Warning when saving file from windows/mac/illustrator (file was modified)

Hi. I’m looking for help.

After much hesitation i upgraded from v9.10 to core 13.0U6.2.

Now there is a problem when I save the file in illustrator. Illustrator will display a message that the file has already been modified. But it certainly wasn’t and no one modified it before saving it. There was no problem with this on version 9.10.

Where did I go wrong?

illustrator samba warning

smb testparm -s:

        bind interfaces only = Yes
        disable spoolss = Yes
        dns proxy = No
        enable web service discovery = Yes
        interfaces =
        kernel change notify = No
        load printers = No
        logging = file
        map to guest = Bad User
        max log size = 5120
        netbios aliases = fileserver1
        nsupdate command = /usr/local/bin/samba-nsupdate -g
        registry shares = Yes
        server multi channel support = No
        server role = standalone server
        server string = fileserver
        unix extensions = No
        idmap config *: range = 90000001-100000000
        fruit:nfs_aces = No
        rpc_server:mdssvc = disabled
        rpc_daemon:mdssd = disabled
        idmap config * : backend = tdb
        directory name cache size = 0
        dos filemode = Yes

        access based share enum = Yes
        admin users = @smbadministrator
        case sensitive = No
        comment = work
        delete veto files = Yes
        ea support = No
        hide files = /~*/.windows/.zfs/
        kernel share modes = No
        path = /mnt/volume0/work
        posix locking = No
        read only = No
        smbd max xattr size = 2097152
        valid users = @work @smbadministrator
        veto files = /Thumbs.db/thumbs.db/*.exe/*.com/*.dll/*.bat/*.vbs/*.mp3/*.mp4/*.wmv/*.wma/
        vfs objects = aio_pthread zfs_space fruit streams_xattr recycle
        write list = @work @smbadministrator
        ixnas:dosattrib_xattr = true
        recycle:noversions = *.tmp,*.temp,*.bak*,.DS_Store
        recycle:exclude = *.tmp,*~,~*.*,*.temp,*.bak*,.DS_Store
        recycle:excludedir = /recycle,/tmp,/temp,/.*
        recycle:versions = yes
        recycle:keeptree = yes
        recycle:repository = .recycle
        fruit:resource = stream
        fruit:metadata = stream
        nfs4:chown = true

My system: supermicro, 64GB RAM, TrueNAS Core 13.0.U6.2, ZFS RAID-Z3

Remove or comment out all the auxiliary parameters, restart the SMB service and see if the issue goes away.

1 Like

i will test…and post result. maybe 3,…,5 days.

one note - as soon as I use the vfs module in auxiliary parameters in smb sharing, the settings in the GUI are automatically ignored (for example, recycle bin).

Can we see a screenshot of your ACL from the webUI for the dataset in question?

Hi, thx for time.

For now im in TEST stage, as awalkerix suggest. So i reset all setting to default in GUI, so no aux parameters.

now testing with this:

Before i use some samba share aux parameters for full_audit, recycle, users. And in share ACL was everyone read full.

After reset, for now, in TESTING, i dont get any warning from illustrator, but this warning was very sporadic and unpredictable. So i will test next 3…5 days.

So I had a similar issue again when upgrading from an older FreeNAS version and if I recall correctly it was the owner@ and/or group@ that were causing me issues. Perhaps try losing them and see what happens.

PS: I think I also had an issue with the share ACL and came to the conclusion that I should leave that as default.

1 Like

I think, that ACL share dont work. Only filesystem ACL work.

To clarify further your auxiliary parameters (vfs objects) will totally break ACL handling on the NAS. This is generally the reason why they are considered an unsupported configuration. Behavior is undefined from our standpoint.

1 Like

Ok. But how than solve, if i want “samba full audit” (loging samaba is normal for SOHO, or with ISO), or want deleted files move to another location in recycle bin (not .recycle/%U but only .recycle). Or want veto files…

Also, now i have reset share to default and i think, that ACL share dont work. Only filesystem ACL work.

maybe I’m misunderstanding but I thought ACL_share took precedence over ACL_filesystem, just like in windows.

Have “user1” and “user2” and they are in the group “users” and have dataset “volume0”.

The dataset “volume0” has the assigned user “smbadmin” with R/W and the group “users” with R/W (ACL_filesystem).

In the SMB shares setting, in ACL_share “user1” has only R and “user2” has R/W, but both have still R/W.

What are you trying to achieve with the share ACL? I use the default and don’t mess with it and assign permissions on the dataset.

Access based share enumeration and also some finetuning user/group permissions

This can be set in the share config without share ACL changes.

For example? Can’t you fine tune enough within the dataset ACL?

from manual:

Edit Share ACL

    This is separate from file system permissions, and applies at the level of the entire SMB share.
     Enabling Access Based Share Enumeration uses this ACL to determine the browse list.

Ah ok we are clearly managing permissions differently.

I don’t use access based share enumeration. I nest groups in Active Directory AD to get the desired affect. Each dataset / share I create I assign a ‘t’ traverse and a ‘m’ modify group. The ‘t’ group gets read access with no inheritance and the ‘m’ gets modify with inheritance. Then I make the ‘m’ group a member of the ‘t’ in AD and assign users to the ‘m’ group. If I need more granular permissions within the datasets on directories then I continue this process creating and assigning ‘t’ and ‘m’ groups making ‘m’ members of the parent ‘t’. This way when you assign a user to a group four levels deep they can traverse but can’t actually see the content until they reach their destination.

1 Like

I dont use Active Directory AD. :slight_smile: :handshake: :+1:

Appreciate that but you can do the same within TrueNAS using local groups and users.

Ah maybe not. Looks like groups can’t be members of other groups in TN :cry:

1 Like

Helped reset old settings imported from old freenas to default truenas core . Thx all for your time.