
find . -type f -exec setfacl -m everyone@:full_set::allow {} \;
find directory/ | setfacl -b
So basically, when permissions screw up I run the above commands in the root, then I log into jail and chown recursively, then log out and run those commands again, then reboot- it typically fixes everything.
The entire server is LAN, so open permissions are fine. And everyone in the domain is trusted, so everyone is good there as well.
I am not necessarily looking for someone to fix what I have, but rather looking for a start to finish permissions setup for vol, pool, share, and plugin management. Can anyone help?
Fresh Install of 11.X
One Volume, One Pool
On the pool, there are several windows shares
These shares need to be accessible and mappable by all domain users, once authenticated
These shares need to be used by multiple plugin/jails
Plex, Transmission, Sonarr, Etc
Basically, what are the initial settings once AD is integrated and the Pool is setup? Then, what commands have to be run to fix permissions to allow plugins to do things? Then, what permissions inside of jails need to be handed out?
This is my root:
I believe recursive was done initially. I think on older Freenas, I saw my domain accounts under Users, but now just:
These are commands that I run very often:
find . -type d -exec setfacl -m everyone@:full_set:fd:allow {} \;
find . -type f -exec setfacl -m everyone@:full_set::allow {} \;
find directory/ | setfacl -b
So basically, when permissions screw up I run the above commands in the root, then I log into jail and chown recursively, then log out and run those commands again, then reboot- it typically fixes everything.
The entire server is LAN, so open permissions are fine. And everyone in the domain is trusted, so everyone is good there as well.
I am not necessarily looking for someone to fix what I have, but rather looking for a start to finish permissions setup for vol, pool, share, and plugin management. Can anyone help?
