Permissions on Pools

[ajschot]

Hey all,

I can not figure out if this is a Storage or a network problem, but is looks the most on a storage problem.

I am having a weird problem, i am trying to get a ftp account for a collegue so we can share work, i set everything up, but for a reason i can not acces when i have set the home directory on my Data pool.
The solution is to put this user into the wheel groupt but i don't want that all data even my root of freenas is accessebale.
I just want him to acces this dataset that i have created for him, it worked with a dataset on an other drive, but he still can acces everything on the root of freenas, even can delete stuff from there. The only thing that works is using anonymous login and using my Backup pool for a dataset for an anonymous login. The only thing that can be accessed is this directory, only.... this is a small pool and i want to keep it only for TimeMachine backups. I just want to use my big Data pool. Also i don't like the idea everybody can acces these files.
I tried removing all ACL's but i still can not use a dataset on the Data pool as a Home Directory, the FTP just disconnect after login.
So how can i grant an account acces via FTP and only on one dataset in my Data pool?

Super simple:
Alex may acces via ftp dataset Alex on my pool Data which is a Raidz2, but only this directory. And have full rights of this dataset.

As it is: I have a user Alex, i have a dataset which Alex has all right for on my pool 'Data' (so /mnt/Data/Alex is the Home Directory)
I have Local accounts accepted in my FTP service, service is running. Ales is a member of a group called Friends and Friends has also all rights on the Alex dataset.
Also unchecked 'Always Chroot' on the ftp service settings.

I can scratch my eyes out, i don't understand..... what am i doing wrong?

 

[ajschot]

Nobody here did this? and want to share how he/she fixed this?

 

[ajschot]

ok getting nowere :(

Probems are bigger and bigger i also don't 'see' sub-datasets of my pool 'Data' when trying to use duplicati.
Seems to be the sameproblem... when in shell i can ls the mounted drive, but the backup only 'sees' directories made in my pool but not sub dataset's and i already removed ALC's and tried to make other ALC's give everybody full access but nothing helps...
When adding my backup or VM pool everything works well.... it seems something stupid..... easiestbway is to delete the pool and start over again but i have 12TB of data in that pool which is onlhy backed up online somewhere but i did it with a desktop app in a other VM that uses the SMB share. But this way it would be much more sufficient and my data would be encrypted online.
Also tried rclone but this tool i could not get to work with google drive it keeps on failing authID that came back from Google

i know this is something else then my FTP but on some way everything seems to be messed up... anybody an idea please?

 

[irTwit]

In response to your first post. I was able to create an FTP account that had read/write access to only the desired dataset and its sub-datasets.

I don't know if everything is absolutely necessary but this is how I configured it. I am biased to the way I setup my pools with nobody/nogroup permissions.

1. In Accounts > Users. I created a new "alex" user.
   • Set the primary group to "ftp" and the aux groups to "nobody, nogroup".
   • Set the home directory path.
   • Checked all the Home Directory Permissions boxes.
   • Saved.
2. Edited the user again since FreeNAS will have changed the Home Directory path to include the username. As of FreeNAS-11.3-U3.1, due to a bug the save button is grayed out. A workaround is to change the username. You can change it back again by editing the user again after saving.
3. In Storage > Pools. I edited the ACL permissions of the dataset.
   • Set user to "nobody" and group to "nogroup".
   • For Default ACL Options selected "OPEN".
   • Checked Apply Permissions Recursively.
   • You can check Apply permissions to child datasets if wanted.
4. Enabled the FTP service.

 

[ajschot]

Thank you very much!

sorry i gve up on it just took a usb drive and connected it to my router, it ids slow but iot works.
i have not tried it with 11.3-u3.1 it is just that i did everything you wrote but i know what the problem is.... i have multiple datasets in my pool
i had to create a pool - 1 dataset - multiple sub datasets
it was never a problem before FreeNAS 11 on 9 and 10 it all worked fine, since FreeNAS 11.1 everything messed up, smb, afp, ftp, some jails...

I will try your methode for getting duplicati to work, it is so weird that i only see directories that are created by root but are not a dataset.
i tested with one of the datasets, until now ... no luck.
So maybe your methode will work and solve all problems....

this took me so much time and did not work that i gave up on ftp, even thinking to leave freenas and search for something else, i am getting every day angry when i am doing something. updating jails, installing jails making backups etc.
New update a lot of new bugs it is just crazy.... these updates since FreeNAS 11.1 are all nests with bugs, 'stable' is not the right word for it.

 

[ajschot]

well one problem solved... duplicati
iocage exec duplicati chown -R duplicati:duplicati /mnt/YOURVOLUME
did the trick

Edit: Did not work.... it just showed all datasets but when opening one nothing is shown everything but it does not backup any of the datasets in the mounted pool.

 

[ajschot]

In response to your first post. I was able to create an FTP account that had read/write access to only the desired dataset and its sub-datasets.

I don't know if everything is absolutely necessary but this is how I configured it. I am biased to the way I setup my pools with nobody/nogroup permissions.

1. In Accounts > Users. I created a new "alex" user.
   • Set the primary group to "ftp" and the aux groups to "nobody, nogroup".
   • Set the home directory path.
   • Checked all the Home Directory Permissions boxes.
   • Saved.
2. Edited the user again since FreeNAS will have changed the Home Directory path to include the username. As of FreeNAS-11.3-U3.1, due to a bug the save button is grayed out. A workaround is to change the username. You can change it back again by editing the user again after saving.
3. In Storage > Pools. I edited the ACL permissions of the dataset.
   • Set user to "nobody" and group to "nogroup".
   • For Default ACL Options selected "OPEN".
   • Checked Apply Permissions Recursively.
   • You can check Apply permissions to child datasets if wanted.
4. Enabled the FTP service.

Sorry tried this for FTP and still the same problem... i can not login.
getting in filezilla 530 Login incorrect

Just did all the steps created a user test, made it a member of ftp and aux nobody and nogroup
ALC chenged of the dataset Pro4 do nobody and no group and OPEN.

Still can't login in filezilla, only when i use wheel members to login