January 20, 20251 yr I come from Synology, where I never had any issues with ACLs on SMB shares, so I don't really know the steps to resolve this problem. Background: I use a shared folder, which I access from my Windows 10 machine via SMB. I created one shared folder, named "Downloads" which is - as the name suggests - used for downloads. With archive files I run into issues, where I sometimes don't have the permission to extract, delete and execute a file or folder. Example: I download this archive (https://cdn2.minitool.com/?p=pw&e=pwfree-64bit-portable) to the Downloads shared folder. With 7-Zip I right click it > extract to "pwfree-64bit-portable". The contents of the archive get extracted, except for one file. The error message says: "Cannot open output file: Permission denied : F:\pwfree-64bit-portable\partitionwizard.exe". This file can be extracted to the same path where the zip archive is though. It's one of those files that can only be executed with an administrator account. With other archives, I experienced the problem that I couldn't delete the archive files. Windows Explorer made it look like the file was deleted, but when I refreshed the folder, it was back again. The only way I could delete it was via shell. Is there a solution to fix such issues for good? I don't wanna use the shell all the time, just because I can't do it in Windows.
January 21, 20251 yr Community Expert unraid uses nobody:users and 777 file permission. Please stop all docker and run the tool > docker safe permission this will set the chow and chmod for all files and folders... You will need to set chown nobody:users -R /mnt/users/* chmod 777 -R /mnt/users/* in samba this can be fixed by adding extra data per sahre as a file can be set to be fored to write as a user and gorup and/with creationing chomd permissions... example share: [Backups] browseable = yes case sensitive = Auto comment = ZFS Backup Core Services force group = users force user = nobody path = /mnt/user/Backups read only = No vfs objects = catia fruit streams_xattr fruit:encoding = native directory mask = 0777 force directory mode = 0777 create mask = 0777 force create mode = 0777 is a share you can make by adding this to the smb extra setting with the array off That the offical way... If you conmfatlbe with editing samba and making your own config you can use a user script to acomplish this... by stoping samba, removing the smb config and replacing it with one you make on the flash drive. and starting samba... Edited January 21, 20251 yr by bmartino1 fix smaba share info for createmod, force user and directory mode for file access.
January 21, 20251 yr Author 11 hours ago, bmartino1 said: unraid uses nobody:users and 777 file permission. Please stop all docker and run the tool > docker safe permission this will set the chow and chmod for all files and folders... You will need to set chown nobody:users -R /mnt/users/* chmod 777 -R /mnt/users/* Hmm, it has nothing to do with Docker in this case. On unRAID in the Tools menu I used the "New Permissions" tool to fix the permissions for the Downloads shared folder. It sets these permissions, but this sadly didn't help. 11 hours ago, bmartino1 said: in samba this can be fixed by adding extra data per sahre as a file can be set to be fored to write as a user and gorup and/with creationing chomd permissions... example share: [Backups] browseable = yes case sensitive = Auto comment = ZFS Backup Core Services force group = users force user = nobody path = /mnt/user/Backups read only = No vfs objects = catia fruit streams_xattr fruit:encoding = native directory mask = 0777 force directory mode = 0777 create mask = 0777 force create mode = 0777 is a share you can make by adding this to the smb extra setting with the array off That the offical way... If you conmfatlbe with editing samba and making your own config you can use a user script to acomplish this... by stoping samba, removing the smb config and replacing it with one you make on the flash drive. and starting samba... Interesting. Thanks for the hint, I'll look into that later and report.
January 22, 20251 yr Author Partial success. I used your SMB configuration template and changed it a little to my liking. [Global] browseable = yes case sensitive = auto force group = users force user = nobody path = /mnt/user comment = writable = yes read only = no guest ok = no vfs objects = directory mask = 0777 force directory mode = 0777 create mask = 0777 force create mode = 0777 Extracting the archive with 7-Zip still fails, but I at least can delete the extracted folder. I tried PeaZIP instead of 7-Zip, just to test. With its smart extract feature I could extract the contents of the archive just fine. But now I have the ZIP archive, the Peazip setup EXE file and a partitionwizard.exe (the one that is the issue here) from another test, that I extracted from the ZIP archive after I applied the SMB configuration, that I can't delete via SMB now. -rw-rw-rw- 1 nobody users 449776 Dec 2 12:25 partitionwizard.exe -rwxrwxrwx 1 nobody users 9931824 Jan 22 07:17 peazip-10.2.0.WIN64.exe* -rw-rw-rw- 1 nobody users 58597737 Jan 22 07:11 pwfree-64bit-portable.zip I really don't get why the partitionwizard.exe and the pwfree-64bit-portable.zip just have rw-rw-rw- permissions. Also I don't get, why I can't delete any of these files via SMB. But I'd be more curious to know how not to run into such problems anymore. Maybe @bmartino1 or someone else knows a way? Help is appreciated. Edited January 22, 20251 yr by Vexz
January 22, 20251 yr Community Expert for acl there is a difference for share permissions vs Unix permissions. you're seeing the UNIX permissions. *You should relay keep the apple vfs objects... they are needed for smb... You now need to run the chown and chomd to fix this. There are other smb options to map and use windows attributes... chown nobody:users -R /mnt/users/ chmod 777 -R /mnt/users/ as then moving forward, samba will read write and use Unix 777 nobody:users... your fighting unix inheriting permissions...
