masonpharmd
Cadet
- Joined
- Jun 28, 2017
- Messages
- 4
OK So I am no means technically illiterate, however I feel like an absolute moron trying to get something really simple going.
For experimental purposes I managed to get FreeNAS 9.10 up and running (easy since it self installs).
I also managed to create a 3 disk RAIDZ volume created, a dataset and SMB Shares created that allowed windows clients to read and write to folders on the share AND allowed a FreeBSD application to read and write to the same share. As well I even managed to use Init/shutdown scripts and cron jobs to call the application to do certain things like make sure it gets restarted if it stops for some reason. I probably lucked into getting it all running, but anyhow I felt like I understood permissions well enough that I did it.
mistake 1 - For some reason since I decided that I wanted to build in some fault tolerance and created a new RAIDZ1 volume with SSD cache disk. I can't recall if I manually deleted the datasets and shares or if they were deleted when I released the volume and created a new one.
mistake 2- Also for some reason I didn't document the permissions granted as I arrogantly thought I would just figure it out again.
So now I bow at the feet of men wiser than I, begging for some help as Clients can read and write BUT the application cannot.
Some details ---
System Information
Hostname freenas.local Edit
Build FreeNAS-9.10.2-U5 (561f0d7a1)
Platform Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
Memory 16035MB
System Time Wed Jun 28 21:30:09 EDT 2017
Uptime 9:30PM up 22:30, 0 users
Load Average 0.11, 0.17, 0.16
I have a volume created called nas1
with permissions set in the gui for
/mnt/nas1
owned by user - nobody
owned by group - nogroup
owner can R/W/E
group can R/W/E
other can R/E
Permission type set to Windows
I have a dataset called dataset1
with permissions set in the gui for
/mnt/nas1/dataset1
owned by user - nobody
owned by group - nogroup
owner can R/W/E
group can R/W/E
other can R/E
Permission type set to Windows
I have a SMB Share called dataset1
with configuration for
path /mnt/nas1/dataset1
name dataset1
boxes checked for
Apply default permissions
browsable to network clients
allow guest access
SMB settings config as
netbios name - freenas
workgroup - workgroup
guest account - nobody
allow empty password - box checked
allow execute always - box checked
obey pam restrictions - box checked
And by looking at the running processes by using the display system processes tool within FreeNAS I see that root is the user who is running the application called application1.
So what this application needs to be allowed to do is view a file called application1.conf and read the contents to know which folders to create daughter folders and write data to them.
This application was doing just that within the previous volumes without being an official sanctioned plugin within a jail.
I know I have very limited understanding of FreeBSD permissions but I would expect if it is owned by no user or group it would allow an elevated user root to be able to see/modify the same folders and files as the windows (and chromebook) clients
Thanks in advance for anyone who put thought into this enough to not flame me.
For experimental purposes I managed to get FreeNAS 9.10 up and running (easy since it self installs).
I also managed to create a 3 disk RAIDZ volume created, a dataset and SMB Shares created that allowed windows clients to read and write to folders on the share AND allowed a FreeBSD application to read and write to the same share. As well I even managed to use Init/shutdown scripts and cron jobs to call the application to do certain things like make sure it gets restarted if it stops for some reason. I probably lucked into getting it all running, but anyhow I felt like I understood permissions well enough that I did it.
mistake 1 - For some reason since I decided that I wanted to build in some fault tolerance and created a new RAIDZ1 volume with SSD cache disk. I can't recall if I manually deleted the datasets and shares or if they were deleted when I released the volume and created a new one.
mistake 2- Also for some reason I didn't document the permissions granted as I arrogantly thought I would just figure it out again.
So now I bow at the feet of men wiser than I, begging for some help as Clients can read and write BUT the application cannot.
Some details ---
System Information
Hostname freenas.local Edit
Build FreeNAS-9.10.2-U5 (561f0d7a1)
Platform Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
Memory 16035MB
System Time Wed Jun 28 21:30:09 EDT 2017
Uptime 9:30PM up 22:30, 0 users
Load Average 0.11, 0.17, 0.16
I have a volume created called nas1
with permissions set in the gui for
/mnt/nas1
owned by user - nobody
owned by group - nogroup
owner can R/W/E
group can R/W/E
other can R/E
Permission type set to Windows
I have a dataset called dataset1
with permissions set in the gui for
/mnt/nas1/dataset1
owned by user - nobody
owned by group - nogroup
owner can R/W/E
group can R/W/E
other can R/E
Permission type set to Windows
I have a SMB Share called dataset1
with configuration for
path /mnt/nas1/dataset1
name dataset1
boxes checked for
Apply default permissions
browsable to network clients
allow guest access
SMB settings config as
netbios name - freenas
workgroup - workgroup
guest account - nobody
allow empty password - box checked
allow execute always - box checked
obey pam restrictions - box checked
And by looking at the running processes by using the display system processes tool within FreeNAS I see that root is the user who is running the application called application1.
So what this application needs to be allowed to do is view a file called application1.conf and read the contents to know which folders to create daughter folders and write data to them.
This application was doing just that within the previous volumes without being an official sanctioned plugin within a jail.
I know I have very limited understanding of FreeBSD permissions but I would expect if it is owned by no user or group it would allow an elevated user root to be able to see/modify the same folders and files as the windows (and chromebook) clients
Thanks in advance for anyone who put thought into this enough to not flame me.
Last edited by a moderator: