FreeNAS Share Permissions Issues

Computer Hardware & Server Infrastructure Builds
1

Hi all,

My FreeNAS system has been working great for many months. Recently my permissions have been doing some funky things for one of my datasets within my pool.

I’ll give a little background about my system:

  • I have 4 12TB HGST HDDs in a ZFS RAID-z2.
  • I created 1 encrypted pool with these disks which has 4 main dataset branches (Backups, Games, Media and Misc)
  • I share my Media dataset to a number of machines (fedora server box running Plex, Windows 7 box running Deluge, and my main windows 10 PC) using SMB and have set up the permissions accordingly.
  • The other datasets are also shared using SMB but I have only really set up permissions for my main Win10 box to access them
  • The permissions to all of the shares are set up using Unix ACLs

Issue:
What has been occurring recently is that all the machines (except for 1 which is seems to be randomly selected) which have access to my Media dataset will all of a sudden lose access to the share. When I try to access it I get a permission error. There seems to be no rhyme or reason for this occurring. A restart of the FreeNAS box will fix it, but becomes rather annoying when I’m at work and the wife or kids can’t watch Plex because after the reboot I need to input the encryption key.

It happens often enough that my wife is almost able to do it without my help - but unfortunately it doesn’t actually fix the issue as it is just a bandaid solution.

I always still have access to the other dataset shares so seems weird to me that it would only effect the one Media share.

My workaround:
Since I can’t work out what the issue actually is, I have been thinking that to get around this I would like to set up a new pool for the Media dataset and remove the encryption. That way, if the system needs to reboot the wife and kids will at least be able access Plex without my intervention. I am getting the feeling though that this isn’t possible.

Does anyone know of any possible solutions to either of these issues?

P.S. Apologies for the long-winded question but was hoping to provide enough information in 1 hit.
P.P.S. If you need any further information, I would be happy to provide it.

2

Since the issues are with Permissions largely, could you elaborate on how those are set up, or how they’re ‘supposed’ to be set up?

The separate pool option I think would work, but then you’re talking more drives, a smaller pool, just for Media. Seems better to fix the real issue imo.

Windows is typically the issue with most muck-upery, but that can only happen if it’s allowed to mess with permissions. The ACL extensions are, imho, evil, as they give windows a path in.

Fixing your permissions shouldn’t be too hard, once we know what they’re supposed to look like, and we remove the evil acl. :+1:

3

Thanks for the response. The permission is issued based on usernames and passwords. I also remembered that it will often bugout when the wife is watching Plex. For example - she will watch one episode of a show and then it will not load the next one. Then I check to see if I can access the the share with the machines and get denied (despite having had access prior to that).

I have taken a bunch of screenshots with my settings because it’ll be easier to see it than explain it :grinning:

Media Dataset Settings:

Media Dataset Options

Media%20Dataset%20Options
Media%20Dataset%20Options961×853 29 KB

Media Permissions
Media%20Permissions
Media%20Permissions960×711 14.8 KB

Media SMB Options
Media%20SMB%20Options
Media%20SMB%20Options961×854 20.8 KB

User Options:

Home

User%20Options%20-%20Home
User%20Options%20-%20Home961×855 26.6 KB

Plex
User%20Options%20-%20Plex
User%20Options%20-%20Plex955×856 25.1 KB

Windows VM
User%20Options%20-%20Windows%20VM
User%20Options%20-%20Windows%20VM955×849 24.2 KB

As a comparison here are the Misc dataset settings

Misc Dataset Options

Misc%20Dataset%20Options
Misc%20Dataset%20Options960×852 30.4 KB

Misc Permissions
Misc%20Permissions
Misc%20Permissions965×715 14.9 KB

Misc SMB Options
Misc%20SMB%20Options
Misc%20SMB%20Options973×856 21.8 KB

I think that’s everything - feel free to let me know if I’ve missed something.

4

You certainly have a few Groups going!

I’ll try to be broad here, and forgive me if I presume too much, but I’d rather be basic than overlook something. In FreeNAS, I don’t use their GUI for Dir/File permissions, so I hope you’re comfortable enough in the Shell prompt.

