CIFS not allowing user to browse folder

[diedrichg]

FreeNAS-9.2.1.6-BETA-2c5ce6b-x64

• I have my user: 'diedrich'
• 'diedrich' is part of the group 'family'
• Dataset 'media' is set to
  • owner: 'root'
  • group: 'family'
  • with 770

In Filezilla 'diedrich' can access all datasets that have the group 'family' and is denied access to those datasets he is not.

In Windows, CIFS allows 'diedrich' to ONLY access the datasets in which he is specifically mentioned as the owner or it is set as 777, but 'diedrich' can not access any datasets in which he is not the owner but part of a group such as 'family'.

Why is CIFS not allowing the browsing of datasets in which the user is only in the group? Clearly my permissions are working properly as Filezilla allows me to browse the proper datasets. *frustrated!*
I have tried using both SMB2 and SMB3 in the CIFS settings

 

[diedrichg]

I tried another Windows computer and I'm still having this issue. My wife's Mac uses AFP and her permissions work, so I'm thinking this may be a CIFS issue. Anybody else have this problem?

edit: I just tried using her macbook to logon to the CIFS share with 'diedrich' and it too shows datasets that are blocked but 'family' (which 'diedrich' belongs to) clearly has permissions.

edit#2: Definitely not my fault here. This has got to be samba. Here's my user permissions:

Code:

[root@DVGMARServer /mnt/dvgmar]# tail /etc/group
diedrich:*:1001:diedrich                                                 
family:*:1002:marisa,root,diedrich
[root@DVGMARServer /mnt/dvgmar]# id diedrich                             
uid=1001(diedrich) gid=1001(diedrich) groups=1001(diedrich),1002(family)

edit#3: Confirmed; it's Samba. I just added 'diedrich' to the AFP share and I was able to view all the properly permissioned datasets where CIFS/samba is not...

edit#4: Bug #5278

 

[diedrichg]

Maybe someone can clear up my ignorance on CIFS permissions. How do I set access on a dataset in Windows or a Mac for which I'm a member of the group-owner but not the user-owner? I've never had this issue until recently (past month). This is the response from my submitted bug.

Updated by Josh Paetzel about 9 hours ago

• Status changed from Unscreened to Behaves correctly

Samba is honoring the ACLs. It doesn't use or respect unix permissions. Log on as the owner of the share and set permissions via windows as you would like them.

 

[diedrichg]

[Solved]
Okay, I did some learning on ACL (Access Control List). I'll keep this thread for anyone else in the future who is as clueless as I was/(still am a little). Anyways, clicking on a dataset and then setting the permissions gives you an option to set the Type of ACL to Unix or Windows/Mac ACL. I had always just assumed that as long as you had credentials set in Windows or Mac as the FreeNAS user that those permissions would propagate when browsing your volume if you had Type of ACL set to Unix.

The solution is to set Type of ACL (in the FreeNAS GUI) to Windows / Mac ACL. This instantly gave me access to datasets in which the user was only in a group and not the sole user-owner. Beyond that, this is the extent of my understanding. Try it. Hopefully this will solve your CIFS dataset browsing issue.