SOLVED Unable to edit specific users via the GUI / Save button inactive

[thepixelgeek]

I recently discovered that I'm unable to edit users that I've created for various jails. As you can see in the image below, the save button is inactive.

I tried changing different parameters but the button never activates.

Another aspect of my question is how do I give a new user permission to run commands or scripts?

 

[Samuel Tai]

This bug NAS-106175 was fixed in 11.3-U3.2, according to the release notes.

 

[thepixelgeek]

@Samuel Tai Updated to 3.2, and save is active.

Is it possible to give my user (pixelgeek) root-like permission so that the user can run a command/script? I want to run a cron job but am getting "permission denied". I use this user to see files via SMB share and can't see files that are created by root.

 

[Samuel Tai]

The only way I know to do this is to add the account to the wheel group.

 

[thepixelgeek]

Ok. I added the user to the wheel group. It doesn't appear to be working after running another cron job. I assumed it would be automatic but maybe something else is needed?

Cron job user is pixelgeek.

 

[Samuel Tai]

It's because files created by root in the SMB share don't automatically inherit the ACLs of the share. For example, my SMB home directory has HOME ACL restrictions, so everything is Full Control only for my account, and no rights for my account group or anyone else.

Code:

root@raven:/mnt/main/home/windows/samuel # ls -l
total 96
drwx------+  3 samuel  samuel   3 May 25 11:07 .recycle/
drwx------+  6 samuel  samuel   6 Jul 16  2019 Cool Stuff/
drwx------+  4 samuel  samuel   7 Apr  4  2019 Fun Stuff/
drwx------+  8 samuel  samuel  27 Jun 25 14:18 Personal Stuff/
drwx------+ 10 samuel  samuel  19 Apr  7 19:39 Settings to Save/
drwx------+ 13 samuel  samuel  14 May 31 22:48 Windows 64-bit Drivers/

As root, I created a file here via touch foo. This creates an empty file with these permissions:

Code:

root@raven:/mnt/main/home/windows/samuel # ls -l
total 96
drwx------+  3 samuel  samuel   3 May 25 11:07 .recycle/
drwx------+  6 samuel  samuel   6 Jul 16  2019 Cool Stuff/
-rw-r--r--   1 root    samuel   0 Jun 27 08:17 foo
drwx------+  4 samuel  samuel   7 Apr  4  2019 Fun Stuff/
drwx------+  8 samuel  samuel  27 Jun 25 14:18 Personal Stuff/
drwx------+ 10 samuel  samuel  19 Apr  7 19:39 Settings to Save/
drwx------+ 13 samuel  samuel  14 May 31 22:48 Windows 64-bit Drivers/

You'll have to run a cron job as root to fix the ownership and permissions. To add the missing ACL, you'll need to copy the ACL from an existing file via getfacl file1 | setfacl -b -n -M - file2, as stated in the FreeBSD man page for setfacl. Even then, you'll need to check after the ACL copy if additional default settings need to be removed. For example, after copying the ACL, which has these settings:

Code:

root@raven:/mnt/main/home/windows/samuel # getfacl file1
# file: file1
# owner: samuel
# group: samuel
            owner@:rwxpDdaARWcCos:------I:allow
         everyone@:--------------:------I:allow

foo ends up with

Code:

# file: foo
# owner: samuel
# group: samuel
            owner@:rwxpDdaARWcCos:------I:allow
            group@:------a-R-c--s:-------:allow
         everyone@:--------------:------I:allow

So I have to whack the group ACL with setfacl -x1 foo (remove line 1; ACL lines are numbered starting from 0).