CIFS and Symlink Permissions

[Elegant]

Hi guys,
I've hit a bit of a snag setting up a symlink and could use some help. Basically I'm creating a symlink between two shares; I used the full path, enabled follow symlinks and wide links. The file appears and all seems well until I view the file's (symlink's) permissions: It doesn't have any!

This becomes increasingly problematic when I try to write to the file as I receive an access denied. Is there anyway I can have the symlink inherit the ACL of the folder it's in? I've set the owner with "chown -h" but the permissions still can't be seen in Windows. I can't even take ownership of the file in Windows to set the proper ACL.

 

[anodos]

Okay. Suppose the situation is you have two shares
[share 1]
/mnt/Tank/Share1

[share 2]
/mnt/Tank/Share2

You want [share 2] to appear as \\freenas\Share 1\foo. The command to do this is

Code:

ln -s /mnt/Tank/Share2 /mnt/Tank/Share1/foo

But this does not make it so that /mnt/Tank/Share2/bar will inherit permissions from /mnt/Tank/Share1. /mnt/Tank/Share2/bar will still inherit its ACLs from /mnt/Tank/Share2.

I haven't tested it, but I have a feeling samba isn't going to like this very much.

 

[Elegant]

That's what I ran to get to this stage. I'll outline it a bit more:

Code:

ln -s /mnt/tank/Repo1/MyFile.txt /mnt/tank/Repo2/MyFile2.txt

Now MyFile2.txt is the symlink and it appears as normal and I can read it. It does not inherit the permissions from Repo1 which is completely normal. The issue is that myFile2.txt is NOT inheriting the permissions from Repo2. As such I cannot even take ownership of the file (in Windows) and make changes. Now what would make sense would be to just assign the ownership in FreeNAS as such:

Code:

chown -h user:group /mnt/tank/Repo2/MyFile2.txt

For whatever reason, the above has no effect. Although I have assigned the correct user and group I am still unable to modify this file or it's permissions in Windows. It's basically a lost file that I can read but can't edit/write.

 

[anodos]

That's what I ran to get to this stage. I'll outline it a bit more:

Code:

ln -s /mnt/tank/Repo1/MyFile.txt /mnt/tank/Repo2/MyFile2.txt

Now MyFile2.txt is the symlink and it appears as normal and I can read it. It does not inherit the permissions from Repo1 which is completely normal. The issue is that myFile2.txt is NOT inheriting the permissions from Repo2. As such I cannot even take ownership of the file (in Windows) and make changes. Now what would make sense would be to just assign the ownership in FreeNAS as such:

Code:

chown -h user:group /mnt/tank/Repo2/MyFile2.txt

For whatever reason, the above has no effect. Although I have assigned the correct user and group I am still unable to modify this file or it's permissions in Windows. It's basically a lost file that I can read but can't edit/write.

Okay. I recreated your folder setup inside a test share. I have /mnt/Tank/TestShare/Folder1/MyFile.txt, /mnt/Tank/TestShare/Folder2, and ran ln -s /mnt/Tank/TestShare/Folder1/MyFile.txt /mnt/Tank/TestShare/Folder2/MyFile2.txt.

Permissions are set as follows (so that you can see how permissions are inherited).

Code:

[root@rivendell] /mnt/Tank/TestShare# getfacl Folder1
# file: Folder1
# owner: root
# group: DOMAIN\domain admins
group:DOMAIN\smith:r-x---a-R-c---:fd-----:allow
group:DOMAIN\bob:rwxpDdaARWcCo-:fd-----:allow
            group@:rwxpDdaARWcCo-:fd-----:allow
[root@rivendell] /mnt/Tank/TestShare# getfacl Folder2
# file: Folder2
# owner: root
# group: DOMAIN\domain admins
group:DOMAIN\joead:r-x---a-R-c---:fd-----:allow
group:DOMAIN\bob:rwxpDdaARWcCo-:fd-----:allow
            group@:rwxpDdaARWcCo-:fd-----:allow
[root@rivendell] /mnt/Tank/TestShare# getfacl Folder2/MyFile2.txt
# file: Folder2/MyFile2.txt
# owner: root
# group: DOMAIN\domain admins
group:DOMAIN\smith:r-x---a-R-c---:------I:allow
group:DOMAIN\bob:rwxpDdaARWcCo-:------I:allow
            group@:rwxpDdaARWcCo-:------I:allow

As you can see permissions are inherited from "Folder1" and not "Folder2". Now let's perform a chown operation on "Folder1"

Code:

[root@rivendell] /mnt/Tank/TestShare# chown DOMAIN\\curly. /mnt/Tank/TestShare/Folder1

And see if it affected the permissions on "MyFile2.txt".

Code:

[root@rivendell] /mnt/Tank/TestShare# getfacl Folder2/MyFile2.txt
# file: Folder2/MyFile2.txt
# owner: root
# group: DOMAIN\domain admins
group:DOMAIN\smith:r-x---a-R-c---:------I:allow
group:DOMAIN\bob:rwxpDdaARWcCo-:------I:allow
            group@:rwxpDdaARWcCo-:------I:allow

As you can see. No change. Permissions are only inherited at file create time. What if we change permissions on /mnt/Tank/TestShare/MyFile.txt?

Code:

[root@rivendell] /mnt/Tank/TestShare# chown DOMAIN\\curly /mnt/Tank/TestShare/Folder1/MyFile.txt

Well, this time we see a change in MyFile2.txt.

Code:

[root@rivendell] /mnt/Tank/TestShare# getfacl Folder2/MyFile2.txt
# file: Folder2/MyFile2.txt
# owner: DOMAIN\curly
# group: DOMAIN\domain admins
group:DOMAIN\smith:r-x---a-R-c---:------I:allow
group:DOMAIN\bob:rwxpDdaARWcCo-:------I:allow
            group@:rwxpDdaARWcCo-:------I:allow

Using windows explorer to modify the ACLs will actually recursively change permissions on folders, but in this case you would have to change permissions on "Folder1" to get the results you want.