[Weird Permissions Problem]

Small update on the matter: The issue reappeared. To solve it, I created a new share and emulated the user access and decommissioned the old share. Finally, I have been problem free for two weeks now,

[Weird Permissions Problem]

To anyone who sees this looking for an answer:

Through random order of rebooting both my computer and the server and being away from it all for a weekend, the problem has suddenly disappeared. While I wish I had a concrete answer to this behavior, I'm just happy that it works.

[Weird Permissions Problem]

6 minutes ago, Frank1940 said:

OH, things just keep getting better and better.  Can you see them in the file explorers on the MacBook and Windows?  

 

One thing I just notice while ls sorts file alphabetical, CAPS come before small letters. So    Files  letters data     sort this way

 

Files

data

letters

 

Alright, after doing some testing and messing around here is where I am at.

 

I forgot that uploaded files go to the cache drive *first* and then make it to the unraid disks with the mover, so that's where that confusion on file locations comes from. 

 

Now; When I copy a file from my MacBook to the share, I can read them on windows or other Macs and do whatever I want with them. It's when I add a file from windows that things get screwy. So, as usual, Windows is effing me over. Go figure :roll eyes:. It looks like I need to turn back around and try to figure out what AD did to my windows workstations that is causing such disfunction. And here I am all this time trying to blame unraid. I will be doing some google research on that, but if you have any input on where to look I would greatly appreciate it. Thanks so much for your help up to this point!

[Weird Permissions Problem]

Here's another new development. On my MacBook running the Catalina beta, I connected to my server via SMB, and added new files to the share, but on the unraid shell, when I LS the directory, the files do not appear....

(EDIT: /mnt/cache shows the files in the correct directory)

 

(EDIT2: This brings up an interesting discovery too. The files that I added from my Mac are owned by my user account with the same type of permissions as the file from Windows. This more and more points to the SMB server in my opinion)

[Weird Permissions Problem]

1 hour ago, Frank1940 said:

Try this command first:

chmod 777 /mnt/user0/MWPBDocs/Logo/Computer\ BG.jpg

Then check if the other user has access to the file.  You can see what this command did with this one (again):

ls -al /mnt/user0/MWPBDocs/Logo

 

So from what I can tell, the chmod command there made the file open to all users? In any case, that *did* allow User2 on Computer2 to access the file. So if I understand unraid permissions correctly, all files are supposed to be owned by "nobody" but the users that I allow read or r/w access through the gui are added to a user group for that share so that they can be manipulated? Does that line of thought make sense?

[Weird Permissions Problem]

13 minutes ago, Frank1940 said:

Another thought. 

 

Did you map these shares to your PC as a drive?

 

Did you rework the WIN10 permissions on this mapped drive?

 

The reason for these questions is simple.  You should not have to do anything on the WIN10 end for any additional security on any Secure or Private Unraid SMB share.  All of the protection is being provided on the server by the Unraid SMB system.  (IF the Unraid SMB did not do this, the file would be exposed to any (say) Linux computer!)   The system sharing  storing the file must provide all of the file security.  Thus if you share one of your local hard drives on your WIN10 system, you will have to lock down the files from that computer. I am not sure quite what the Unraid SMB system is going to do if you are implementing file access restrictions on the WIN10 end,  It could cause those ACL extensions to be applied!

That I am aware of, there should be nothing on W10 that I have changed other than mapping the share as a network drive in "This PC" and providing my unraid credentials. I should mention that before I unlinked my unraid box from my AD domain, everything worked as normal. I'm almost curious for kicks and giggles if I shouldn't rejoin it and just see what happens? I'd rather not have to go that route, as it turns out trying to manage a non-Windows server on AD is a major PITA.

[Weird Permissions Problem]

29 minutes ago, Frank1940 said:

There is a command---  called getfacl  -----  that will list these.  So try this command:

# file: mnt/user0/MWPBDocs/Logo/Computer BG.jpg
# owner: adam
# group: users
user::rw-
user:root:rwx			#effective:rw-
user:nobody:rwx			#effective:rw-
user:930611700:rwx		#effective:rw-
user:930612313:rwx		#effective:rw-
group::---
group:930611713:---
group:930612304:rwx		#effective:rw-
mask::rw-
other::---

Here's the result of getfacl

[Weird Permissions Problem]

I believe this is what you are looking for. What sticks out to me right away is that all the other files are owned by "nobody" but the file in question, "Computer BG.jpg" is owned by "adam".

 

root@MainServer:~# ls -al /mnt/user0/MWPBDocs/Logo
total 1916
drwxrwxrwx+ 1 nobody users      81 Sep 12 02:05 ./
drwxrwxrwx+ 1 nobody users     273 Sep  8 19:04 ../
-rw-rw-rw-+ 1 nobody users    6148 Sep  8 19:14 .DS_Store
-rw-rw----+ 1 adam   users 1926881 Jun  2 22:29 Computer\ BG.jpg
drwxrwxrwx+ 1 nobody users      23 Sep  8 19:05 Graphics/
drwxrwxrwx+ 1 nobody users      40 Sep  8 19:04 Publishable/

 

[Weird Permissions Problem]

30 minutes ago, Frank1940 said:

Have you run the Docker Safe New Permissions  script (it is part of the Fix Common Problems plugin)?  Tools    >>>  Docker Safe New Permissions   

Does this fix the problem temporarily? 

 

Do you know how to use the Linux (or UNIX) command line?  The reason being, it could be problem with the owner/permission settings and it is necessary to find out how the underlying Linux system is handling those.  We can walk you through the procedure but it would be easier knowing where you are.  (You only need a very slight knowledge to get the information that is needed.)  But the amount of instruction necessary from no knowledge to some knowledge is considerable! 

I have a fair amount of command line experience. I’m no Linux guru, but I can get my way around. 
 

I have run the “Docker Safe New Permissions” plug-in. When I run either that one or the built-in unraid one, the files that User1 made that User2 couldn’t access can now be accessed by User2, but any new files still have the same issue

 

[Weird Permissions Problem]

Hello all!

 

I have been using unRAID for around a week now, and up to today have been relatively trouble free.

 

The scenario:

There are two computers (Windows 10 Pro) and two users and one share. Both users have r/w access to the share. Computer 1 is logged in via SMB under User1's account. Computer 2 is logged in via SMB under User2's account. (EDIT: On the share itself, SMB is set to Export: Yes, Security: Private)

 

The issue:

If User1 makes a file on the share, User2 has no permissions to said file. No read, write, nothing. User2 makes another file on the share, User1 has no access to this file either.

 

Leading up to the issue:

I had unraid joined to an Active Directory domain but was having some issues getting user accounts to work properly, so I removed it from the domain, and then added it to a non-default SMB workgroup. That is to say, I changed SMB to "Yes (Workgroup)" and then changed the workgroup name. Both computers that are experiencing the issue are on the same work group. I have run the "New Permissions" tool immediately after unjoining the AD domain. Both machines will map the network drive no problem whatsoever.

 

I had rebooted the server about 5 minutes before reading the item in the "Read this first" topic that says do not reboot the server. However, I recreated the issue and attached the syslog after recreating the issue to this topic.

 

Any help is appreciated

 

Thanks

mainserver-diagnostics-20190912-0607.zip