SMB share with creator owner - user not added to acl

His.Dudeness

Dabbler
Joined
May 14, 2019
Messages
15
Hi,

I’ve got some issues with smb shares and NTFS advanced permissions.
I’ve noticed that if I set the “CREATOR OWNER” to FullAccess on a folder and give a user read permissions and the right to add a folder "add folders / append data"
the user is allowed to create a new folder but his account is not added to the NTFS access control list.

If the CREATOR OWNER has full access on a folder and a user creates a subfolder the behavior should be:

- User becomes owner of the new folder
- User is added to the ntfs permissions ACL, also with full access

At least this is how a Windows file server behaves.

Unfortunately, FreeNAS sets the user as owner but does not add him to the ACL. In the end the user is the owner of his newly created folder but has no access rights.

I already tried to change nfs4:mode to simple, but it does not help..

Any ideas?
Michael

- FreeNAS Version 11.2 U6
- Windows 10 Client
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,543
You have to clear the winbindd cache after the changing nfs4:mode. service samba_server stop, net cache flush, rm /var/db/samba4/winbindd_cache.tdb, service samba_server start.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,543
No problem. This is a subtle nuance to how caching works in samba. Now that you're switching to nfs4:mode=simple, you _must_ use it on _all_ shares. Otherwise, you can end up with cache inconsistencies for lookups of CREATOR-OWNER, and CREATOR-GROUP.
 

His.Dudeness

Dabbler
Joined
May 14, 2019
Messages
15
No problem. This is a subtle nuance to how caching works in samba. Now that you're switching to nfs4:mode=simple, you _must_ use it on _all_ shares. Otherwise, you can end up with cache inconsistencies for lookups of CREATOR-OWNER, and CREATOR-GROUP.

Hi Anodos,

Still got a question: I changed the nfs4:mode parameter in my "/etc/local/smb4.conf" to "simple" at each share but that doen't seem to be persistent, because after a reboot I is set to "special" again.
When I add "nfs4:mode = simple" to the auxiliary parameters of my share in the web UI, the corresponding line in the smb4.conf does not change.

So what is the proper way to configure this setting? :)

kind regards
Michael

Edit: I see the smb4.conf DOES change, but there is a new line added at the end instead of changing the existing one.

[Shares]
path = "/mnt/Pool01/DS_Shares"
printable = no
aio write size = 0
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = no
access based share enum = no
vfs objects = zfs_space zfsacl streams_xattr
hide dot files = yes
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
nfs4:mode = simple

I can remove the "nfs4:mode = special" line, but after a reboot it comes back.
 
Last edited:

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,543
Hi Anodos,

Still got a question: I changed the nfs4:mode parameter in my "/etc/local/smb4.conf" to "simple" at each share but that doen't seem to be persistent, because after a reboot I is set to "special" again.
When I add "nfs4:mode = simple" to the auxiliary parameters of my share in the web UI, the corresponding line in the smb4.conf does not change.

So what is the proper way to configure this setting? :)

kind regards
Michael

Edit: I see the smb4.conf DOES change, but there is a new line added at the end instead of changing the existing one.

[Shares]
path = "/mnt/Pool01/DS_Shares"
printable = no
aio write size = 0
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = no
access based share enum = no
vfs objects = zfs_space zfsacl streams_xattr
hide dot files = yes
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
nfs4:mode = simple

I can remove the "nfs4:mode = special" line, but after a reboot it comes back.
Samba only interprets the last `nfs4:mode` entry. 11.3 will generate the smb.conf in a different way and not have two entries in this case (as well as default to nfs4:mode=simple).
 
Top