SMB Shares: Assign rights retrospectively (chronologically).

S

saveZFS

Explorer
Joined
Jan 6, 2022
Messages
87
I've been running my VM storage on TrueNAS for a few months and have been busy creating snapshots.
I set up the SMB share much later. :(
If I now want to reset the data via Windows with 'Shadow Copy', then this is only possible from the creation of the SMB share.
Is there perhaps a way to add the rights for the SMB share in the older snapshots?
 
S

saveZFS

Explorer
Joined
Jan 6, 2022
Messages
87
anodos said:
Snapshots are read-only.
Click to expand...
OK, so there is no way to use the Windows Shadow Copy with old snapshots, when the authorized user is later added to the SMB-Share?

Let's make a example:
2022-03-20: Set a new Dataset
2022-03-21: Set SMB permission for: User1 and User2
2022-03-22: Take Snapshot1
2022-03-23: Copy Snapshot1 to another folder using Windows Shadow Copy (using User1)
2022-03-24: Set SMB permission for: User3
2022-03-25: Copy Snapshot1 to another folder using Windows Shadow Copy (using User3)

So the last step (2022-03-25) won't work, but is there no way to fix it for windows shadow copy?

Sure, I can clone the dataset, share it in a new SMB-Share and then delete the clone.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
You can make the user a member of a group that had access to the data at the time that the data was written.

The way shadow copies work is that the SMB client issues an FSCTL to get shadow copy data for a given path. The SMB server converts this FSCTL into a libzfs request to get a ZFS dataset handle for the dataset underlying the path and enumerate snapshots of that dataset. This info is used to generate the FSCTL response to the client (basically a list of timestamps for previous versions of the path). Then the client makes a request to open the path at a specific timestamp. This path with a timestamp is then converted into a path within a specific snapshot `.zfs/snapshot` directory and the operation performed against the aforementioned path. This data is read-only and cannot be altered (including the file's ACL).
 
S

saveZFS

Explorer
Joined
Jan 6, 2022
Messages
87
anodos said:
You can make the user a member of a group that had access to the data at the time that the data was written.
Click to expand...
Thank you for your great explanation!
So if I only used one user in the ACL like this, then now I can't enter a new user, because I have no group to add the user?
acl.JPG


So it will be much better for the future to work with groups in ACL than with single or multiple users? ;)
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
saveZFS said:
Thank you for your great explanation!
So if I only used one user in the ACL like this, then now I can't enter a new user, because I have no group to add the user?

So it will be much better for the future to work with groups in ACL than with single or multiple users? ;)
Click to expand...

Yes, in general it's best practice to manage access via groups (same applies in case of Windows).
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "SMB Shares: Assign rights retrospectively (chronologically)."

Similar threads

S
Issues with "Previous Versions" on SMB share
Replies
0
Views
580
sleeper52
S
malventano
202004100424 build: Shadow Copy mapping broken + share/SMB/add advanced fields issue
Replies
5
Views
1K
malventano
malventano
S
SOLVED "Enable shadow copies" after 11.2-U7 to 11.3 upgrade
Replies
2
Views
1K
seanm
S
J
Users and permission - cant access data
Replies
0
Views
813
jackydany
J
F
TrueNAS Shadow Copy works intermittently
2
Replies
35
Views
7K
seanm
S
Top