My FreeNAS 11.2-U7 machine has a primary RAIDZ1 pool with a handful of datasets, and also a secondary striped SSD that I use for disposable scratch space.
I intended all of these datasets to be set to the Unix share type in the web UI, but found yesterday that I must have set the SSD dataset to Windows when I created it, which was causing some permission problems when copying files to it. I changed the SSD to the Unix type, assuming the change would only affect that dataset (and since it's disposable I planned to just destroy/recreate it in the event of any issues) but this is where bigger problems started.
Somehow this caused all of the datasets on my primary pool to be converted to the Windows share type (??) according to the web UI, and every file across all of them took on ACL properties; this was apparent when they all became marked with a + sign according to ls -la and I started to have a big range of permission problems accessing them. After doing some searches here and elsewhere, I did the following:
While I can now work with files as root in a shell without issue, Windows is still telling me I don't have permission to access the SMB shares pointing at the primary datasets even though I'm using the credentials of the account that owns the dataset/files. Additionally, jails that use mount points on those datasets (Plex, et al) are all throwing various 'permission denied' errors and are unable to access any of the relevant files as well.
What can I do next to fix this? It feels like all the permissions have been reset properly but obviously I've missed something fairly major. (It's somewhat tempting to upgrade to 11.3 since I know it has new tools to manage ACLs, but I usually prefer to wait for a couple of update releases after a major version before upgrading.)
I intended all of these datasets to be set to the Unix share type in the web UI, but found yesterday that I must have set the SSD dataset to Windows when I created it, which was causing some permission problems when copying files to it. I changed the SSD to the Unix type, assuming the change would only affect that dataset (and since it's disposable I planned to just destroy/recreate it in the event of any issues) but this is where bigger problems started.
Somehow this caused all of the datasets on my primary pool to be converted to the Windows share type (??) according to the web UI, and every file across all of them took on ACL properties; this was apparent when they all became marked with a + sign according to ls -la and I started to have a big range of permission problems accessing them. After doing some searches here and elsewhere, I did the following:
- converted all the datasets back to Unix share type
- purged ACLs with find /mnt/<pool>/<dataset> | setfacl -b
- confirmed the ZFS property 'aclmode' is set to 'passthrough' on each dataset
- ran recursive chown/chmod on each dataset to make sure ownership and permissions are what they should be
While I can now work with files as root in a shell without issue, Windows is still telling me I don't have permission to access the SMB shares pointing at the primary datasets even though I'm using the credentials of the account that owns the dataset/files. Additionally, jails that use mount points on those datasets (Plex, et al) are all throwing various 'permission denied' errors and are unable to access any of the relevant files as well.
What can I do next to fix this? It feels like all the permissions have been reset properly but obviously I've missed something fairly major. (It's somewhat tempting to upgrade to 11.3 since I know it has new tools to manage ACLs, but I usually prefer to wait for a couple of update releases after a major version before upgrading.)