Project

General

Profile

Bug #76557

SMB shares with unix perms - UI "default perms" option only seen in advanced mode and ACL not restored if switch share type from Windows to Unix.

Added by Chris Burge over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
No priority
Assignee:
Release Council
Category:
GUI (new)
Target version:
Seen in:
Severity:
New
Reason for Closing:
Behaves as Intended
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

End users wanting to keep UNIX perms on a SMB shared dataset may not see the important "default permissions" checkbox unless the "advanced mode" button is pressed when creating/editing a Windows share.

The "default permssions" checkbox is auto set to on, meaning the dataset share type previously selected as "UNIX" is then set to "WINDOWS", reverting the unwary end user's choice. if the end user then resets the dataset share type back to "UNIX" the underlying ACL on the dataset is NOT correctly re-set.

See this forum post: https://forums.freenas.org/threads/11-2-u2-changes-how-smb-unix-share-permissions-work.73943/page-2#post-513109

Please place the "default permissions" checkbox on the basic page, as was in the old UI.

History

#1 Updated by Andrew Walker over 1 year ago

if the end user then resets the dataset share type back to "UNIX" the underlying ACL on the dataset is NOT correctly re-set.

We actually do the right thing here. His example:

[chris@freenas /mnt/NasPool]$ getfacl winshare
# file: winshare
# owner: chris
# group: chris
            owner@:rwxpDdaARWcCos:fd-----:allow
            group@:rwxpDdaARWcCos:fd-----:allow
         everyone@:r-x---a-R-c---:fd-----:allow

Then performs chmod -R 755 on the directory and gets this:
# file: winshare
# owner: chris
# group: chris
            owner@:rwxpDdaARWcCos:fdi----:allow
            group@:rwxpDdaARWcCos:fdi----:allow
         everyone@:r-x---a-R-c---:fdi----:allow
            owner@:rwxp--aARWcCos:-------:allow
            group@:r-x---a-R-c--s:-------:allow
         everyone@:r-x---a-R-c--s:-------:allow
[chris@freenas /mnt/NasPool]$

It looks funny, but the i indicates that the extended ACEs are "inherit only" and not applied to the current file. The mode for the file has been correctly set per chmod. The advantage of doing things this way is that "chmod" isn't erasing the extended ACL. The old behavior he describes is wrong.

What we actually need is a GUI ACL editor.

#2 Updated by Dru Lavigne over 1 year ago

  • Status changed from Unscreened to Closed
  • Target version changed from Backlog to N/A
  • Reason for Closing set to Behaves as Intended

Also available in: Atom PDF