TrueNas dataset creation understanding

[Wouterplop]

Hello,

I want to create 1 dataset with many child dataset but for some instance i keep getting errors when creating these child datasets.

When i create a new child dataset and enable smb then there wil be 4 users and group created on start.
1. owner@ - root
2. group@ - root
3. Group - builtin_users
4. Group - builtin_administrators

now what I don't understand or can figure out is why would i want to use the 1 and why use 2

I just change them to admin because i dont want to use root and i delete 3 and 4 becausel i want to ad just users or a group.
but for some reason i keep getting the error that when i create a child dataset after this one that i don't have permission to make this group.
can someone explain me why not? I would need to have persmission 1 dataset up to create the dataset. where or how would I do this without adding the group back to the upper data set.

I just want to have dataset users with user w_vanzijl to have a share on smb and not the parent folder. Or do I need to make parent forlder users back to a unix permission?

This is only for NFSv4 permissions and not for unix ofcourse. With unix i can create what I want.

Picture added.

 

[Johnny Fartpants]

I don't use SCALE much but I have just created your scenario and got the same result (error) so perhaps it's a bug. I seem to be able to get around it *IF* when I create my sub-dataset I say share type is 'Generic' and not SMB. Make sure you change the Case Sensitively to 'insensitive' as that seems to be the only difference and then after that go into permissions and set ACL.

 

[anodos]

The error message states exactly what the problem is. Users need ability to traverse to the path. If these are all NFSv4 ACL type there's even a TRAVERSE option in ACL editor. You need to grant this for your users / groups for _all_ path components leading to the share.

 

[Wouterplop]

Thanks for youre reply!!! but do you also have the NFSv4 permission or POSIX permissions?
For me the NFSv4 keeps requisting builtin_users and builtin_administrators.

 

[Wouterplop]

Thanks for answering! I am trying to understand the logic behind this. My brain works different.
What i want is to have my child dataset to have permissions for that user and not the parent dataset.
Is that even possible?

Wouter (admin)
wouter pool/ds1/work/users samba share wouter

User1 pool/ds1/work/users/user1 samba share user1
They just need there folder and not any other folder above to see or know

Is this what you mean with traverse?

Regards,

Wouter

 

[anodos]

Thanks for youre reply!!! but do you also have the NFSv4 permission or POSIX permissions?
For me the NFSv4 keeps requisting builtin_users and builtin_administrators.

You're trying to grant a group `builtin_users` access to a path where you have explicitly removed their access in a parent directory. You need to go back and grant some form of EXECUTE permissions on the path specified in the error message. This can either be through the TRAVERSE permissions preset or simply granting EXECUTE for the group, or EXECUTE to "other" in case of conventional POSIX permissions. These are all the same. EXECUTE is EXECUTE regardless of ACL type (or even if no ACL is set).

 

[anodos]

In all Unixes the EXECUTE bit on directories controls ability to chdir through it.

 

[Wouterplop]

You're trying to grant a group `builtin_users` access to a path where you have explicitly removed their access in a parent directory. You need to go back and grant some form of EXECUTE permissions on the path specified in the error message. This can either be through the TRAVERSE permissions preset or simply granting EXECUTE for the group, or EXECUTE to "other" in case of conventional POSIX permissions. These are all the same. EXECUTE is EXECUTE regardless of ACL type (or even if no ACL is set).

but do understand that when creating a new dataset and turn on smb share type this error comes on! I a did not put these 2 at the parent dataset. They are created at default. Why are they needed? I want want to make my own agenda with groups why would i need these 2? is that a requirement from windows?

 

[Johnny Fartpants]

It does look like a bug to me as essentially you can't create a sub-dataset (SMB) without the parent having the following:

builtin_users
builtin_administrators
domain users
domain admins

They shouldn't all be needed.

 

[Wouterplop]

thanks for youre reply! and indeed in my opinion it’s strange when I want another child dataset and the parent dataset has no:
builtin_users
builtin_administrators
(i don’t use domain so they don’t show up)
That I can’t create them. i gives me the error that it missing those 2.

for now i leave it open until it is fixed or someone from truenas can give a logical explanation about this requirement. Somebody created it so there must be a way of thought!

cheers

 

[Johnny Fartpants]

You may want to file a bug report (top of page) as it will only get fixed if it gets noticed.