Unraid SAMBA share permissions messed up?

[Darren Cook]

Since updating to 6.10.1 i noticed that my SAMBA shares from Unraid, Active Directory permissions are getting denied (No Permission to view), despite effective access showing correct permissions for this AD group (Unraid is joined to the domain)

 

So, i created a few new shares and tested permissions, I'm not sure if my config files are messed up in Unraid or something has gone pear shaped during the upgrade?

 

Example: I created a new share in Unraid, set it to a private share and exportable, check the permissions, I'm seeing "everyone" getting full read/write access to brand new shares that should be private?

 

Wanting to see if anyone else is seeing this? or just myself?

 

Edited May 24, 2022 by Darren Cook
fixes to wording

[Frank1940]

Now, I am NOT running Active Directory.  I have the share set up like this:

 

When I go to this share (logged-in as the User with the read-only permission) and select a file at random, I can not delete the file but I can copy it back to the client computer.  This is the expected behavior. 

 

What are you seeing?  

 

I admit that I don't have a good handle on what the Domain server does but I have the feeling that it may be not be passing what you think is your login information on to  the Unraid server but using secondary login to group individual users who have identical permissions to a resource together as a group.  Hopefully, someone (with a much better understanding) will jump in and provide more details.

 

It would be helpful if you would post up a screen of your share security setup as I have done. 

[sublimejackman]

I'm at a work stoppage here with the same issue in 6.10.2.  I have share for security camera backups and I cannot access it from SMB in any environment. I get permission denied for any user. Including just read only. Can't go much longer without access to our backups 

[Frank1940]

6 hours ago, sublimejackman said:

I'm at a work stoppage here with the same issue in 6.10.2.  I have share for security camera backups and I cannot access it from SMB in any environment. I get permission denied for any user. Including just read only. Can't go much longer without access to our backups 

Try running 'New Permissions'   (      Tools       >>>    New Permissions    ) on just the User Share with the problem.

[sublimejackman]

Thanks. I just ended up chmod all the lower directories in the share. It seems to have only impacted about 1/3 of the subdirectories, not all of them. Looking at the log, the permissions were changed when I updated to 6.10.1, I just didn't notice until we did or monthly offsite; at which point we had updated to 6.10.2

 

So def an issue with 6.10.1 that lingers into 6.10.2. No tool in the web GUI would change the sub directories permissions in the share.

[nomadgeek]

I've encountered the same AD issue for the last few days since I upgraded to 6.10.1 (and now 6.10.2).

 

I have permissions issues all over the place. It looks like the Windows "Owner" of the root shares has been reset to Nobody (from Domain Admin) and I can't take ownership no matter what I try. My users are creating files that linux (e.g. a docker container that backs up files) can't access; my copier (which logs in using an UNRAID user) makes files that they can't access. Pretty disastrous.

 

Commenting mostly so I can follow this thread - I'll report back if I find a workable solution.

Edited June 6, 2022 by nomadgeek
clarity

[nomadgeek]

Update:

I re-owned the shares by looking up the UID & GID for the domain admin (ls -lan) and then chown -R XX:XX share-name got it back to the Domain Admin.. so that's solved - I can edit permissions from Windows again. Doesn't answer the interoperability problem.. I think I can solve the backup software problem by running that container as a UID from AD instead of the default but scanning coming from my copier is a different issue.

 

[nomadgeek]

See my comments in this thread; I've basically worked out all of the conflicting permission problems between linux and windows by (a) never using my linux user to interact with shared files and (b) running the handful of docker containers that need to interact with shared files as a domain user.

 

My only outstanding problem is that winbind seems to 'forget' that a domain user exists which has never happened before. I give more detail in this thread.

 

Edited June 9, 2022 by nomadgeek
Direct link to post

[sarf]

I reverted back to 6.9.2 after reading this and my domain user shares are now working. Having said that it usually took some time before the domain owners home directories would start to appear as unknown in the new file manager, at this point the user would lose access to the server, not the share, the server. "wbinfo -i user" would return an error.

 

Hopefully this wont happen now I'm back on 6.9.2.

[sarf]

Scrap the above. Same problem on 6.9.2...

[nomadgeek]

2 hours ago, sarf said:

Scrap the above. Same problem on 6.9.2...

 

Try the solution I added in the other thread below. This solved the 'randomly losing AD users' problem.

 

[sarf]

7 hours ago, nomadgeek said:

 

Try the solution I added in the other thread below. This solved the 'randomly losing AD users' problem.

 

Awesome, thank you for pointing me in the right direction. Added your settings and so far so good!