IT_Trashman
Cadet
- Joined
- May 12, 2021
- Messages
- 2
I was running FreeNAS 11.1. I upgraded to 11.2 and then 11.3 because I have been having permissions issues for some time and was hoping gaining access to the ACLs would help me resolve this. Clearly not.
I have a single Pool, named StorageServer, which then contains my datasets, for example, a dataset name is Work, and there is a matching SMB share also for Work.
Under 11.1, things were functional, however I have permissions issues which I would like to resolve. For example, I have a dataset for FTP which I need in order to share out files, where I provide logins and they can hop in and pull files from the FTP share which requires strict permission controls, for example, my user should have full control, but other users should be limited to read only. Again, I was hoping updating to 11.3 and getting into the ACLs would help me resolve this.
Currently, I am unable to access any of the shares from Windows 10 build 20H2. I have removed all the shares entirely and only recreated a handful of shares, but have not been able to resolve the permissions aspect, and before digging myself any deeper, I'm here to hopefully get it all resolved.
I'm listing below several outputs in the hopes someone can maybe break down where I screwed up in here? I'm also not opposed to nuking all permissions and starting from scratch, however avoiding data loss is crucial.
The long story short is that I can see \\freenas.home and I can see all of my shares, but I get a permissions error when I try to open any specific share.
Also, worth noting, I am going to be adding an HBA and creating a totally new pool in the future with more storage than what I have now. This current pool I plan to remove entirely once the new pool is created, so if there's some permissions disasters in here that I can avoid in the future, I'm all ears. I've watched the permissions setup videos, I've read through other threads, but at the end of the day, while none of this is new, I think I'm just not looking at this correctly at all and need some new eyes on this to help. The primary goal right now is to restore access to the shares on Windows. Once I regain access, I can correct the permissions so it functions the way I intend.
If any other commands are needed, I can run them whenever. I'm sure something is wrong, maybe it was the upgrade, maybe it was me from the beginning, but I already made the mistake of updating the pool, so roast me, but I'm all ears. Just need to get back in. Appreciate whatever help I can get here.
I have a single Pool, named StorageServer, which then contains my datasets, for example, a dataset name is Work, and there is a matching SMB share also for Work.
Under 11.1, things were functional, however I have permissions issues which I would like to resolve. For example, I have a dataset for FTP which I need in order to share out files, where I provide logins and they can hop in and pull files from the FTP share which requires strict permission controls, for example, my user should have full control, but other users should be limited to read only. Again, I was hoping updating to 11.3 and getting into the ACLs would help me resolve this.
Currently, I am unable to access any of the shares from Windows 10 build 20H2. I have removed all the shares entirely and only recreated a handful of shares, but have not been able to resolve the permissions aspect, and before digging myself any deeper, I'm here to hopefully get it all resolved.
I'm listing below several outputs in the hopes someone can maybe break down where I screwed up in here? I'm also not opposed to nuking all permissions and starting from scratch, however avoiding data loss is crucial.
Code:
root@freenas:~ # getfacl /mnt/StorageServer
# file: /mnt/StorageServer
# owner: root
# group: staff
owner@:rw-p--aARWcCos:-------:allow
group@:rw-p--a-R-c--s:-------:allow
everyone@:rw-p--a-R-c--s:-------:allowCode:
root@freenas:~ # testparm -sa
Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Server role: ROLE_STANDALONE
# Global parameters
[global]
aio max threads = 2
bind interfaces only = Yes
disable spoolss = Yes
dns proxy = No
enable web service discovery = Yes
kernel change notify = No
load printers = No
logging = file
max log size = 51200
nsupdate command = /usr/local/bin/samba-nsupdate -g
restrict anonymous = 2
server min protocol = SMB2_02
server role = standalone server
server string = FreeNAS Server
unix extensions = No
workgroup = HOME
idmap config *: range = 90000001-100000000
idmap config * : backend = tdb
allocation roundup size = 0
directory name cache size = 0
dos filemode = Yes
include = /usr/local/etc/smb4_share.conf
[FTP]
aio write size = 0
ea support = No
mangled names = illegal
path = /mnt/StorageServer/FTP
read only = No
vfs objects = streams_xattr zfs_space ixnas zfsacl
nfs4:acedup = merge
nfs4:chown = true
[Music]
aio write size = 0
ea support = No
mangled names = illegal
path = /mnt/StorageServer/Music
read only = No
vfs objects = streams_xattr zfs_space ixnas zfsacl
nfs4:acedup = merge
nfs4:chown = true
[Personal]
aio write size = 0
ea support = No
mangled names = illegal
path = /mnt/StorageServer/Personal
read only = No
vfs objects = streams_xattr zfs_space ixnas zfsacl
nfs4:acedup = merge
nfs4:chown = true
[Photos]
aio write size = 0
ea support = No
mangled names = illegal
path = /mnt/StorageServer/Photos
read only = No
vfs objects = streams_xattr shadow_copy_zfs zfs_space ixnas zfsacl
nfs4:acedup = merge
nfs4:chown = true
[Work]
aio write size = 0
ea support = No
mangled names = illegal
path = /mnt/StorageServer/Work
read only = No
vfs objects = streams_xattr zfs_space ixnas zfsacl
nfs4:acedup = merge
nfs4:chown = true
Code:
root@freenas:~ # net getlocalsid SID for domain FREENAS is: S-1-5-21-2323056048-1179890799-4016471343
Code:
root@freenas:~ # net groupmap list Guests (S-1-5-32-546) -> 90000006 staff (S-1-5-21-2323056048-1179890799-4016471343-1015) -> staff ftp (S-1-5-21-2323056048-1179890799-4016471343-1010) -> ftp Administrators (S-1-5-32-544) -> 90000004 Users (S-1-5-32-545) -> 90000005 wheel (S-1-5-21-2323056048-1179890799-4016471343-1013) -> wheel
Code:
root@freenas:~ # getfacl /mnt/StorageServer/Work
# file: /mnt/StorageServer/Work
# owner: root
# group: staff
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:--x---a-R-c---:fd-----:allow
everyone@:--------------:fd-----:allowThe long story short is that I can see \\freenas.home and I can see all of my shares, but I get a permissions error when I try to open any specific share.
Also, worth noting, I am going to be adding an HBA and creating a totally new pool in the future with more storage than what I have now. This current pool I plan to remove entirely once the new pool is created, so if there's some permissions disasters in here that I can avoid in the future, I'm all ears. I've watched the permissions setup videos, I've read through other threads, but at the end of the day, while none of this is new, I think I'm just not looking at this correctly at all and need some new eyes on this to help. The primary goal right now is to restore access to the shares on Windows. Once I regain access, I can correct the permissions so it functions the way I intend.
If any other commands are needed, I can run them whenever. I'm sure something is wrong, maybe it was the upgrade, maybe it was me from the beginning, but I already made the mistake of updating the pool, so roast me, but I'm all ears. Just need to get back in. Appreciate whatever help I can get here.
