Unable to modify files in CIFS...

[SaskiFX]

So I recently went through and did some edits on my jails to have all my various media automation stuff run under the same media account. (Sonarr, Couchpotato, Deluge, Plex, etc.)

I have it set to run under the user media, and the group Users.

The software is generating new files in my shares as media:Users.

My main account on windows is Craig, and it is also a member of the Users group. However, when I am working with my files from windows, I can't make changes to any folders/files owned by the media:Users setup. If I change it to Craig:Users, everything works fine.

I've been looking around and googling to try and find a solution, but I'm currently stuck. Any suggestions on where to look now? I have attached a debug log from my server as I see many other posts asking for them.

 

[DifferentStrokes]

What premissions are being given to the group of Users. If Users only have read and/or excute permissions you will not be able to make changes.

 

[SaskiFX]

Every file on that share is 0775. Everything works as expected in the jails and in the FreeNAS shell. All the jail apps are running as media:Users and when I'm logged in as Craig via SSH everything is good. Just in Windows do I get my access denied message.

 

[DifferentStrokes]

Windows caches credentials. I'd try unmapping the share and remapping.

 

[SweetAndLow]

Unix permissions or Windows permissions?

I suspect it's Unix and if that is the case that means aclmod is passive and that affects group permissions through samba. I think the fix for this is to remove the acl option in the cifs auxiliary settings. Or switch to Windows permissions but I don't know how that will affect your jails.

I have this same problem and not sure what solution I want to go with.

 

[SaskiFX]

So I tried removing the share in windows and re-adding it, no luck.

MainStorage is the pool.
- > MainStorage is a dataset with Unix permissions
-----> Vault is a dataset with Windows Permissions, and thats where the files are.

 

[SaskiFX]

So, I just created another dataset with Unix type and permissions to test with. Simply called Test.

Its setup. (I tried using nobody to see if I could exclude users and just rely on groups permissions.)

These are the options for the share under Sharing and CIFS. No options are set in the box you can't see in this image.

I went and created a directory from the freenas shell, and had no issues with the permissions acting funny.

Code:

[Craig@knox /mnt/MainStorage/Test/Test]$ id Craig
uid=1001(Craig) gid=1001(Admins) groups=1001(Admins),0(wheel),1002(UsersG)
[Craig@knox /mnt/MainStorage/Test/Test]$ id media
uid=816(media) gid=816(media) groups=816(media),1002(UsersG)
[Craig@knox /mnt/MainStorage/Test/Test]$ ls -l
total 1
-rw-r--r--  1 Craig  UsersG  0 Feb  3 16:02 craig.txt
-rwxrwxr-x  1 media  UsersG  0 Feb  3 15:56 media.txt
[Craig@knox /mnt/MainStorage/Test/Test]$ getfacl craig.txt
# file: craig.txt
# owner: Craig
# group: UsersG
            owner@:rw-p--aARWcCos:------:allow
            group@:r-----a-R-c--s:------:allow
         everyone@:r-----a-R-c--s:------:allow
[Craig@knox /mnt/MainStorage/Test/Test]$ getfacl media.txt
# file: media.txt
# owner: media
# group: UsersG
            owner@:rwxp--aARWcCos:------:allow
            group@:rwxp--a-R-c--s:------:allow
         everyone@:r-x---a-R-c--s:------:allow
[Craig@knox /mnt/MainStorage/Test/Test]$

As I said, in the shell I can do anything. From my windows system, I can't alter the media.txt file. I can read it, but not edit it. Oddly enough, I can delete it. I can do anything I expect to with the craig.txt file.

(I wound up renaming the Users group to UsersG so I could differentiate it from something else.

 

[SaskiFX]

So in my thoughts, since everything was working on the BSD side of things, but it was not seeing my group correctly (so I thought) I changed my account to be under the primary group UsersG and the Admin group as an auxiliary one.

Everything still doesn't work. Its like my group doesn't matter at all.

Anyone have any suggestions?

 

[svemuri]

Spent a lot of time today chasing this exact problem (different use case) and came across this : https://bugs.freenas.org/issues/11390
So, it looks like this is not going to be officially fixed.

The Workaround #1 seems like a workable thing for my purpose (OwnCloud external local mount shared via CIFS) except setting acls manually on each file is not going to work.

Upon further digging, it looks like I can make all files/directories "inherit" the acls of the parent directory solving my problem.

Both aclmode and aclinherit on the dataset needs to be set to passthrough (zfs set aclmode=passthrough datasetname).

Then the the inheritance flags need to be set on the parent directory (setfacl owner@:rw-p--aARWcCos:fd----:allow parentdir ; setacl group@:rw-p--aARWcCos:fd----:allow parentdir; setfacl -m everyone@:r-x---a-R-c---:fd----:allow parentdir.)

This seems to work for me. Note that this is not officially supported, in fact actively discouraged.