Tailscale Locked me out of

Apps and Virtualization
, , ,
1

Just finished building my first nas a little while ago and finally got all my data on it and I wanted to set up tailscale to access my data when im at work/school ect, after setting it up be skipping around a video I realized I was in a new folder created by tailscale, so I set the type to host path instead and set it to my main dataset, gave myself permissions and realized I no longer can connect to the server. I pannicked and uninstalled tailscale hoping it would solve it but it did not and wont let me change permissions on my files as it says it needs permission from the main dataset which also wont let me change permissions. any help would be greatly appreciated

(I posted this on reddit 3 weeks ago and Ive gotten zero help and I need the data I have stored on this machine asap)

Solutions I’ve tried:
Uninstall Tailscale
Reinstalling Tailscale
Restarting Server

2

Here is the provided error and log:

Error: path
Filesystem permissions on path /mnt/DataStore prevent access for user “Duckey” to the path /mnt/DataStore/share. This may be fixed by granting the aforementioned user execute permissions on the path: /mnt/DataStore.

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/middlewared/job.py”, line 515, in run
await self.future
File “/usr/lib/python3/dist-packages/middlewared/job.py”, line 562, in run_body
rv = await self.middleware.run_in_thread(self.method, *args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 627, in run_in_thread
return await self.run_in_executor(io_thread_pool_executor, method, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 624, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3.11/concurrent/futures/thread.py”, line 58, in run
result = self.fn(*self.args, **self.kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/api/base/decorator.py”, line 101, in wrapped
result = func(*args)
^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/plugins/filesystem/acl.py", line 805, in setacl
self.setacl_posix1e(job, current_acl, data)
File "/usr/lib/python3/dist-packages/middlewared/plugins/filesystem/acl.py", line 610, in setacl_posix1e
verrors.check()
File “/usr/lib/python3/dist-packages/middlewared/service_exception.py”, line 72, in check
raise self
middlewared.service_exception.ValidationErrors: [EINVAL] filesystem_acl.path: Filesystem permissions on path /mnt/DataStore prevent access for user “Duckey” to the path /mnt/DataStore/share. This may be fixed by granting the aforementioned user execute permissions on the path: /mnt/DataStore.

3

Please post output of the following commands:

  • sudo zfs get acltype DataStore
  • sudo ls -ld /mnt/DataStore
  • sudo nfs4xdr_getfacl /mnt/DataStore

And also please post what version you are using.

4

Since writing this post I’ve tried to strip the ACL which did work, but wouldn’t allow me to make a new ACL. For some reason the second command you sent didn’t work

  1. DataStore acltype posix local
  2. second command didnt work "invalid option – ‘d’ "
  3. Failed to get NFSv4 ACL
5

Sorry forgot to add the version.

TrueNAS Community Edition 25.04.2.4

6

For posix ACL the commands are different (second command still shoudn’t have worked).

With Posix ACL the command is just sudo getfacl /mnt/DataStore. But you can also see the ACL in the dataset GUI. Look at the bottom right while the root dataset (DataStore) is selected:

image
image452×356 4.09 KB

Did you store data on the root dataset directly?

7

Yes I did, It wont let me post an embed bc I just made my account but DataStore is owned by root and has the root group

8

If you can’t attach a screenshot, can you post output of this command:

  • sudo getfacl /mnt/DataStore

If you stored data directly on the root dataset you might want to plan a migration to store them in a child dataset instead.

9

file: mnt/DataStore
owner: root
group: root
user: :rwx
group: :- - -
other: : - - -

10

You need at least execute permission (x) in the other field. The normal permission for a root dataset is 0755 (rwx / rx / rx).

To set the normal permissions, use this:

sudo chmod 0755 /mnt/DataStore
1 Like
11

It worked thank you so much!

1 Like
12

Hi there,

I have the same issue that Bradyf.1230 had.

When I enter the sudo command into the shell the shared folders are accessible. But if I have a power outage or I restart the NAS I have to enter the command into the shell again.

Is there a way that I can avoid having to enter the command after every start up?

13

Please post all the information that was asked from the OP. We can’t see your setup or if you even have the same, exact problem.

1 Like
14

  • sudo zfs get acltype Storage
    NAME PROPERTY VALUE SOURCE
    Storage acltype posix local

  • sudo ls -ld /mnt/Storage
    drwxr-xr-x 6 root root 11 Mar 26 21:14 /mnt/Storage (After sudo chmod is entered to unlock)
    drwx------ 6 root root 11 Mar 26 21:14 /mnt/Storage (Before sudo chmod is entered to unlock)

  • sudo nfs4xdr_getfacl /mnt/Storage
    nfs4xdr_getfacl: Failed to get NFSv4 ACL

  • TrueNAS Community Edition 25.10.2.1

  • sudo getfacl /mnt/Storage
    getfacl: Removing leading ‘/’ from absolute path names
    file: mnt/Storage (After sudo chmod is entered to unlock)
    owner: root
    group: root
    user::rwx
    group::r-x
    other::r-x

    getfacl: Removing leading ‘/’ from absolute path names
    file: mnt/Storage (Before sudo chmod is entered to unlock)
    owner: root
    group: root
    user::rwx
    group::—
    other::—