SMB regression - or just me needing more coffee?

c77dk

Patron
Joined
Nov 27, 2019
Messages
467
Trying to setup SMB shares on 12-BETA1 I've run into some challenges with permissions.

Most likely this is me doing something wrong :smile:

Trying to change owners on a dataset from the webui doesn't seem to do anything, even with the checkboxes for user, group and recursive checked. If I end up changing them via CLI the webui show the new owner. ACLs get set - checked with getfacl.

The other thing I'm having challenges with is using groups for sharing.
I've ripped all my CDs to flac and my user have full permissions to the music dataset, but when I give my "sonos" group read permissions the users in that group can't access the share. The same thing happens if I change the primary group of my own user.

Since this server have been used for a lot of nightlies my guess is I need to reset something .... but can't figure out what. I don't remenber having the same issues with my 11.3.

Any clues where I should look ? or is what I see something others can reproduce?
 

arostad

Cadet
Joined
Dec 22, 2017
Messages
4
I've have the same problem! I even went as far as exporting my pools and starting over with a fresh install of TrueNAS-12.0-BETA.. I was beginning to think it was user error because I couldn't find anybody else with the same problem.
 

arostad

Cadet
Joined
Dec 22, 2017
Messages
4
I remember in pre-12.0 releases, when you would strip existing or apply new ACL's via the GUI, it would take some time after you hit apply and you definitely knew it was working because of how much disk activity was going on... now it instantly just says it's done and shows no signs of processing after that.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
I introduced a regression right before we cut 12.0-BETA1 while adding a feature to allow our support team to restore ACLs for files from snapshots (without restoring the actual snapshot). This will be fixed in BETA2.

The feature is pretty experimental, but it should be able to help bail-out admins who accidentally recursively change permissions on a production dataset as long as they have a snapshot.
 

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,176
@anodos, you are an endless well of cool SMB features
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
@anodos, you are an endless well of cool SMB features
Our users are an endless well of sticky problems ;)

Seriously though, the FreeNAS/TrueNAS community provides a tremendous amount of help in identifying issues that go beyond simple bugs. Being able to interact with real-life problems and usage patterns is invaluable,
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
@anodos, you are an endless well of cool SMB features
Originally, I was planning to add NFSv4 ACL support to mtree, but after some thought I decided on ZFS snapshots, path manipulation, and fts(3). The pieces were all just lying around. :)

High level concept is pretty simple:
- only work on one dataset at a time
- have user provide snapshot path (I didn't want to add libzfs as a dependency, and middleware already has access to this info)
- build fts tree from filesystem path you want to fix (for instance "/mnt/tank/share")
- walk fts tree checking the snapshot for the fts entries.
If it's there, grab the ACL from the snapshot version and write it to the file.
If the file isn't there, walk back through the fts entry's parents until you get an item that's in the snapshot, calculate an _inherited_ ACL from its ACL, and then apply it to the file.
- make the above fast
 
Top