rsync question: wide open permissions, I still can't copy nested folders

[esamett]

I am following the threads on Windows ACL problems and awaiting Cyberjock's monograph on permissions. After apparently fixing permissions and am able to use Windows to move FreeNAS files. I am having trouble getting rsync to work from FreeNAS command line. I hope this issue is sufficiently focused and unique to warrant posting.

I started with volume/vdev with default Windows ACL owned by guest/guest. Guest has Wheel as auxillary group in case guest was restricted. I got a simple folder without subdirectories to rsync by giving full_set permissions to everyone@:

[root@freenas ~]# setfacl -m everyone@:full_set:fd:allow /mnt/video/video-server
/O
[root@freenas ~]# getfacl /mnt/video/video-server/O
# file: /mnt/video/video-server/O
# owner: guest
# group: guest
owner@:rwxpDdaARWcCos:fd----:allow
group@:rwxpDdaARWcCos:fd----:allow
everyone@:rwxpDdaARWcCos:fd----:all
root@freenas ~]# rsync -av /mnt/video/video-server/O/ /mnt/tank1/test
sending incremental file list

sent 470 bytes received 42 bytes 1024.00 bytes/sec
total size is 187145510 speedup is 365518.57
[root@freenas ~]#
​

I don't know why everyone@ has ":all" instead of ":allow" or what the difference is.

Setfacl failed to set subfolder permissions: http://forums.freenas.org/index.php?threads/setfacl-recursive-quick-and-dirty-how.16146/

Using the commands in thread 16146 I got permissions for owner/group/everyone wide open. However, even with full_set permissions for owner/group/everyone rsync fails to copy my files:

[root@freenas ~]# getfacl /mnt/video/video-server/asus/gail
# file: /mnt/video/video-server/asus/gail
# owner: guest
# group: guest
owner@:rwxpDdaARWcCos:fd----:allow
group@:rwxpDdaARWcCos:fd----:allow
everyone@:rwxpDdaARWcCos:fd----:allow
[root@freenas ~]# rsync -a /mnt/video/video-server/asus/gail/ /mnt/tank1/test
rsync: mkstemp "/mnt/tank1/test/.Picture list.doc.xg3CuE" failed: Operation not
permitted (1)
rsync: mkstemp "/mnt/tank1/test/.ameliaspeech.doc.4D8WNj" failed: Operation not
permitted (1)
rsync error: some files/attrs were not transferred (see previous errors) (code 2
3) at main.c(1053) [sender=3.0.9]
Change Permissions
Shell​

I verified that a file also had full_permissions for everyone:

[root@freenas ~]# getfacl /mnt/video/video-server/asus/gail/ameliaspeech.doc
# file: /mnt/video/video-server/asus/gail/ameliaspeech.doc
# owner: guest
# group: guest
owner@:rwxpDdaARWcCos:------:allow
group@:rwxpDdaARWcCos:------:allow
everyone@:rwxpDdaARWcCos:------:allow
[root@freenas ~]#​

 

[anodos]

What version of FreeNAS are you using? Since version 9.2.1.6 CIFS share configs have a check box to sanitize permissions. I remend doing that and starting over again. This time set permissions through explorer on a windows workstation.

By the way, you don't want guest users to be members of 'wheel'.

 

[panz]

Problem with authentication?

 

[esamett]

Hello:
9.2.1.7
I used volume/dataset set Windows ACL, then share with sane permissions
then I used attrib from windows and still no joy. I can remove guest/wheel association.

rsync worked with simple folder once I opened up permissions for everyone@. rsync fails with nested folders, even when permissions are wide open.

I am investigating using "find" with rsync. Would any of these work?:

find /src/dir/ -type f -printf %P\\0 \ | rsync --files-from=- --from0 /src/dir/ /dst/dir/

find /path -file -exec rsync {} destination \;
​

Being NOOB I would appreciate a real life example such as: /mnt/source/ and /mnt/destination/

Thanks,

evan

 

[anodos]

Doesn't piping the output of 'find' into rsync defeat the purpose of rsync? (i.e. keeping two folders synchronized.)

What are you trying to run rsync between? Local and remote server? Two local directories? Server and USB drive?

 

[esamett]

Thank you. I am upgrading and enlarging my NAS and need to move about 14TB around. I want to use rsync to allow me to do this internal to the NAS rather than via Windows and my network for speed and ECC ram safety.

