I recently switch from nas4free to Freenas 9.2.1.8, and having issues with guest only shares (which is all shares at the moment). I can't write to them. All my zfs datasets are windows permission type, Owner nobody, group wheel. I verified guest account in CIFS settings is 'nobody', guest only is checked on the share.
I have found 2 workarounds
1. remove 'zfsacl' from 'vfs objects' in each share manually from the smb4.conf and then restarting samba. This will be lost if I do anything CIFS related via webui OR
2. Setting the 'everyone' can do everything permission via ' setfacl -m everyone@:rwxpDdaARWcCos:fd----:allow' to all directories in the share.
Why would I have to use setfacl for everyone group if folder the owner is nobody?
getfacl of a share that isn't writable
getfacl of share that is writable
testparm
Is there some bug in guest only shares?
I have found 2 workarounds
1. remove 'zfsacl' from 'vfs objects' in each share manually from the smb4.conf and then restarting samba. This will be lost if I do anything CIFS related via webui OR
2. Setting the 'everyone' can do everything permission via ' setfacl -m everyone@:rwxpDdaARWcCos:fd----:allow' to all directories in the share.
Why would I have to use setfacl for everyone group if folder the owner is nobody?
getfacl of a share that isn't writable
Code:
[root@nas] /mnt# getfacl /mnt/tank3/backup/ # file: /mnt/tank3/backup/ # owner: nobody # group: wheel owner@:rwxpDdaARWcCos:fd----:allow group@:rwxpDdaARWcCos:fd----:allow everyone@:r-x---a-R-c---:fd----:allow
getfacl of share that is writable
Code:
[root@nas] /mnt# getfacl /mnt/tank3/BigShare/ # file: /mnt/tank3/BigShare/ # owner: nobody # group: wheel owner@:rwxpDdaARWcCos:fd----:allow group@:rwxpDdaARWcCos:fd----:allow everyone@:rwxpDdaARWcCos:fd----:allow
testparm
Code:
[root@nas] /mnt# testparm Load smb config files from /usr/local/etc/smb4.conf max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384) rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384) Processing section "[Backup]" Processing section "[BigShare]" Processing section "[ExtraStorage]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] dos charset = CP437 workgroup = SUPERHOME server string = FreeNAS Server server role = standalone server map to guest = Bad User obey pam restrictions = Yes smb passwd file = /var/etc/private/smbpasswd private dir = /var/etc/private max log size = 51200 server max protocol = SMB2 time server = Yes deadtime = 15 max open files = 11070 load printers = No printcap name = /dev/null disable spoolss = Yes dns proxy = No pid directory = /var/run/samba panic action = /usr/local/libexec/samba/samba-backtrace idmap config *:range = 90000000-100000000 idmap config * : backend = tdb acl allow execute always = Yes create mask = 0777 directory mask = 0777 ea support = Yes directory name cache size = 0 kernel change notify = No store dos attributes = Yes strict locking = No [Backup] path = /mnt/tank3/backup read only = No guest only = Yes guest ok = Yes veto files = /.snap/.windows/.zfs/ vfs objects = zfsacl, streams_xattr, aio_pthread zfsacl:acesort = dontcare nfs4:chown = yes nfs4:acedup = merge nfs4:mode = special recycle:subdir_mode = 0700 recycle:directory_mode = 0777 recycle:touch = yes recycle:versions = yes recycle:keeptree = yes recycle:repository = .recycle/%U [BigShare] path = /mnt/tank3/BigShare read only = No guest only = Yes guest ok = Yes veto files = /.snap/.windows/.zfs/ vfs objects = zfsacl, streams_xattr, aio_pthread zfsacl:acesort = dontcare nfs4:chown = yes nfs4:acedup = merge nfs4:mode = special recycle:subdir_mode = 0700 recycle:directory_mode = 0777 recycle:touch = yes recycle:versions = yes recycle:keeptree = yes recycle:repository = .recycle/%U [ExtraStorage] path = /mnt/gamebackup read only = No guest ok = Yes veto files = /.snap/.windows/.zfs/ vfs objects = zfsacl, streams_xattr, aio_pthread zfsacl:acesort = dontcare nfs4:chown = yes nfs4:acedup = merge nfs4:mode = special recycle:subdir_mode = 0700 recycle:directory_mode = 0777 recycle:touch = yes recycle:versions = yes recycle:keeptree = yes recycle:repository = .recycle/%U
Is there some bug in guest only shares?