I notice your missing a Recursive option or two, and you also have Other enabled, which in *Nix means Everyone. I’m not sure how your Users are set up, however they should all be set up on your Nas box, not anywhere else, as it’s all granted from FreeNas. Keep that in mind, Windows SMB users/pass’s as well. Plex has it’s own main User/Group that it uses, the accounts inside don’t count as I recall. I’m an Emby user for disclosure.

I’ll presume from here that your Users are set up correctly for Name/Pass. Next thing is to make sure they all have their proper Groups set up. The easiest way, imo, is to use the Shell and cat /etc/group | more then verify that your users are listed next to the groups they need to be in. If you need to modify anything, you can use a cli editor, I use VI, but take your pick. I would imagine the GUI should work, but I don’t trust it personally.

So, now that your Users have names and passwords, and they’re attached to the right groups, its time to reset the file permissions. Keeping in mind, they work as such: Owner/Group/All, so a file with rwxrwxrwx means it’s fair game for everyone, but a file with rwx------ is only viewable and touchable by the Owner. What your typically after is rwxrwx--- and even that should at some point become rwxr-x--- imho.

My suggestion is to reset the Owner/Group and Permissions for everything, but that might be overkill. Sometimes a huge sword is better than a tiny hammer though.

Provided your directories/files are all correct with Owner/Group, then I’d suggest going to the root directory, eg. /mnt/Data/Media, and running chmod -R 770 * as that will reset everything to Full Access for the Owner and anyone in the Group, and denies everyone else. If you fear some of the Owner/Groups are wrong in the file structure, it’s worth running a chown -R owner:group * from that main directory as well. I’d do this with any main directory structure that’s giving you issues.

Depending on what you have writing into the directories, these things can get mucked up pretty fast unless it’s set up properly. I made my own script that resets everything on my machines as it’s just easier than trying to hunt down the naughty bugger.

By starting with 770, your starting with full access, which should fix everything, from there you can further refine everything. Permissions can be a real pisser to get setup, and as long as you never checked the Default Permissions box, you should be all set. If at any point you did, and it’s a Windows share, that could be another issue for a later date. lol

Anyhow, long winded as it was, I hope it helps.

1 Like
5

Thanks for your help.

The recursive checkboxes seem to uncheck after the setting is set.

I seem to remember having dramas initially with the permissions - particualrly when I was changing the platforms for my Deluge and Plex clients so I enabled the Other to help get around some of them. Clearly I had forgotten to remove that.

My CLI isn’t too bad, but I’m no expert.

I checked the groups using CLI and although I don’t think these are the issue imo, I changed the permissions and owner/group as suggested.

I will give it a week and see if that has fixed the issue - sometimes it can take a few days to rear its ugly head so if it doesn’t happen in a week we should be good.

The strange thing is why it worked for nearly a year without issues and then started playing funny buggers.

Thanks for the help, and I’ll touch-base with a result.

6

Always blame Windows. If Microsoft isn’t involved, then we blame Murphy…

Hope to hear back good news in a week’ish!

1 Like
7

Haha yeah, I keep threatening to do away with Windows altogether at home, and I actually run dual boot with Linux Mint (for work) and CentOS (for home) I also play around with Paladin for work as well as Kali and Security Onion for Uni (college)

I have played around with Ubuntu and Fedora as well at home.

The biggest thing stopping me from making the change permanently is my gaming (though I barely have time for that these days anyway). I will definitely do it one day in the near future (just need the right push to get me there).

8

Dare I say it… I think that did the trick! Thanks for your help @faust. I never had a reason to mistrust the GUI but perhaps I will start using CLI more often.

9

Yay! Glad it worked out for ya! :sunglasses:

I’ll always be a fan of CLI vs GUI, but have to keep in mind that there are things in FreeNAS that must/should be done in the GUI. Permissions aren’t one of them. :wink:

You should consider making yourself a bash script to reset permissions to how you have them now, just incase something decides to go rogue in the future. Make your future life a little easier. lol

1 Like
10

Haha! Cheers for the help mate, much appreciated. The bash script sounds like a good idea.