ACL not working on specific Dataset via SMB

[07stuntar1]

I am running TrueNAS-13.0-U5.1. I have 4 different Pools of drives. I created a dataset per each pool and gave all 4 the same ACLs. User "test" as owner "wheel" as group.
I share each dataset via SMB. My windows 10 or 11 can connect to 3 of the datasets perfectly fine. For some reason the 4th one it says Windows cannot access.
I have delete the dataset and redone the permissions 3 times and still same issues.
I check the CLI and ls -la and all 4 datasets have the exact same permissions.
I am able to see the share on windows.
Thank you

 

[anodos]

Are any of said datasets nested? Typically these sorts of issues are caused by users removing execute permissions from some path component leading to the share in question (basically cutting out feet from under the SMB session).

 

[07stuntar1]

Sorry what do you mean by nested.
I have a ZFS pool called Storage.
I have the following datasets:
/Storage/Share
/Storage/Backup

Backup is NFS
Share is SMB

Share owner is test
Group is wheel
Share cannot be accessed windows but can see the folder.
The other pools exact same except different names but can access the smb share. I can’t figure out why

 

[anodos]

Well, what you need to do is figure out what's different between them.

Code:

getfacl /mnt/Storage
getfacl /mnt/Storage/Share

getfacl /mnt/<other pool>
getfacl /mnt/<other pool>/Share

 

[07stuntar1]

Not Working Share
# file: /mnt/Storage/
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow

# file: /mnt/Storage/Share
# owner: test
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
user:test:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow



Working SMB Share2
getfacl /mnt/Storage2
# file: /mnt/Storage2
# owner: root
# group: wheel
owner@:rwxp--aARWcCos:-------:allow
group@:r-x---a-R-c--s:-------:allow
everyone@:r-x---a-R-c--s:-------:allow

getfacl /mnt/Storage2/Share2
# file: /mnt/Storage2/Share2
# owner: test
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWc--s:fd-----:allow
everyone@:--------------:fd-----:allow

Well, what you need to do is figure out what's different between them.

Code:

getfacl /mnt/Storage
getfacl /mnt/Storage/Share

getfacl /mnt/<other pool>
getfacl /mnt/<other pool>/Share

 

[anodos]

Code:

# file: /mnt/Storage/
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow

You cut out feet from under your users. Only root and wheel can traverse /mnt/Storage. This is ACL equivalent of 0o770 mode. Look at your other dataset for example of what you actually need.

 

[07stuntar1]

Code:

# file: /mnt/Storage/
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow

You cut out feet from under your users. Only root and wheel can traverse /mnt/Storage. This is ACL equivalent of 0o770 mode. Look at your other dataset for example of what you actually need.

How do I change that? It says root dataset permissions cannot be edited. I see ACL settings for the share dataset.

 

[anodos]

How do I change that? It says root dataset permissions cannot be edited. I see ACL settings for the share dataset.

Code:

setfacl -b /mnt/Storage/
chmod 755 /mnt/Storage

 

[07stuntar1]

Code:

setfacl -b /mnt/Storage/
chmod 755 /mnt/Storage

Sweet thank you it worked.