Broken permissions after migration from Core to Scale

Hello,
I just performed a clean install of latest stable TrueNas Scale and imported my pool from previous TrueNas Core installation. I got permissions problem when trying to update ACLs (trying to add group family permissions to modify and apply recursively) for the datasets:

[EPERM] Filesystem permissions on path /mnt/tank/main prevent access for user "admin" to the path /mnt/tank/main/common. This may be fixed by granting the aforementioned user execute permissions on the path: /mnt/tank/main.

The output of stat:

admin@truenas[~]$ stat /mnt/tank/main/   
  File: /mnt/tank/main/
  Size: 4               Blocks: 1          IO Block: 512    directory
Device: 0,66    Inode: 4           Links: 4
Access: (0700/drwx------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-04-26 08:33:42.374542370 -0700
Modify: 2024-04-26 07:32:07.655152691 -0700
Change: 2024-04-26 08:46:07.786505126 -0700
 Birth: 2020-02-08 11:45:11.656375647 -0800

When trying to chmod 751 i get:

admin@truenas[~]$ sudo chmod 751 /mnt/tank/main
chmod: changing permissions of '/mnt/tank/main': Operation not permitted

What have I done wrong? And how should I proceed in order to add a group rights to modify files inside?

Many thanks.

We notify of broken permissions better in SCALE (your permissions were broken in Core apparently). You can’t chmod because an ACL is present. Just use the UI-based ACL editor to add the required entry.

I tried that first, but I got the mentioned error…

image906×548 25.4 KB

You are still granting permissions to admin by virtue of it being the owner of the dataset.

The crux of the problem is that you have configured permissions on /mnt/tank/main such that there is no possible way for admin to access any data at all in /mnt/tank/main/common, but you are trying to provide access via the ACL for /mnt/tank/main/common this is clearly a mistake and requires some feedback to user so that they can fix permissions. Hence, a validation error is raised.

Ah yes, I am dumb. Now it works, thanks very much for pointing me in the right direction.

Running into a similar situation here.

Trying to make a file executable and no matter what I can’t get it to change even when the share ACL filesystem has user accounts that have full control.

Welcome to TrueNAS

Warning: the supported mechanisms for making configuration changes
are the TrueNAS WebUI, CLI, and API exclusively. ALL OTHERS ARE
NOT SUPPORTED AND WILL RESULT IN UNDEFINED BEHAVIOR AND MAY
RESULT IN SYSTEM FAILURE.

root@truenas[~]# cd /mnt/'System Storage'/Shared/Scripts
root@truenas[/mnt/System Storage/Shared/Scripts]# chmod +x UGREENLED.sh
chmod: changing permissions of 'UGREENLED.sh': Operation not permitted
root@truenas[/mnt/System Storage/Shared/Scripts]# sudo chmod +x UGREENLED.sh
chmod: changing permissions of 'UGREENLED.sh': Operation not permitted
root@truenas[/mnt/System Storage/Shared/Scripts]#

Chmod isn’t permitted if ACL is non-trivial and aclmode is RESTRICTED. This is expected behavior to prevent ham-fisted breaking of permissions via chmod. If you want some user to have exectue permissions on a script inside the given path then you’ll need to modify the ACL to grant that.

Additionally, datasets have an “exec” property which needs to be enabled for executables to be run.

IMG_20091170×700 54.3 KB

Thank you for your help!