Templates for SMB share configurations

[anodos]

In 12.0 we're trying to make fine-tuned SMB shares easier to set up by having configuration templates (Share purpose). The idea is to take commonly-used parameter combinations (including auxiliary parameters), wrap them up, and make them easier to use and deploy for all users.

I placed a few basic ones into middleware / GUI, but let me know if you think anything should be added or would be helpful.

The reason for doing this is to make it easier for people to configure shares the way they want (and maybe give options that they hadn't considered), and also make it easier regression test commonly-used configurations on our side.

 

[SweetAndLow]

I would really like for there to be a config or at least setting that works for when you need to have Unix dataset shared out with smb. For example when using a windows dataset you have to use acl's but if you need that dataset in a jail that runs a service that will chmod files you have issues. So you need to use a Unix dataset to make that work.

Maybe this already exists but it's not simple for users to know they can do it.

 

[anodos]

I would really like for there to be a config or at least setting that works for when you need to have Unix dataset shared out with smb. For example when using a windows dataset you have to use acl's but if you need that dataset in a jail that runs a service that will chmod files you have issues. So you need to use a Unix dataset to make that work.

Maybe this already exists but it's not simple for users to know they can do it.

Right, the confusion with Unix / Windows datasets is something that we hope to avoid. If you anticipate lots of local file access as well as possibly over NFSv3, then you can select the Multiprotocol (NFSv3 / SMB) preset. This will disable ACL support, which reminds me that I need to make a GUI ticket to prompt to strip ACLs from datasets if this option is selected.

The NFSv3 / SMB preset basically disables ACL support, oplock support, turns on strict locking, etc. SMB clients no longer see our shares as being located on filesystems that support ACLs, an the Windows ACL manager is likewise disabled. Performance may take a hit due to lack of client-side caching, but this is basically the best we can do to make this work reliably since we don't have kernel oplock support in FreeBSD.

 

[Phil1295]

@anodos

Is there an option I am missing to add my custom ACL templates/presets instead of the 3 default OPEN/HOME/RESTRICTED ?
That would be really valuable instead of having to configure each dataset by entering every time each ACL permission I want

Thank you for the feedback

 

[anodos]

@anodos

Is there an option I am missing to add my custom ACL templates/presets instead of the 3 default OPEN/HOME/RESTRICTED ?
That would be really valuable instead of having to configure each dataset by entering every time each ACL permission I want

Thank you for the feedback

I just added to master in SCALE. Currently none in 12.

 

[Phil1295]

I just added to master in SCALE. Currently none in 12.

Will it be ported to 12?

 

[morganL]

Will it be ported to 12?

General approach is to add new innovations to SCALE, fix any bugs, get feedback and either improve or leave as-is.
Once we are comfortable that users like it, we make a decision on whether porting back to CORE is easy t do without disrupting users. In this case, it would be CORE 13.
SCALE has the advantage of a much smaller user base, so we can make changes without disrupting as many existing users as much.

 

[Phil1295]

Once we are comfortable that users like it, we make a decision on whether porting back to CORE is easy t do without disrupting users. In this case, it would be CORE 13.

I understand, thank you. At least I know it could once come.

However, since it is a custom template manually created by a user, it shouldn't impact existing users that much in my opinion.

Is it possible currently to apply acls in a shell, using a script, and that they reflect in gui?

 

[morganL]

Is it possible currently to apply acls in a shell, using a script, and that they reflect in gui?

You can use a shell/script to change the individual file ACLs, but I don't think it is reflected in the TrueNAS webUI or middleware. Others may be able to confirm.

 

[Phil1295]

Th

You can use a shell/script to change the individual file ACLs, but I don't think it is reflected in the TrueNAS webUI or middleware. Others may be able to confirm.

Thanks, i will wait and hope for a port
Best regards

 

[anodos]

You can use a shell/script to change the individual file ACLs, but I don't think it is reflected in the TrueNAS webUI or middleware. Others may be able to confirm.

Middleware wraps around OS APIs for managing ACLs. CLI changes will be visible. The issue is with being able to store custom ACL templates (for convenience). In principal, backporting the backend changes is simple, webui will probably not be as much. @Phil1295 if you file a suggesting in our Jira instance, it will allow people to discuss merits of backporting to Core.