Struggling with Permissions and SMB, it *was* working

MalVeauX

Contributor
Joined
Aug 6, 2020
Messages
110
Hey all,

I had setup my pool, datasets, shares, users and ACL and it was working great. No issues.

I tried to install a plex server. Tried to give it access to some shares in a jail and a user and all that. Too many work arounds. Stopped fooling with it. Removed it.

In the process I somehow broke the permissions on one of my data sets. I have several datasets and the others are totally fine still, accessible by all clients. But there's one dataset that is only accessible by my login now. Everytime I add another user to it and give permission it doesn't work. I have the ACL setup identically on this dataset as I do on my others at this point and they're working fine, but this one is not.

So I stripped the permissions of the dataset in question. Then I added one user as the owner of all of it back again, recursively and with all child datasets. Then I added another user with read access and did the same thing. My owner/user can still access this data set shared over SMB no problem. But the other user I added cannot (it's read only but should still access this). I've stripped it over and over and re-did permissions in ACL again and again. Each time I end up with a single working user (mine) and the second user I add doesn't work.

I'm confused. I know it's a permissions thing. But I can't figure out why I cannot get another user to see the dataset and access it.

Here's my Samba Shares. The "Movies" one is what broke. The rest are working fine, for both users I have in my ACL (one for super access, mine, and a public one for read only access, all the clients).

Sharebroke_02.jpg


Here's the data sets in the pool. The others are working fine. The "media" one there with movies, music and photography archive have all been broken in terms of permissions. I have stripped ACL on the entire Media data set. Re-did permission. I have access still. But the second user, in my case a public user with read only access, cannot access this folders (they can be seen in the network tab but cannot be accessed).

Sharebroke_01.jpg


All those data sets ACL are the same. There's two ACL items, one for a super user (mine) and one for a public (read only) user for the other clients on the network. The other data sets and shares with this setup work fine. It's only the "media" data set that is broken at this point and can only be accessed by my single super user account and not the public account. And yes, I did recursive and all that when I set the ACL and saved it on each item.

Sharebroke_04.jpg


When I look at permissions of this object over the network, with my super access user, I can access it fine with full control. I can see the security and I can see the second user setup in there (Public) and it has inheritance and all that and read access. Yet, any client using that login cannot access this particular share. They can access all those other ones no problem, set up the same way. But this one "media" is broken and so they cannot access the child ones, movies, pictures, music as they're not accessible to the public user despite it showing up in security and permissions here.

Sharebroke_03.jpg


Here is what the client side, using public user (username and password to access, its not guest/everyone/not open). They see the share. But cannot access them. They can access all of these except movies, photographs and music which are child data sets of "media" data set. The other data sets are accessible fine.

Sharebroke_05.jpg


So I'm at a loss.

I know its a permissions issue. Probably a Windows issue at the heart of it.

I have stripped the permissions/ACL off of the "media" data set and all child data sets. Then re-did permissions with recursive and all that and inherit on the users flags. My super user has full access again no problem and is the owner. But I cannot get my secondary user to get access no matter what I do.

Ideas?

Very best,
 

MalVeauX

Contributor
Joined
Aug 6, 2020
Messages
110
I got it to work again.

My god.

I stripped the ACL on the "media" dataset and applied recursively and to children datasets.
I then added a single user as the owner by user name and full access and applied it recursively and to all children datasets.
I then added the second user the same way, with read only access. I did NOT allow it to be recursively inherited.

And now the secondary one works as I wanted it to. It can see the shares and access the ones I want them to see. The inherited flag was the issue. Something between Windows permissions and the flags of inheritance in FreeNAS was the problem. When I gave full permission and inheritance it worked. But I didn't want full inheritance on the secondary user.

I'm now adding each folder I want the secondary login to see individually with security permissions in Windows.

Sigh.

Very best,
 
Top