Hi,
I upgraded to TrueNAS 12.0-U1.1 and by following several tutorials, I'm trying to play with ACLs in order to tune a minimum the shares.
Here is my problem: Let's simplify it with "common" words :)
We have the group Parents and the group Kids. Parent1 and Parent2 are part of the group Parents and Kid1 / Kid 2 are part of the group Kids.
Each kid has its own share with:
Why the group is Parents? To be able to create file and monitor the content of their share.
And also avoid that Kid 2 is able to access the share of Kid 1.
The dataset is created with Share Type: Generic and I applied the classic Unix rights: 770 (everyone should not have any access to these personal shares).
Then I created the "Edit Permissions" with "USE ACL MANAGER". I chose the preset RESTRICTED.
I checked Apply User, Apply Group, Apply Permissions Recursively and Traverse.
I have the following ACL:
getfacl is correct on the dataset:
When I'm connected as Parent 1 and Parent 2, I can create a file, change its content and delete it. Parent 1 can do whatever he wants on either Parent 1 or Parent 2 files / folders. And vice-versa.
But... Kid 1 is able to connect and to do the same things but... He is unable to see the files / folders from Parent 1 and Parent 2.
Why ?
I tried to an ACE with user / Kid 1 / Allow / Basic / Full Control / Basic / Inherit
And getfacl is updated as is:
But even with this, he is not possible to see the files from Parent 1 or Parent 2.
What am I missing?
Thanks a lot for the help.
I upgraded to TrueNAS 12.0-U1.1 and by following several tutorials, I'm trying to play with ACLs in order to tune a minimum the shares.
Here is my problem: Let's simplify it with "common" words :)
We have the group Parents and the group Kids. Parent1 and Parent2 are part of the group Parents and Kid1 / Kid 2 are part of the group Kids.
Each kid has its own share with:
Owner: Kid 1 (rwx)
Group: Parents (rwx)
Why the group is Parents? To be able to create file and monitor the content of their share.
And also avoid that Kid 2 is able to access the share of Kid 1.
The dataset is created with Share Type: Generic and I applied the classic Unix rights: 770 (everyone should not have any access to these personal shares).
Then I created the "Edit Permissions" with "USE ACL MANAGER". I chose the preset RESTRICTED.
I checked Apply User, Apply Group, Apply Permissions Recursively and Traverse.
I have the following ACL:
owner@ / Allow / Basic / Full Control / Basic / Inherit
group@ / Allow / Basic / Full Control / Basic / Inherit
getfacl is correct on the dataset:
# file: Test for Sharing
# owner: Kid 1
# group: Parents
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow
When I'm connected as Parent 1 and Parent 2, I can create a file, change its content and delete it. Parent 1 can do whatever he wants on either Parent 1 or Parent 2 files / folders. And vice-versa.
But... Kid 1 is able to connect and to do the same things but... He is unable to see the files / folders from Parent 1 and Parent 2.
Why ?
I tried to an ACE with user / Kid 1 / Allow / Basic / Full Control / Basic / Inherit
And getfacl is updated as is:
# file: Test for Sharing
# owner: Kid 1
# group: Parents
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
user:Kid 1:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow
But even with this, he is not possible to see the files from Parent 1 or Parent 2.
What am I missing?
Thanks a lot for the help.