File Permissions Problem

Lenz

By Lenz
in General Support

Recommended Posts

Lenz Noob

Lenz

Posted
Posted (edited)

Hello Everyone,

 

since a couple of weeks i have problems with file permissions in unraid when adding new files and folders over the network. Sadly i am out of ideas how to solve the issue, but i am guessing that files and folders get the wrong permissions from samba. I add some screenshots and the diagnostics file, if more information is required please let me know.

 

When i use the "New Permissions" Tool, or do a chmod -R 777 on the share i used i can access the share or the lower folder again. Sometimes the same permissions dont seem to block access and sometimes they do...

 

I hope i descriped my issue enough.

 

Thx in advance.

 

Unraid 6.8.0

 

1.PNG

 

2.PNG

 

 

lsvr-diagnostics-20200107-2142.zip

Edited by Lenz
Link to comment
trurl Grand Master

trurl

Posted
Posted

Is this a Public share?

 

Why do you have this in SMB Extras? 

[Root]
path = /mnt/user
comment =
browseable = yes
valid users = lenz
write list = lenz
vfs objects =
#unassigned_devices_start
#Unassigned devices share includes
   include = /tmp/unassigned.devices/smb-settings.conf
#unassigned_devices_end

 

Link to comment
Lenz Noob

Lenz

Posted
  • Author
Posted (edited)

I am just moving a lot of files between shares, so that is just faster and easier then using midnight commander in console for example...

And this solution worked for me for about a year without any problems at all. And no as far as i understand it, its a secured share for my personal user. I followed Spaceinvader Ones tutorial for that.

 

The problem itself also shows itself when i use the specific share...

Edited by Lenz
Link to comment
testdasi Proficient

testdasi

Posted
Posted
15 minutes ago, Lenz said:

I am just moving a lot of files between shares, so that is just faster and easier then using midnight commander in console for example...

And this solution worked for me for about a year without any problems at all.

This probably relates to the recent Samba update that changed quite a bit with regards to security. I also noticed permission changes.

 

I don't think there's much that can be done.

If you need the insecure workaround then you probably have no choice but to stay on an earlier version that the workaround still worked.

Otherwise you need to rethink the workaround. 

 

 

Link to comment
dlandon Veteran

dlandon

Posted
Posted
55 minutes ago, trurl said:

Is this a Public share?

 

Why do you have this in SMB Extras? 


[Root]
path = /mnt/user
comment =
browseable = yes
valid users = lenz
write list = lenz
vfs objects =
#unassigned_devices_start
#Unassigned devices share includes
   include = /tmp/unassigned.devices/smb-settings.conf
#unassigned_devices_end

 

You should not mount /mnt/user this way.  Find another way.

Link to comment
Lenz Noob

Lenz

Posted
  • Author
Posted (edited)

@testdasi ok, but even if i dont use the "root" share, i still have the file/folder permission problem when i am using my regular shares...

 

also do you have further information about that samba change? and if it would be a general samba problem wouldnt that result in all people who are accessing thier unraid 6.8.0 servers from windows 10 (and i tried a rollback to 6.7.2 with the problem persisting, were i didnt had problems before at all)? because when i access my "\\server\Media" share i still have the wrong permissions. also what would be proper file/folder permissions as unraid is intended to work (nobody:users with folder 777 and files with 666?)

Edited by Lenz
Link to comment
  • 2 years later...
tvxyvbt5 Noob

tvxyvbt5

Posted
Posted

Okay, I'm confused. How are permissions supposed to look like in a private vs a public share?

I ran the "New Permissions" tool in hope it would fix those "no permissions" popups from Windows Explorer. – It did, but after creating new files/folders the issue came back.
The tool set all shares to "777 nobody:users" but when I add new files/folders the permissions look like this:

  • private share: 770 sam:users
  • public share: 777 sam:users

But is this correct? I thought this caused those permission popups in Windows Explorer. But now I can't reproduce them anymore. And I don't even know how I fixed it.
(I did some restarts and updated from 6.9 to 6.10)

Link to comment
tvxyvbt5 Noob

tvxyvbt5

Posted
Posted

Not fixed! I just copied a bunch of files around and the "no permission" popup came again – while copying. 😑
 

I copied files into an already existing `777 nobody:users` directory.

