Hello,
I’ve watched Tom’s excellent TrueNAS Core share/permission/snapshot/shadow copy config video here: https://www.youtube.com/watch?v=QIdy6sR0HrI
I find myself wanting to do something a bit more complex, and I’m not sure what the proper way to go about it is.
I’m setting up backing storage for a MariaDB instance, and want to plan ahead and also organize things so I can have a reserved space to deploy Postgres or SQLlite or whatever other database storage later.
I have a Dataset structure like this on my SSD pool (the description indicates that sync writes are enabled so I can practice fio-based A/B performance testing Tom’s fio script before I leave it on async).
I set them up nested this way because with exceptions like recordsize, snapshot schedule, etc., I envision these datasets as all having similar properties, including a space reservation shared by the parent and all children. (My SSD pool is rather small and I want to be careful to control how much space is used.)
I’ve set up a group, database-users, with no login, sudo, home folder, or SMB permissions.
Right now, I have two users in the database-users group that I want to associate with shares that access these datasets: Debbie Bass and Maria Dubois. I plan on these users having only NFS access.
- Debbie Bass: The master database user. I want her to automatically have read/write access to every share in “DatabaseFS” and all its children, including children who don’t exist yet, via NFS.
- Maria Dubois: The MariaDB user. I want her to have full read/write permissions on only the MariaDB-FS dataset and all its children, including any who don’t exist yet.
Using the group I’ve set up, the two user accounts, and ACLs, what’s the intended way to set this up? In the video, it is mentioned that the entire permissions system is group oriented. So, the owner of DatabaseFS would be Debbie, and the group would be database-users, but beyond that I’m not sure where to go, especially with the child datasets.
- I’ve realized that for DatabaseFS I almost surely don’t want to recursively run the parent ACL through all the children, though, as each child will have a unique permission structure and user(s).
- On the other hand, I would want the permissions on MariaDB-FS to be recursive and transmitted through any children, as I want to use a 16k recordsize child dataset and a 128k recordsize log for MariaDB.
Sorry if this is a bit long. I tried to keep it short but wanted to give enough detail on what I’m hoping to do. I appreciate any advice anyone might have. I feel like this must be simpler than what I’ve imagined doing so far.
