SMB permission help

[afya]

Code:

root@freenas[~]# ls -l /mnt/WDHDD/
total 1-rwxrwx---+ 1 root    wheel     0 Dec  5 23:00 .windows
drwxrwx---+ 3 nobody  SMBGroup  4 Dec  5 22:40 Home
root@freenas[~]# ls -l /mnt/WDHDD/Home
total 1
-rwxrwx---+ 1 nobody  SMBGroup  0 Dec  5 02:04 .windows
drwxrwx---+ 2 nobody  SMBGroup  3 Dec  5 22:40 Home
root@freenas[~]# ls -l /mnt/WDHDD/Home/Home
total 1
-rwxrwx---+ 1 nobody  SMBGroup  0 Dec  5 22:40 .windows

I'm trying to share the dataset /mnt/WDHDD/Home/Home as \\NAS\Home.
The above permission doesn't give SMBGroup user access unless I grant it the top level group permission.

Code:

root@freenas[~]# ls -l /mnt/WDHDD/
total 1-rwxrwx---+ 1 root    SMBGroup  0 Dec  5 23:00 .windows

Is this behavior intentional?
I want to make other datasets & share /mnt/WDHDD/Backup and /mnt/WDHDD/LinuxBackup, with their own users. If they all require top pool level permission @ /mnt/WDHDD to access lower levels. Then I would have to put them all in a top level group?

Sorry if I sound noobish in permissions. I can further explain my question if there are any confusing parts.

 

[anodos]

Code:

root@freenas[~]# ls -l /mnt/WDHDD/
total 1-rwxrwx---+ 1 root    wheel     0 Dec  5 23:00 .windows
drwxrwx---+ 3 nobody  SMBGroup  4 Dec  5 22:40 Home
root@freenas[~]# ls -l /mnt/WDHDD/Home
total 1
-rwxrwx---+ 1 nobody  SMBGroup  0 Dec  5 02:04 .windows
drwxrwx---+ 2 nobody  SMBGroup  3 Dec  5 22:40 Home
root@freenas[~]# ls -l /mnt/WDHDD/Home/Home
total 1
-rwxrwx---+ 1 nobody  SMBGroup  0 Dec  5 22:40 .windows

I'm trying to share the dataset /mnt/WDHDD/Home/Home as \\NAS\Home.
The above permission doesn't give SMBGroup user access unless I grant it the top level group permission.

Code:

root@freenas[~]# ls -l /mnt/WDHDD/
total 1-rwxrwx---+ 1 root    SMBGroup  0 Dec  5 23:00 .windows

Is this behavior intentional?
I want to make other datasets & share /mnt/WDHDD/Backup and /mnt/WDHDD/LinuxBackup, with their own users. If they all require top pool level permission @ /mnt/WDHDD to access lower levels. Then I would have to put them all in a top level group?

Sorry if I sound noobish in permissions. I can further explain my question if there are any confusing parts.

This is intended behavior. In Unix, execute permissions are required to traverse directories. See "known impacts" here: https://www.ixsystems.com/blog/library/freenas-11-2-u6/

 

[anodos]

In FreeNAS 11.3 we will no longer permit users to make changes to permissions on top-level datasets (i.e. /mnt/WDHDD) to prevent these sorts of issues.

 

[afya]

In FreeNAS 11.3 we will no longer permit users to make changes to permissions on top-level datasets (i.e. /mnt/WDHDD) to prevent these sorts of issues.

Wouldn't that require every sub-dataset user to be in the wheel group for it to work?

Or is everything supposed to be managed by a single "admin" user, and add sub-dataset users in Windows explorer (or smbcacls from what I read in your other thread)? I wouldn't even need to touch the subdataset permission in Freenas from what I understand, because that alone wouldn't give the individual user permission to traverse into the sub-dataset.

 

[anodos]

Wouldn't that require every sub-dataset user to be in the wheel group for it to work?

No. Everyone can traverse because the default permissions for that dataset are 755.

 

[afya]

No. Everyone can traverse because the default permissions for that dataset are 755.

Understand. Mine probably got changed to 770 when I first SMB share the top level. Then when I turn that off and do the lower levels it doesn't work as its supposed to. Thank you for your help.