But during the copying process(?) somhow the 777 became a 770. So I understand why the popup came. But why do the permissons change??

 

Is the solution just to run `chown -R myuser:users /mnt/user/myprivateshare`? If yes, what if I'd like to give other users acces too later?

Link to comment
tvxyvbt5 Noob

tvxyvbt5

Posted
Posted
52 minutes ago, trurl said:

What do you have in Settings - SMB - SMB Extras?

I never touched it.

Just this: 

#unassigned_devices_start
#Unassigned devices share includes
   include = /tmp/unassigned.devices/smb-settings.conf
#unassigned_devices_end

 

About one month ago I configured a LAN to LAN remote share with my friend.

That is mounted in here -> /tmp/unassigned.devices/smb-settings.conf: 

include = /etc/samba/unassigned-shares/10.253.0.2_backupsam.conf

 

Link to comment
nomadgeek Noob

nomadgeek

Posted
Posted (edited)

I'm using Windows AD and also have permissions issues, though different ones. I think I've worked out a lot of the problems by running the hand full of docker containers that need access to user shares as a domain user but now I'm dealing with an intermittent problem where winbind will "forget" that a domain user exists. When I run 'wbinfo -i username' it can't find it even though it's listed in 'wbinfo -u'. If I clear the cache with 'net cache flush' and check again the user is found (and now has access as expected.)

 

Didn't have any of these issues in the prior version.

Edited by nomadgeek
punctuation.
Link to comment
nomadgeek Noob

nomadgeek

Posted
Posted

Just reporting back to say that this issue continues; the server frequently forgets that an AD user exists requiring me to 'wbinfo -i user' the username and then flush. That'll bring the user back. It happens several times a day for individual users - a different one each time.

Link to comment
nomadgeek Noob

nomadgeek

Posted
Posted (edited)

I finally solved almost all of my issues last week by swapping the backend auth method of Samba by adding this to my SMB Extras: 

[global]
idmap config * : backend = tdb
idmap config * : range = 3000-4000000000

 

I had to go through and reassign all of the permissions because everyone's UID/GID changed but once I did that I stopped losing people in the system like I was in my previous posts.

I only have one unexplained problem left - a single user just doesn't exist no matter what I try.

Edited by nomadgeek
typo
Link to comment
  • 4 weeks later...
ricain59 Noob

ricain59

Posted
Posted
On 6/19/2022 at 2:08 PM, nomadgeek said:

I finally solved almost all of my issues last week by swapping the backend auth method of Samba by adding this to my SMB Extras: 

[global]
idmap config * : backend = tdb
idmap config * : range = 3000-4000000000

 

I had to go through and reassign all of the permissions because everyone's UID/GID changed but once I did that I stopped losing people in the system like I was in my previous posts.

I only have one unexplained problem left - a single user just doesn't exist no matter what I try.

The problem continu resolved with thas solution?

 

Thank you.

Link to comment
nomadgeek Noob

nomadgeek

Posted
Posted

 

23 hours ago, ricain59 said:

The problem continu resolved with thas solution?

 

Thank you.

Yes. The UNRAID server stopped forgetting people existed once it cleared out all of the old UIDs. I did have one employee whose domain account never gained access again and I ended up just creating him a new AD account for him to use to solve the issue.

Link to comment
nomadgeek Noob

nomadgeek

Posted
Posted
On 6/19/2022 at 10:45 AM, drogg said:

I'm having issues with docker and file permissions after upgrading to 6.10.3. Has anyone found a fix? 

This depends on your config. Are you working with AD or just UNRAID linux users?

You either need to adjust the permissions on the file system back to nobody:users (99/100) or run your containers as the uid/gid of a user with perms on the files you're trying to interact with using the container (incl. the docker config files.)

Link to comment
  • 5 months later...
  • 2 weeks later...
Phil Ash Noob

Phil Ash

Posted
Posted
On 1/14/2023 at 8:27 PM, trurl said:

You should figure out what is creating the files with incorrect permissions or it will happen again.

Have tried to find the cause but as of yet unable to and no new file permission issues have risen yet.

I do have another issue, which I probably caused myself when setting up plex on unraid. I accidentally created a transcode folder within the transcode folder. I cannot figure out how to get rid of it. All the topics with this same or similar issue give a solution that is utterly incomprehensible to me 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing