Hi,
Below I know is an permission issue, but I cannot get my head around what may be the issue. Truenas user 1 ,full control user, cannot see all files via SMB, but via shell it works
Post migration of files using rsync and replication and dataset rearrangement, I discovered that users, 1 “full control”, could not see all files via SMB, beyond /Home/data/ , on dataset “Home” but they were shown in the app filebrowser.
After some investigation i noted the permissions was different “data” nfsv4 vs “Home” posix, I disabled SMB and converted posix dataset to nfsv4, and matched users and permissions to “data”, enabled SMB and problem was solved, or so I thought.
Today I discovered that files created by user “2” (Modify) on “data” is shown in filebrowser app, but not for user 1, via SMB.
However, when files are moved via filebrowser they are seen again by user 1.
However, again, if filebrowser create a folder in /Home/download, user 1 cannot see the file in SMB, but 1 can see folder via shell.
And I noted just now the user 2 had not been migrated when switching to NFSv4 but still created folder/files on to the share via transmission from another desktop.
I am a newbie myself so please take anything I say here with a huge grain of salt because I am far from being an expert.
I have found that it is very easy for permission issues to result in very unexpected behavior particularly when you mix in the effects of dataset ACLs, app users/groups and their settings for making changes in files, plus SMB shares on top of that, so I can clearly relate.
A few lessons i learned the hard way are:
(1) regardless of dataset / SMB ACL settings, if the individual file/folders have the wrong permissions at the os level, the users will not be able to see the files.
(2) apps can easily change those permissions unexpectedly depending on the settings
Personally I have not used the filebrowser app so I don’t know how it works. However, from what you are saying sounds like filebrowser may be applying user 2 ownership to the files, and perhaps giving them no read privileges to “all” in which case user 1 will not see those specific files regardless of whether they have full control for the dataset and the SMB share.
I would start by checking with ls -l command via the shell exactly what the owner, group and permissions are for the files in question and see what that shows which may provide some insight into what’s happening. If you are seeing certain changes after making modifications or moves in filebrowser then check ls -l before and after to see the effects.
I have also found that when things are really strange, wiping all the ACLs, even moving all the datasets involved to only POSIX, and checking that all the ownerships give at least read access to all (and execute to the directories) allows for a fresh starting point to what actions introduce the problems (of course this assumes that you are not currently exposing the shares to users you don’t want accessing the files).
Sometimes I have found nfsv4 adds additional complexity without value for the particular requirement. If you don’t have a need for the fine-grained access control (and especially if you aren’t going to be modifying security from Windows clients) posix with no ACLs may be a simpler, more trouble-free option. I am sure there are downsides that I am not fully aware of, so again don’t only take my word for it.
Thanks for a well written response.
I ended up with NFSv4 due to other recommendations that it would be a more strait forward option than Postix, simultaneously wiped ACLs to start fresh, subsequently forgot to add user 2 access to “data”.
I can change the setup, as long I avoid creating new datasheets, it was a hassle to move 15TB of data between datasheets.
Todays fault search began with me creating folders with respective interface i.e.
/filebrowser in filebrowser, I use smb as mount points for the folders with user 1 cred.
/Fedora on workstation, via smb with user 1
/download on Rasp pi unit, via smb user 2
Result, via shell truenas_admin;
/filebrowser SHOWN user 1
/Fedora NOT SHOWN, via smb with user 1
/download SHOWN, via smb user 2
In addition I downloaded a file via Rasp pi, user 2 which is shown in filebrowser but not in Fedora smb user 1.
In another test, there are 2 datasets, one previously mentioned /Home/data and another /Home/main…fuck
Hahaha… Scratch everything Ive written and must give my biggest apology.
As i did the final test i noted that I have 2 “data”, 1 dataset and 1 folder from the migration.
The dataset “data” was still functioning with all apps and other workstations.
The folder “data” was a migrated part which Fedora still mounted as download.
AND I GOT THEM MIXED UP…
Does that mean everything is working fine now?
Yes, the “issue” was discovered, and the single cell organism behind the keyboard edited fstab on the workstation to mount the correct dataset.
So in all it was not an issue
