Hi FreeNAS people,
I have been setting up CIFS shares on a FreeNAS 8.0.4 RELEASE p1 x64 (11059) box, with Active Directory integration in a corporate environment.
Everything nearly works, but I had a glitch with file permissions which I had to fix from the command line by running setfacl. I didn’t expect to have to do this.
My ZFS dataset was created with permissions:
owner(group): MYDOMAIN\Domain Admins (from Active Directory)
Set permission recursively: off
My problem was, while I could create directories from Windows on this share as a Domain Admin, I couldn’t set their security attributes (insufficient privilege).
My share was called win, so I logged in and did this:
# cd /mnt/invmds01
# getfacl win
# file: win
# owner: root
# group: MYDOMAIN\domain admins
So I made the group permission the same as the owner, as follows:
infernal# setfacl -m group@:rwxpDdaARWcCos:fd----:allow win
Following this, everything worked as I wanted, and my domain admins could create directories and fiddle with their permissions.
The permissions set by the GUI seem wrong to me. Is this a bug?
If so, I can report it on your bug tracker if you want.
Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately.