SMB Permission Issues on macOS Ventura

JoeHöpfner · Mar 23, 2023

Hello,

I have updated my old server from FreeNas 11.2-U6 to TrueNas 13.0-U4. This was also allowed to have updated Samba, the latest version is:

Version 4.15.13 and SMB 3.1.1.

I'm running Mac Ventura 13.2.1, since the update I'm having permission problems with Adobe programs directly on the TrueNas server. InDeisgn file can no longer be saved or deleted. Export PDF is no longer possible, etc....

I have seen that Adobe creates a lot of lock files and leaves them on the server:

.dat.nosync06XXXXXXX

Before I did the update, everything was still working.

I tried to tell the server to use SMB version 2.1, but it didn't work either:

nsmb.conf in /Users/username/Library/Preferences/

[default]
protocol_vers_map=2

or

[default]
smb_neg=smb2_only
protocol_vers_map=2

I reset the ACLs on the shared volume, but that didn't help either.

Does anyone know what else I can do? I think downgrading the server is no longer possible.

Thx.

Joe

Johnny Fartpants · Mar 23, 2023

Have you tried to delete the share config and recreate using the new defaults?

JoeHöpfner · Mar 23, 2023

Hi Johnny thx, no I have not tried that yet. Where and how can I find or delete the share config?

JoeHöpfner · Mar 23, 2023

or do you mean nsmb.conf? On my Ventura OS there was no nsmb.conf this file I created myself and then restarted, that's it :)

Johnny Fartpants · Mar 23, 2023

I mean the sharing config in TrueNAS. Simply go to sharing and delete your existing SMB share and recreate leaving all defaults and give that a try.

JoeHöpfner · Mar 23, 2023

ok I see, no I haven't done that yet. The only thing I have done under sharing > windows shares (SMB) is Edit FileSystem ACL and then Apply Group (recursively), but unfortunately that did not work.

JoeHöpfner · Mar 24, 2023

ok, so far I have tried the solution with the nsmb.conf, I have tried this extended version and it seems to work fine:

https://gist.githubusercontent.com/jbfriedrich/49b186473486ac72c4fe194af01288be/raw/8bbcc324e425c5a04ea133677a949ce116f61ffd/nsmb.conf

But I don't like it because every user has to copy it. I will try the server-side solution (delete the share config and recreate).
In the middle of next week, I will report about it :)

JoeHöpfner · Mar 30, 2023

Hello Johnny, we have removed the options "vfs objects = zfs_space zfsacl streams_xattr" and let TrueNas re-apply them on save. Then we set the ACL's again and now it seems to work at first sight.
Many thanks for the tip.

Johnny Fartpants · Mar 30, 2023

Good to hear, thanks for the feedback.

JoeHöpfner · May 9, 2023

Hello,

we have now the problem that new files, which are created on the server, do not automatically receive the correct permissions. For example, if I create a new file from an existing Indesign file with "Save it as...", and then I duplicate it in Mac using "Command + D", then this copy only receives the write permissions, the file is copied correctly, but the permissions are unfortunately not automatically written to the end, see screenshot:

How can I set TrueNas so that the rights are automatically assigned for future new files? The flags under Edit ACL are defined as Inherit for Owner, Group and Everyone.

At the moment I solve the problem manually by overwriting the rights in Truenas 13.0-U4 with

Edit "Filesystem ACL" under Sharing > Windows Shares (SMB) with Apply Group, with Apply permissions recursively,

then everything is fine until a new file is created on the server:

Does anyone here have a tip on how I can solve the problem permanently?

Johnny Fartpants · May 9, 2023

I normally leave the owner as root and group as wheel and set permissions via ACEs. You could try that on another dataset and share and see if you get the same behaviour perhaps?

JoeHöpfner · May 11, 2023

ok, thank you very much i will try it in the next days on a share, i will report about it ...

JoeHöpfner · Jun 28, 2023

ok, here I am again. I tried with owner -> root and group -> wheel, but unfortunately it didn't work.

The problem always occurs when a new file is created directly on the server and then duplicated with Cmd + D. The duplicated file then only has write access and can no longer be renamed or deleted.

Johnny Fartpants · Jun 28, 2023

Have you left the owner@ and group@ ACEs?

JoeHöpfner · Jun 29, 2023

Johnny Fartpants said:
Have you left the owner@ and group@ ACEs?

for owner@ and group@, it looks like this so far:

Johnny Fartpants · Jun 29, 2023

Lose the the owner@ and group@ and see if that’s any better.

I assume the hidden group is the name of the group you created on TrueNAS or AD?

JoeHöpfner · Jun 29, 2023

Johnny Fartpants said:
Lose the the owner@ and group@ and see if that’s any better.

I assume the hidden group is the name of the group you created on TrueNAS or AD?

exactly the hidden group comes from the AD. I will delete the owner@ and group@ and test them. I will report back... thx :)

JoeHöpfner · Jun 29, 2023

ok, I deleted owner@ and group@, then all files had no rights, see screen. In the meantime I think it is the OS, I work with Mac Ventura and everything works for me, other colleagues work with Catalina and there the problems appear.

Johnny Fartpants · Jun 29, 2023

Once you have made that change you will need to restamp permissions. Tick the box 'Apply permissions recursively'.

JoeHöpfner · Jun 29, 2023

Johnny Fartpants said:
Once you have made that change you will need to restamp permissions. Tick the box 'Apply permissions recursively'.

exactly, that's what I always do, I tick the box "Apply permissions recursively "I confirm this and then click on SAVE.

Important Announcement for the TrueNAS Community.

SMB Permission Issues on macOS Ventura

Dabbler

Guru

Dabbler

Dabbler

Guru

Dabbler

Dabbler

Dabbler

Guru

Dabbler

Guru

Dabbler

Dabbler

Guru

Dabbler

Guru

Dabbler

Dabbler

Guru

Dabbler

Similar threads