Original configuration:
10x2 Z2 array "video" with dataset: "video-server."
3x4 Z1 array "windowsbackup" with dataset: "windowsbackup"

I added 4x2TB drives to create: "transfer2/windowsbackup." I cut/pasted data from "windowsbackup/windowsbackup" to "transfer2/windowsbackup" and then destroyed "windowsbackup." I added 8x4TB drives and created "tank1:"
10x2 Z2 array "video"
4x2 Z1 array "transfer2"
11x4 Z3 array "tank1"

I want to move data from "video" to "tank1"
I want to merge data from "transfer2" with data transferred to "tank1"
When empty of data I will destroy "transfer2" and "video" and create:
11x2 Z3 array "tank2"
The three unused drives will be returned to where I borrowed them, yielding:
11x4 Z3 array "tank1"
11x2 Z3 array "tank2"

In the end after all data is where it belongs:
tank1/video-server/
tank2/windows-backup/

 

[anodos]

If you just need to move some folders use 'cp -Rp' -R makes the copy recursive (copies all sub folders) -p preserves time stamps. It will be much faster than rsync. Do yourself a favor and do the commands via putty/ssh/tmux.

 

[esamett]

unfortunately cp does not "merge" folders like windows does. I am using the command line from direct connection

I just blew up my CIFS by deleting "wheel" from my users. now I am in a pickle!

 

[anodos]

unfortunately cp does not "merge" folders like windows does. I am using the command line from direct connection

I just blew up my CIFS by deleting "wheel" from my users. now I am in a pickle!

Run 'testparm' from the command line and post the output. Don't do anything hasty. Describe the problem in more detail.

Did you use the GUI to remove guest users from the group 'wheel' or did you somehow delete the group 'wheel'?

 

[esamett]

Will do. I am away from my desk and working from memory. Forgive me.

I removed wheel from the bottom of the guest user setup screen - secondary association, or something. I had added wheel to guest to try to get permissions working but was advised to remove it.

Following various postings on CIFS problems I tried removing some system files related to samba without effect. The "/var/" deletion went through, the others did not. The protocol posted on bug tracker failed when I tried to delete. When I searched for samba files they were found on all three volumes. I was unable to remove per instructions - error messages.

In the mean time I saved my configuration and did a fresh install 9.2.1.7. I am trying to add an extra drive for a dummy volume "/mnt/helpme" that I will try to point system files to to get my share back. "Dad, I can't access the server!" I took a old drive from a MacBook which gave ZFS volume manager indigestion - weird error message posted to bug tracker. I am wiping the drive using a Seagate utility now and will try again.

My thought is that FreeNAS may not be liking what I am doing to my volume permissions. Perhaps it would help if I recreated my new volume (tank1) and leave the volume permissions alone or 777. Then I would only use Windows ACL on datasets. This might protect system files on the drive that I may be corrupting.

Thank you again,

evan

 

[anodos]

I removed wheel from the bottom of the guest user setup screen - secondary association, or something. I had added wheel to guest to try to get permissions working but was advised to remove it.

The user and group ownership of the dataset you are sharing via CIFS should be set to that of the user account that you will use to access the share as admin. For instance, your admin user is Bob and he is a member of the group "Server Admins" then you should set the dataset's permissions (via 'storage' -> 'volumes' -> 'view volumes' -> 'change permissions') so that the dataset "owner (User)" = Bob and "owner (Group)" = Server Admins. Permissions type should be "Windows / Mac ACL". Then create a share. Once the share is created, open the file manager on your windows machine and navigate to \\[SERVER_HOSTNAME]. Right-click on your share and add your guest user account and set desired permissions.

Following various postings on CIFS problems I tried removing some system files related to samba without effect. The "/var/" deletion went through, the others did not. The protocol posted on bug tracker failed when I tried to delete. When I searched for samba files they were found on all three volumes. I was unable to remove per instructions - error messages.

Do not delete system files related to samba. Those old posts are workarounds for bugs that have been fixed in the latest version of FreeNAS. Deleting system files is a good way of breaking your FreeNAS install.

My thought is that FreeNAS may not be liking what I am doing to my volume permissions. Perhaps it would help if I recreated my new volume (tank1) and leave the volume permissions alone or 777. Then I would only use Windows ACL on datasets.

Your thought is correct. Do not touch permissions on your main volume. Use datasets for shares.

 

[esamett]

Thank you andos. To confirm:

1. I leave main volume as user: root, group: wheel. I can make it 777 if I wish without harm.
2. dataset will be windows acl with user: guest, group: guest. All manipulations on permissions will be on dataset level and deeper only.
3. I can redirect FreeNAS to put system information on new main volume and CIFS should be OK.

4. I looked up cp. Do I want to use cp -RLp or cp -Rp?

regards,

evan

 

[esamett]

I installed new volume "helpme" and transferred system dataset to it. There was an error message when I created volume. Cifs still wont start.
testparm:

Code:

Create ZFS Dataset
Shell
[root@freenas ~]# testparm
Load smb config files from /usr/local/etc/smb4.conf
max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
WARNING: The "null passwords" option is deprecated
Processing section "[admin]"
Processing section "[tank1]"
Processing section "[tank1test]"
Processing section "[transfer2windowsbackup]"
Processing section "[video]"
Loaded services file OK.
WARNING: lock directory /var/db/samba4 should have permissions 0755 for browsing
to work
WARNING: state directory /var/db/samba4 should have permissions 0755 for browsin
g to work
WARNING: cache directory /var/db/samba4 should have permissions 0755 for browsin
g to work
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions 

I am going to play with the volumes again and see if anything works.

 

[anodos]

You should chmod 0755 /var/db/samba4

 

[esamett]

I have (provisional) success another way:
I moved system dataset to "helpme."
I exported all volumes and destroyed "helpme."
I recreated "helpme" and moved system dataset to "helpme."
At this point CIFS started and I imported my other volumes again. It seems to be working.

Next step is to move data around. destroy/recreate volumes without problems.

Thanks. Advice is always appreciated,

evan

 

[esamett]

I tried cp -Rp /mnt/tank/video-server/ /mnt/transfer2/video-server/
I got many "not permitted errors." Both datasets have Dad/Dad as user/group, Windows ACL set recursively.

I am definitely missing an important element.

Thanks,

evan

 

[panz]

You're doing such a big mess that it's impossible to follow your path on a test machine :)

Keep it simple and do less "manual" work, if you can: FreeNAS is an appliance; it's intended for GUI use at 99%.

On a FRESH install, the first thing I do is create a group, let's name it INTRANET.

Then I create a user, same username of my Windows machine: let's call it "panz". THE PASSWORD FOR THIS USER MUST BE THE SAME OF YOUR WINDOWS USER OR IT WILL NOT WORK!

Then, the datasets. The dataset is "archive" and its permissions are user panz group:INTRANET and (when created) the permission type is Windows ACL. STOP! No other actions are required.

Go to CIFS sharing and create a share "archive", point to the "archive" dataset and start the CIFS Service. As simple as that. If you need to Rsync, do it from the GUI.

 

[Knowltey]

What version of FreeNAS are you using? Since version 9.2.1.6 CIFS share configs have a check box to sanitize permissions.

Quick question directed at you anodos. What exactly does that option do, I've been a tad hesitant to touch it since I'm not sure exactly what it'l do or possibly, break. Although it would be nice to start over as I do indeed have some screwy permission areas going on.

 

[esamett]

All help appreciated. I set up Volume similar to your suggestion, except that I have no password for windows or the share. Windows Explorer cut/paste is working. cp and rsync from CLI is not. I have not tried RSYNC from GUI. Can I use it to transfer and/or merge from one volume to another?
Eg:
/mnt/foo/bar/
to:
/mnt/foo2/bar/

Thanks,
evan

 

[anodos]

All help appreciated. I set up Volume similar to your suggestion, except that I have no password for windows or the share. Windows Explorer cut/paste is working. cp and rsync from CLI is not. I have not tried RSYNC from GUI. Can I use it to transfer and/or merge from one volume to another?
Eg:
/mnt/foo/bar/
to:
/mnt/foo2/bar/

Thanks,
evan

Technically, using windows explorer is the easiest and most reliable way to move data between shares, especially if you want to ensure that your permissions, time stamps, etc won't get messed up. Considering the problems you are having using cp, you should probably stick to using Windows Explorer.