I did get a chance to do some experimenting this morning, and can confirm that is it doing the following:
Using the web interface and connecting to >_ Shell
if I su username and touch a file inside this shared folder controller - I get the following:
root@truenas[…Pool/datastore/storage/controller]# su josie
$ touch testfile2.txt
$ ls -la testfile2.txt
-rwxrwx—+ 1 josie controller 0 Sep 30 10:22 testfile2.txt
$
So I see the + and rwx for both owner and group in permissions indicating that it must be using ACL permissions for this type of access (shell) I think.
If I use windows explorer from a windows 10 computer (connecting to the share via \ipaddress\controller) and getting prompted to login, I logged in as the same user, I get:
$ ls -la testfile2smb.txt
-rw-r–r-- 1 josie controller 0 Sep 30 10:23 testfile2smb.txt
$
No + and rw- for owner josie r-- for group and r-- for other - so not using ACL for SMB - again I think.
Checking the web interface Storage\Pools\Edit Dataset (for controller) I do see that the ACL mode is set to Passthrough
Still not sure of the cleanest - proper way to resolve this issue:
-
Modify the users involved and give them a Home folder so I can set a umask for each? If so, can that be done with the web interface? or should I get into the shell and follow some FreeBSD guidance on user management to add a home folder for each and then set a umask file to 002.
-
Modify the share ACL via the web Interface Sharing / Windows Share SMB / Edit Share ACL OR Edit File Server ACL or Both - not really sure what am I supposed to change in there to make it work as expected when its already got
file: controller
owner: kevin
group: controller
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow
for Group and Owner
-
Create a new dataset / share - I could follow the steps given by winnielinnie
TrueNAS MVP above and then move the data, and then recreate the connections for each desktop needing access to the new share.
-
something completely different that I have not come across as of yet
I totally see that I am starting to sound like a "you make my ship go " kinda dork - and I really thought I had researched and found the direction I needed to go with the umask solution, it could quite possibly be that I am using a tank to swat at fly and I should move to a simpler NAS solution as well when these iXSystems boxes start to falter - I did not foresee this use case when I removed the windows file server and AD domain as we had not done anything like this in the past 10 years. I really must be missing something as it seems to me that this should be simpler than its turning out to be.
Any suggestions of the correct approach to take are much appreciated.
I think I can also deduce that this share was originally created as a Generic share rather than an SMB share - (I am basing this on rebuilding the setup I have going on a test mini NAS server and I can see my case sensativity is sensative rather than insensative as it would be if I had chosen SMB - even if it cannot be changed, be nice if the original share type was greyed out).