• [6.10.0-rc5] ACLs in /mnt/user not working


    g0dsCookie
    • Urgent

    After upgrading from 6.9.2 to 6.10.0-rc5 all ACLs in /mnt/user stopped working. Hower ACLs on the disks (/mnt/disk[1-6], /mnt/cache) itself are working fine. Disks and Cache are formatted with btrfs (encrypted).

     

    Example:

    g0dscookie@nas:/$ ls /mnt/user/isos
    ls: cannot open directory '/mnt/user/isos': Permission denied
    
    g0dscookie@nas:/$ ls /mnt/disk5/isos
    Windows  proxmox-ve_7.1-2.iso
    
    g0dscookie@nas:/$ getfacl /mnt/user/isos
    getfacl: Removing leading '/' from absolute path names
    # file: mnt/user/isos
    # owner: administrator
    # group: domain\040admins
    user::rwx
    user:administrator:rwx
    group::rwx
    group:domain\040admins:rwx
    group:isos\040ro:r-x
    group:isos\040rw:rwx
    mask::rwx
    other::---
    default:user::rwx
    default:user:administrator:rwx
    default:group::---
    default:group:domain\040admins:rwx
    default:group:isos\040ro:r-x
    default:group:isos\040rw:rwx
    default:mask::rwx
    default:other::---
    
    g0dscookie@nas:/$ getfacl /mnt/disk5/isos
    getfacl: Removing leading '/' from absolute path names
    # file: mnt/disk5/isos
    # owner: administrator
    # group: domain\040admins
    user::rwx
    user:administrator:rwx
    group::rwx
    group:domain\040admins:rwx
    group:isos\040ro:r-x
    group:isos\040rw:rwx
    mask::rwx
    other::---
    default:user::rwx
    default:user:administrator:rwx
    default:group::---
    default:group:domain\040admins:rwx
    default:group:isos\040ro:r-x
    default:group:isos\040rw:rwx
    default:mask::rwx
    default:other::---
    
    g0dscookie@nas:/$ id
    uid=1461716048(g0dscookie) gid=1461715457(domain users) groups=1461715457(domain users),1461716076(isos rw),[...]

     

    I've already rejoined samba to my Active Directory and reapplied ACLs. /mnt/user seems to be able to read/write ACLs, however it doesn't seem to actually apply them.

     

    If I chown the directory to g0dscookie I can access it through /mnt/user/isos. Same with chgrp to "domain users".

    • Like 1



    User Feedback

    Recommended Comments

    I'm having this issue right now, but haven't tried using ACLs in earlier versions. Was this actually working for you in the past?

    • Upvote 1
    Link to comment

    Yes, ACLs were working in 6.9. Don't know if they were also working in <6.8 as I only started using unraid with 6.9 (and now stopped using it because of this bug..)

    Link to comment
    On 7/31/2022 at 8:01 PM, limetech said:

    Please try latest 6.11-rc

     

    I have come across this thread in my troubleshooting of ACLs failing to work in versions after 6.9.2 (post link). Thanks to @copperhound for his post (link) with a command that could provide the options that fuse is mounted with. 

     

    The options returned by the command are different for 6.9.2 and 6.12.6:

     

    6.9.2

    root@UR-Lab:~# mount | grep /mnt/user
    shfs on /mnt/user0 type fuse.shfs (rw,nosuid,nodev,noatime,allow_other)
    shfs on /mnt/user type fuse.shfs (rw,nosuid,nodev,noatime,allow_other)

     

    6.12.6

    root@UR-Lab:~# mount | grep /mnt/user
    shfs on /mnt/user0 type fuse.shfs (rw,nosuid,nodev,noatime,user_id=0,group_id=0,default_permissions,allow_other)
    shfs on /mnt/user type fuse.shfs (rw,nosuid,nodev,noatime,user_id=0,group_id=0,default_permissions,allow_other)

     

    Hi @limetech, is this possibly a root cause for the difference in ACL behaviour? If so, was there a change made in 6.11rc to revert some settings that hasn't made it into subsequent versions? 

     

    (happy to test another version in my lab if it helps)

     

    Thanks,

    Unraidster

     

    Link to comment

    Hi, as an update, with help from support (thanks!) I was able to get hold of copies of 6.11-rc1 and 6.11-rc5. Both display the same output from the "mount | grep /mnt/user" command as 6.12.6 and both also fail to allow user share access to users with access via an ACL; throwing the same error from 6.12.6.

     

    I have also tried 6.12.7-rc2 and found the same results as 6.12.6.

     

    Unraidser

    Link to comment


    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.


    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.