winacl documentation

[kam270]

Hi where can I get the full detailed information about the command winacl. I need to use it to fix some CIFS shares.


Thanks

Dan

 

[cyberjock]

Google "freebsd manpage winacl".

That's about all you're going to find. ;)

 

[kam270]

Google "freebsd manpage winacl".

That's about all you're going to find. ;)

Tried that already : " Sorry, no data found for `winacl'." I didnt mention Id already did that search out of politness for the lack of documentation.

 

[kam270]

All i get from typing the command is :


winacl
Usage: winacl [OPTIONS] ...
Where option is:
-a <add|update|remove|reset> # action to perform
-o <owner permission> # owner ACL entry
-g <group permission> # group ACL entry
-e <everyone permission> # everyone ACL entry
-O <owner> # change owner
-G <group> # change group
-p <path> # path to set
-i <index> # Index
-f # only set files
-d # only set directories
-r # recursive
-v # verbose
-x # remove DOSATTRIB EA


Bur I get the error :
# winacl -a remove -p Untitled\ Folder/
winacl: remove specified without index

Anybody know how to use this command ?

 

[kam270]

Im having to read the code for it on github. Great !

https://github.com/valdo404/freenas/blob/master/gui/tools/winacl.sh

 

[cyberjock]

Haha.. you're right. Too many "acl" programs.

You don't want winacl. That's a custom thing to iX and isn't meant for users to use. You want to look at "setacl" and "getacl". :D

Googling "freebsd manpage setacl" yields more useful results.

 

[kam270]

Haha.. you're right. Too many "acl" programs.

You don't want winacl. That's a custom thing to iX and isn't meant for users to use. You want to look at "setacl" and "getacl". :D

Googling "freebsd manpage setacl" yields more useful results.

Are you sure , it is in the errata as a way to restore broken ACLs : 'If you already destroyed the ACLs using chmod, winacl can be used to fix them. Type winacl from Shell for usage instructions. ' - http://doc.freenas.org/index.php/9.2.1.7_ERRATA

 

[cyberjock]

Actually, I think that is in error. But I'll ask iX's permissions dev. I will tell you that my permissions guide that is in the works doesn't mention winacl anywhere. ;)

 

[kam270]

Can you explain why when clicking on "Apply Default Permissions" results in executable permissions when in the errata it states it should only provide " read/write for owner/group"

"sets the ACLs to allow read/write for owner/group and read-only for others; should only be unchecked when creating a share on a system that already has custom ACLs set" - http://doc.freenas.org/index.php/9.2.1.7_ERRATA

And also why the ACLs it sets do not get revoked when unticking that checkbox ??

 

[cyberjock]

You should probably jump into IRC with these questions.. they aren't straightfoward. But the short answers are:

1. This may not be true. For example, the "apply execute permissions" makes everything appear to have execute permissions, even if it doesn't.

2. There is no log of permissions, they are a one-and-done situation. So unchecking the box just means when you save the changes in that window it won't try to overwrite the permissions.

 

[panz]

Permissions: the word says it all. Nobody ever took care of redefining all this matter, because "r, w and x are all we need".

First time you try Windows' permissions you say "this OS is pure sh??, but it has a great permission scheme" :)

 

[bluonek]

Are you sure , it is in the errata as a way to restore broken ACLs : 'If you already destroyed the ACLs using chmod, winacl can be used to fix them. Type winacl from Shell for usage instructions. ' - http://doc.freenas.org/index.php/9.2.1.7_ERRATA

Sorry to necro, but I got here from a google search so this thread still seems relevant (was for me... today, literally) - trust what cyberjock is saying, not just because he knows what he's talking about, but also because winacl is a wrapper around setfacl. The guide really should be updated btw, it still says to use winacl for some reason which certainly threw me for a loop thinking this was really the only way to "fix" "changes made with chmod on version 9.3.

btw this command works great for recursive updates (modify as needed, please google setfacl for more details):
find . | setfacl -m owner@:modify_set:allow
find . | setfacl -m group@:modify_set:allow

The "modify_set" part is a package of acl's that grant ability to the owner or group to modify the contents (file and directory).

Hope this helps someone until cyberjock gets that (greatly needed) permissions guide vetted out. =)

 

[kam270]

Sorry to necro, but I got here from a google search so this thread still seems relevant (was for me... today, literally) - trust what cyberjock is saying, not just because he knows what he's talking about, but also because winacl is a wrapper around setfacl. The guide really should be updated btw, it still says to use winacl for some reason which certainly threw me for a loop thinking this was really the only way to "fix" "changes made with chmod on version 9.3.

btw this command works great for recursive updates (modify as needed, please google setfacl for more details):
find . | setfacl -m owner@:modify_set:allow
find . | setfacl -m group@:modify_set:allow

The "modify_set" part is a package of acl's that grant ability to the owner or group to modify the contents (file and directory).

Hope this helps someone until cyberjock gets that (greatly needed) permissions guide vetted out. =)

I ended up copying to a new folder. That fixed the permissions.

 

[guttural]

Could somebody please explain what to do exactly to fix this? I am on the machine as root via SSH and have tried to fix the broken ACL/reset the ACL/set the owner to a valid user and group to make it accessible again.
I have tried

Code:

winacl -a remove -p /mnt/NAS1/NAS1

and

Code:

winacl -a remove -p /mnt/NAS1/NAS1

.
I'm a noob and I don't want to try more to not break more. Halp.

 

[anodos]

Could somebody please explain what to do exactly to fix this? I am on the machine as root via SSH and have tried to fix the broken ACL/reset the ACL/set the owner to a valid user and group to make it accessible again.
I have tried

Code:

winacl -a remove -p /mnt/NAS1/NAS1

and

Code:

winacl -a remove -p /mnt/NAS1/NAS1

.
I'm a noob and I don't want to try more to not break more. Halp.

What version of FreeNAS is this? winacl is an internal tool and it periodically changes. If you're in 11.3, use the webui to change ACLs.

 

[guttural]

I have version FreeNAS-11.3-U2 and my option to change the ACL is greyed out, too (as with OP). I gathered from this thread that setfacl would be how to do it? The original owner was root and group was wheel and I changed that because I had no clue.

 

[anodos]

I have version FreeNAS-11.3-U2 and my option to change the ACL is greyed out, too (as with OP). I gathered from this thread that setfacl would be how to do it? The original owner was root and group was wheel and I changed that because I had no clue.

What are you trying to accomplish? What's the output of "getfacl /mnt/<pool>?"

 

[guttural]

I just want to be able to edit the ACL again (I messed up and changed the permissions to root and wheel in the GUI and want to change it back now). The option is greyed out at the moment:

This is the output of getfacl <path>:

Code:

root@freenas:~ # getfacl /mnt/NAS1/NAS1
# file: /mnt/NAS1/NAS1
# owner: root
# group: wheel
            owner@:rwxpDdaARWcCos:fd-----:allow
            group@:rwxpDdaARWcCos:fd-----:allow
           user:al:rwxpDdaARWcCos:fd-----:allow
         everyone@:--------------:fd-----:allow

 

[anodos]

Okay. So /mnt/NAS1/NAS1 is a directory? If it's an SMB share you should be able to use the "edit ACL" button in the share menu.

 

[guttural]

This is my samba share:

And this is my pool that I was editing (on the NAS1 level) in the GUI:

The edit ACL button worked until I saved the ACL with user root as owner and group wheel.