January 23, 20251 yr Author 8 hours ago, bmartino1 said: *You should relay keep the apple vfs objects... they are needed for smb... Hm, I'm not so sure about that, unless there's a specific reason unRAID needs this. The default value for "vfs objects =" is in fact just "vfs objects =" according to samba.org (https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#vfsobjects). 8 hours ago, bmartino1 said: You now need to run the chown and chomd to fix this. There are other smb options to map and use windows attributes... chown nobody:users -R /mnt/users/ chmod 777 -R /mnt/users/ as then moving forward, samba will read write and use Unix 777 nobody:users... your fighting unix inheriting permissions... As mentioned in one of my previous posts (https://forums.unraid.net/topic/185441-issues-wit-acls/#findComment-1515142) I ran unRAID's "New Permissions" tool, which fixes these permissions and ownerships recursively and I can confirm that the permissions are set correctly with "ls -l" from the shell. Still I run into issues like in my original post. If you run a Windows machine, you could download the ZIP archive I linked in the original post and then follow these steps to see if it's the same for you: Download the ZIP directly on one of your SMB shares. Access that SMB share with Windows Explorer. Extract that ZIP file with 7-Zip. --> Extracting the "partitionwizard.exe" fails during this process with 7-Zip, but with PeaZIP it surprisingly works. If you successfully extracted the archive, run the "partitionwizard.exe". Close the Partition Wizard software. Now try to delete the extracted folder and ZIP file, it doesn't work (at least for me). The permissions are unexpectedly "rw-rw-rw-" for both the ZIP and the folder. Yes, I could run the "New Permissions" fix tool to fix the permissions and then delete the files or just use the shell, but that is exactly what I should not have to do with these SMB.conf overrides.
January 23, 20251 yr Community Expert if for instance you have a docker that sets it own permission for file access with a user form its container and run the new perm tool to set 777 nobody:user then the docker while override and not allow the acl to write this is similar with any service. the service should be stopped or off for the permission to apply... again there is a difference between share permission and Unix permissions... otherwise, you have set the proper windows / Unix share permission and windows has set that as a file permission for that executable. at the very min vfs object for acl_xatrib ... per example... path = /mnt/user browseable = yes writable = yes read only = no guest ok = no vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes create mask = 0770 directory mask = 0770 force create mode = 0660 force directory mode = 0770
January 23, 20251 yr Author 4 hours ago, bmartino1 said: if for instance you have a docker that sets it own permission for file access with a user form its container and run the new perm tool to set 777 nobody:user then the docker while override and not allow the acl to write this is similar with any service. the service should be stopped or off for the permission to apply... again there is a difference between share permission and Unix permissions... otherwise, you have set the proper windows / Unix share permission and windows has set that as a file permission for that executable. at the very min vfs object for acl_xatrib ... per example... path = /mnt/user browseable = yes writable = yes read only = no guest ok = no vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes create mask = 0770 directory mask = 0770 force create mode = 0660 force directory mode = 0770 Now I added "vfs objects = acl_xattr" and "map acl inherit = yes". With PeaZip when I try to extract the archive it immediately gets deleted as soon as its done. With 7-Zip it's the same old behavior. For some strange reason I can do everything directly in "/mnt/user/Downloads" but I only have read permissions for subfolders and files in subfolders (talking about Windows ACLs here). I can't set Windows ACLs, because when I try to apply my changes, it always says "permission denied". Man, I feel like I've put hours into solving this problem and it won't just work. It's so frustrating. Edited January 23, 20251 yr by Vexz
January 23, 20251 yr Community Expert at this point its not unraid/linux side: if running as directory mask = 0777 force directory mode = 0777 create mask = 0777 force create mode = 0777 anything samba is touching is full read write accesss. What if you run the application ex 7zip as administrator. I wonder if this is a recent issue with lattest windows and how its handling share settings. Edited January 23, 20251 yr by bmartino1 Typo
January 23, 20251 yr Community Expert breakdown on smb options: [Share] path = /mnt/user browseable = yes writable = yes read only = no guest ok = no force user = nobody force group = users create mask = 0777 directory mask = 0777 force create mode = 0777 force directory mode = 0777 inherit permissions = yes inherit acls = yes map archive = no vfs objects = acl_xattr Explanation of Key Options create mask and directory mask: These ensure that files and directories are created with 777 permissions unless overridden by other settings. force create mode and force directory mode: These settings enforce specific permission bits (e.g., 777) regardless of what the client specifies. inherit permissions: Ensures new files and directories inherit the permissions of the parent directory. inherit acls: Makes sure new files and directories inherit ACLs from the parent directory. force user and force group: Ensures all files are owned by the specified user (nobody) and group (users). map archive = no: Prevents the archive attribute from interfering with permission enforcement. vfs objects = acl_xattr: Enables advanced permission handling and ensures compatibility with Windows ACLs. so if your having isseus with the share its client side at that point...
January 23, 20251 yr Author This is my configuration right now: [Global] browseable = yes case sensitive = auto force group = users force user = nobody path = /mnt/user comment = writable = yes read only = no guest ok = no vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes directory mask = 0777 force directory mode = 0777 create mask = 0777 force create mode = 0777 I think the biggest problem is that I can't change Windows ACLs because of missing permissions to do that. I really don't know what to do about that. Edit: It's NOT Windows ACLs. As soon as I "chmod -R 777 <Subfolder of /mnt/user/Downloads>" I can delete the files inside that subfolder and the subfolder itself. Edited January 23, 20251 yr by Vexz
January 24, 20251 yr Author Solution Anyway, I ran some commands on the CLI which was another step in the right direction: chown -R nobody /mnt/user/Downloads chgrp users /mnt/user/Downloads chmod g+s /mnt/user/Downloads setfacl -d -m u::rwx /mnt/user/Downloads setfacl -d -m g::rwx /mnt/user/Downloads setfacl -d -m o::rwx /mnt/user/Downloads At least the files in the subfolders get rw-rw-rw- permissions now, and I can do with them whatever I want. The only thing that still causes problems is the thing when I extract files from an archive. Thanks for the help and taking the time @bmartino1. You helped me quite a bit here.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.