Questions about SMB Share

Monkey_Demon · Jul 15, 2020

From MacOS 10.14.6 (Mojave), I'm able to access my FreeNAS 11.3-U3.2 WebDAV share without problem: read, write, & create subdirectories. I use this all the time, so I want to keep it connected.

But on the same FreeNAS system I have a SMB share, Media. From the Mac, I can navigate to it and its children. But even though I set Media's ACL to allow inheritance, I had to go to child datasets and manually change the ACL permissions to BASIC w/ FULL CONTROL before I could create directories or write files in the child datasets.

Question 1: Is there an easier way? There are several child datasets, and I'd like to set all their ACL permissions at once to be identical.

In addition, one of the main reasons why I'm tackling this now is that I'm running into my ISP's storage limits. So I want to save EML messages from Thunderbird running on the Mac to <my server>/<my username>/Saved Messages. But even though I can get to the Saved Messages folder with write permission using Finder, Thunderbird seems to hang when I choose "Save Selected Messages" -> EML and navigate to the Saved Messages folder. It seems not to see the share at all and just hangs with "Connecting ..."

Question 2: Any idea what the problem could be?

anodos · Jul 15, 2020

Monkey_Demon said:
From MacOS 10.14.6 (Mojave), I'm able to access my FreeNAS 11.3-U3.2 WebDAV share without problem: read, write, & create subdirectories. I use this all the time, so I want to keep it connected.

But on the same FreeNAS system I have a SMB share, Media. From the Mac, I can navigate to it and its children. But even though I set Media's ACL to allow inheritance, I had to go to child datasets and manually change the ACL permissions to BASIC w/ FULL CONTROL before I could create directories or write files in the child datasets.

Question 1: Is there an easier way? There are several child datasets, and I'd like to set all their ACL permissions at once to be identical.

Unlike newly-created files / directories, datasets do not inherit permissions from their parent. You can think of it like creating a new filesystem and then mounting it under that path. The process of mounting does not (for good reason) affect the permissions of the filesystem being mounted. That said I'll file a GUI enhancement request to give a dialog box on child datasets to pre-populate with the parent's ACL.

edit:

https://jira.ixsystems.com/browse/NAS-106814

Monkey_Demon · Jul 15, 2020

anodos said:
Unlike newly-created files / directories, datasets do not inherit permissions from their parent. You can think of it like creating a new filesystem and then mounting it under that path. The process of mounting does not (for good reason) affect the permissions of the filesystem being mounted. That said I'll file a GUI enhancement request to give a dialog box on child datasets to pre-populate with the parent's ACL.

edit:

https://jira.ixsystems.com/browse/NAS-106814

Thanks. This is very helpful.

Two thoughts:

Especially for those of us coming to FreeNAS from "regular" *nix systems (and, I suppose, *doze systems), datasets and ACL are a bit of a mystic art. This makes the "Inherit" boxes in the ACL Edit dialogue a bit misleading. I take it from your answer that these boxes apply to child directories and files only, and not to child datasets. Perhaps putting emphasizing this, in the User's Guide and in the dialog windows, would help bozos like me avoid making such bonehead mistakes.
Your answer also raises an interesting, and perhaps serious, question. I have a dataset, "Media," that's also a SMB Share. Below it there currently are several child datasets: Movies, Music, Videos, etc. My intent is to use them pretty much the same way: all family members, plex, and I will be able to read everything in them, but only administrators (currently "user" plex and myself) can write or delete files and directories in them. To accomplish this, I created a group, "media," to which users "Plex" and I belong. I set the ACL to give the media group write access to the datasets. But is this the best way? Should datasets like Movies, Music, Videos, etc. be directories instead? What are the pros and cons each of these two approaches?

anodos · Jul 15, 2020

Monkey_Demon said:
Thanks. This is very helpful.

Two thoughts:

Especially for those of us coming to FreeNAS from "regular" *nix systems (and, I suppose, *doze systems), datasets and ACL are a bit of a mystic art. This makes the "Inherit" boxes in the ACL Edit dialogue a bit misleading. I take it from your answer that these boxes apply to child directories and files only, and not to child datasets.

It's better to think of the ACL editor as a tool for modifying the current permissions that are on your server. If you have nested child datasets and you check the box to apply the changes to them, then we will recursively change permissions in those datasets as well as the one you have selected. The inheritance flags determine the ACL the is generated for new files (and directories) at creation time. When files are created the kernel calculates an inherited ACL based on the ACL of the directory where the file is located.

The behavior with regard to new datasets isn't too outlandish. I believe Windows does the same thing if you create a new volume and choose to mount it under an existing path.

Important Announcement for the TrueNAS Community.

Questions about SMB Share

Monkey_Demon

Explorer

anodos

Sambassador

Monkey_Demon

Explorer

anodos

Sambassador

Similar threads