TrueNAS-13.0-U1.1 General ACL Question about SMB/Plex/Sonnarr/Radaar/SAB

[Back that NAS up]

Hi everyone,

Sorry but please bare with me. I have user uid 1000 'huser' and guid LocalGroup, which huser is part of. My SMB is setup with Admin Group = LocalGroup, Guest Account = huser.

I can log in on Windows under huser and connect to the share. It works great.

I installed Plex, Sab, Sonarr, Radarr, etc. I setup mounts (which is easy for me to think of as symbolic links) and that's not bad. But what confuses me is the ACLs. Since I have 1 dataset ('MyDataset'), under one vdev named 'vdev01'. So what I dont get is the ACLs between programs.

For instance. I download a video file in Sab, the file is set as owned by Sab. To get plex to see it, after I move it to the media folder from windows SMB, i have to re-run the ACL permissions for plex user, and let its permission rerun recursively.

Ditto with Sonnar and Radarr. Since both of them I want to scan my media, I need to point them to various media sub directories which are all owned by huser/localgroup. I don't understand how their mount points can also own the same paths.

I can solve anyone app, but doing so breaks another. I don't want to run them all in one jail either. Whats the solution? I'm looking in the forest but not seeing the trees. How do you set ACLs with multple users/groups to the same or similar mounts directories?

I'll add, I'm not against running the jails setup manually. I like doing that.

Thanks

 

[anodos]

Hi everyone,

Sorry but please bare with me. I have user uid 1000 'huser' and guid LocalGroup, which huser is part of. My SMB is setup with Admin Group = LocalGroup, Guest Account = huser.

I can log in on Windows under huser and connect to the share. It works great.

I installed Plex, Sab, Sonarr, Radarr, etc. I setup mounts (which is easy for me to think of as symbolic links) and that's not bad. But what confuses me is the ACLs. Since I have 1 dataset ('MyDataset'), under one vdev named 'vdev01'. So what I dont get is the ACLs between programs.

For instance. I download a video file in Sab, the file is set as owned by Sab. To get plex to see it, after I move it to the media folder from windows SMB, i have to re-run the ACL permissions for plex user, and let its permission rerun recursively.

Ditto with Sonnar and Radarr. Since both of them I want to scan my media, I need to point them to various media sub directories which are all owned by huser/localgroup. I don't understand how their mount points can also own the same paths.

I can solve anyone app, but doing so breaks another. I don't want to run them all in one jail either. Whats the solution? I'm looking in the forest but not seeing the trees. How do you set ACLs with multple users/groups to the same or similar mounts directories?

I'll add, I'm not against running the jails setup manually. I like doing that.

Thanks

Moving a file relinks it (assuming it's in the same dataset). This means it's pretty much instantaneous but also means that it doesn't re-inherit the ACL from the parent directory. Windows has the same behavior by default. You can in principle create a single dataset that's an SMB share and also mounted inside all of your jails. Then set an ACL that grants all relevant users access to the dataset (you can have over a hundred ACL entries in a single ACL so you don't face practical limits there).

 

[Back that NAS up]

Moving a file relinks it (assuming it's in the same dataset). This means it's pretty much instantaneous but also means that it doesn't re-inherit the ACL from the parent directory. Windows has the same behavior by default. You can in principle create a single dataset that's an SMB share and also mounted inside all of your jails. Then set an ACL that grants all relevant users access to the dataset (you can have over a hundred ACL entries in a single ACL so you don't face practical limits there).

ok, i didnt realize at all that the right side panel of the ACL was infinite (basically), and the top part, which takes only a single user/group is kind of independent of that. It's back to all working now!