TrueNas - Share (Read-Only)

jose.alberto

Cadet
Joined
Mar 10, 2021
Messages
4
Good Morning:

I´m experience this problem and would like to know if this is a normal behavior since this is my first experience with truenas.

We are expanding our files repository and we are trying to use truenas for this purpose.

  • I had deployed truenas version 12.0-U2.1.
  • Truenas has been linked with Active Directory using Directory Services.
  • A storage pool has been created, and permissions have been applied using active directory groups.
  • A Windows share (SMB) has been configured pointing to the path of the storage. Default share parameter has been applied.
The problem:

For some reason it setups read only + traverse folder Execute file.

We wish to limit this repository to only read only without any executable permissions. But as soon we take the “traverse folder execute file” the folder becomes unavailable.

Hope someone can help me with this.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
Good Morning:

I´m experience this problem and would like to know if this is a normal behavior since this is my first experience with truenas.

We are expanding our files repository and we are trying to use truenas for this purpose.

  • I had deployed truenas version 12.0-U2.1.
  • Truenas has been linked with Active Directory using Directory Services.
  • A storage pool has been created, and permissions have been applied using active directory groups.
  • A Windows share (SMB) has been configured pointing to the path of the storage. Default share parameter has been applied.
The problem:

For some reason it setups read only + traverse folder Execute file.

We wish to limit this repository to only read only without any executable permissions. But as soon we take the “traverse folder execute file” the folder becomes unavailable.

Hope someone can help me with this.
Execute bit is required on directories in order to allow traversal. This is how permissions work on Unix. If you wish to limit scope of Execute to only apply to Directories, you will need to create two separate ACEs.

1) READ_DATA, READ_ATTRIBUTES, READ_NAMED_ATTRIBUTES, READ_ACL (permset) BASIC: INHERIT (flagset).
2) EXECUTE (permset), DIRECTORY_INHERIT (flagset)

This will make it so that ACE2 only inherits on directories (not files).
 
Top