Using CIFS shares with UNIX permissions?

Status
Not open for further replies.
M

mike360x1

Contributor
Joined
Dec 25, 2012
Messages
107
Hi there,

So, in my server, I currently have datasets setup for access from a CIFS share with unix permissions so I can have my jails access these datasets. Problem is, I've heard of potential problems or instabilities of using CIFS with unix permissions and how thats not recommended.

I've heard that FreeNAS supports Samba 3 which does work with CIFS shares. however, Samba 4 does not support Unix permissions, :( (correct me if I'm wrong) and I'm worried that when FreeNAS 10 rolls around, there will be no more CIFS support for unix permissions anymore

So, I'm wondering, what would be the best solution to setup CIFS (or windows for that matter) to connect to unix permission shares?

Side note: I am the only tech savvy individual in my household and so if I could keep the simplicity of CIFS (opening a windows browser and seeing that directory as if it was local) just for the other people in the house, that would be a ++.

I would appreciate your assistance. :)

Thank you in advance,
Michael L.
 
nojohnny101

nojohnny101

Wizard
Joined
Dec 3, 2015
Messages
1,478
I am in your same boat. Everything has been working great for me for some time now but having read about the discouraged practice of sharing CIFS with unix permissions after I set things up. I am hesitant to change things as they are working but as you stated, a change will most likely eventually be forced.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
mike360x1 said:
Hi there,

So, in my server, I currently have datasets setup for access from a CIFS share with unix permissions so I can have my jails access these datasets. Problem is, I've heard of potential problems or instabilities of using CIFS with unix permissions and how thats not recommended.
Click to expand...

Try to use Windows permissions type. It will probably work, but depends on what you're doing in the jail. In most situations you will have no problems as long as you configure the jail correctly (adding storage to it via the webgui rather than sharing the entire jail via samba), and configure permissions correctly. Many times people want to use Unix permissions type because they want to be able to throw their hands up in the air and "chmod 777" all the things.

I've heard that FreeNAS supports Samba 3 which does work with CIFS shares. however, Samba 4 does not support Unix permissions, :( (correct me if I'm wrong) and I'm worried that when FreeNAS 10 rolls around, there will be no more CIFS support for unix permissions anymore
Click to expand...

That's all wrong. Samba4 has been in FreeNAS for a very long time and has nothing to do with "Unix" permissions vs "Windows" permissions.

So, I'm wondering, what would be the best solution to setup CIFS (or windows for that matter) to connect to unix permission shares?
Click to expand...
Probably not. This is a matter of defaults and how FreeNAS is intended to be used. There are workarounds for not using ACLs on samba shares, but I can't guarantee that these workarounds will work in future FreeNAS versions.

Side note: I am the only tech savvy individual in my household and so if I could keep the simplicity of CIFS (opening a windows browser and seeing that directory as if it was local) just for the other people in the house, that would be a ++.
Click to expand...

@m0nkey_ has a video somewhere around here detailing how to set up permissions. That'd be a good place to start.
 
M

mike360x1

Contributor
Joined
Dec 25, 2012
Messages
107
anodos said:
That's all wrong. Samba4 has been in FreeNAS for a very long time and has nothing to do with "Unix" permissions vs "Windows" permissions.
Click to expand...
My mistake. I got this misunderstanding from cyberjock's FreeNAS ppt guide (This is the slide I'm referencing: http://puu.sh/rs8jM/1d2c7abf81.jpg ). In this slide, he strongly recommends against using windows shares with UNIX permissions.

anodos said:
Try to use Windows permissions type. It will probably work, but depends on what you're doing in the jail. In most situations you will have no problems as long as you configure the jail correctly (adding storage to it via the web GUI rather than sharing the entire jail via samba),
Click to expand...

Well, I have setup my datasets in UNIX permissions for a couple of reasons:
1. Managing permissions is so much faster in GUI than using windows ACL.
2. I have specific permissions for some of my jails that I would like to enforce. I think Monkey's tutorial does not cover windows permissions while still being able to change permissions for plugins.
3. When I need to modify a permission for someone else's data set that I have no access to, I need to log in as their user and change it that way. (There's likely a solution to this but I haven't spent the time looking for it)

anodos said:
Probably not. This is a matter of defaults and how FreeNAS is intended to be used. There are workarounds for not using ACLs on samba shares, but I can't guarantee that these workarounds will work in future FreeNAS versions.
Click to expand...

And that is what I am worried about. And because Microsoft -- being the company that it is -- does not allow mounting NFS shares on anything but Enterprise versions. : (
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
mike360x1 said:
My mistake. I got this misunderstanding from cyberjock's FreeNAS ppt guide (This is the slide I'm referencing: http://puu.sh/rs8jM/1d2c7abf81.jpg ). In this slide, he strongly recommends against using windows shares with UNIX permissions.
Click to expand...
That's odd. Well, Samba3 vs Samba4 isn't really an issue. Outside of creating an AD DC, the two are largely similar. Same config options.

Well, I have setup my datasets in UNIX permissions for a couple of reasons:
1. Managing permissions is so much faster in GUI than using windows ACL.
Click to expand...
Perhaps I'm odd, but I rarely if ever have to manage permissions once I initially set them.

2. I have specific permissions for some of my jails that I would like to enforce. I think Monkey's tutorial does not cover windows permissions while still being able to change permissions for plugins.
Click to expand...
This is heavily dependent on the particular plugin you're talking about and what you're trying to achieve. There are some applications that will try to alter unix mode bits on files and crash (or fail in other less obvious ways) if there are ACLs on files. If the application you are running in a jail is one of these, then you have to use Unix permissions type (but this should be the minority of cases and something you test for first).

3. When I need to modify a permission for someone else's data set that I have no access to, I need to log in as their user and change it that way. (There's likely a solution to this but I haven't spent the time looking for it)
Click to expand...
On this count, ZFS ACLs are a very good solution. Just grant your admin user/group "full control" over all your shares. But if permissions are configured correctly, you shouldn't have to be going in places and modifying things. I think I've done that about one or two times in the past 6 months.

I wrote up a bare-bones overview of Samba permissions here: https://wiki.freenas.org/index.php/Methods_For_Fine-Tuning_Samba_Permissions
 
Status
Not open for further replies.

Similar threads

S
  • Locked
CIFS shares & Permissions - Unix? No write permission? All users have read access on WinACL?
Replies
7
Views
6K
anodos
anodos
J
  • Locked
RESET permissions to unix
Replies
3
Views
2K
marian78
marian78
W
  • Locked
Issue With Share Permissions & Plex
2
Replies
34
Views
10K
wutang200
W
bmcclure937
  • Locked
CIFS/SMB Share Configuration
Replies
5
Views
2K
DifferentStrokes
DifferentStrokes
P
  • Locked
Unix and CIFS Shares on FreeNAS-9.2.1.8-RELEASE-x64 (e625626)
Replies
2
Views
846
anodos
anodos
Top