Removing ACL from drives


Recommended Posts

I have been having some file permission issues in a number of places and I think I've tracked the issue down to my shares being created with ACL rules enabled.
This occurs in a number of scenarios but the most problematic are when I have a docker container pointed at share A (without ACL) any files it creates I am able to access via SMB. If I point that same docker container to share B (with ACL) all of a sudden I can't access the files. 
If I enable caching on a share (wihout ACL) then transfer a file over to it the share becomes inaccessible. However once I run the mover I can access the share again.

I think I've tracked this issue down to me having ACL rules on these affected directories. When I create a new share it's created with the permissions drwxrwxrwx+ and then the issues listed above occur. Once I remove the ACL the problems seem to be solved.

Travelling up the directory tree I found that all of my drives and both the user and user0 directories have these same permissions with ACL. If I run ls -l in the /mnt directory I get the following output:

total 8
drwxrwxrwx   5 root   root   120 Feb  2 01:33 RecycleBin/
drwxrwxrwx+  5 nobody users   57 Feb  1 23:11 cache/
drwxrwxrwx+ 16 nobody users 4096 Feb  2 01:27 disk1/
drwxrwxrwx+ 10 nobody users  118 Feb  1 23:11 disk2/
drwxrwxrwt   3 nobody users   60 Jan 25 18:25 disks/
drwxrwxrwx+  1 nobody users   57 Feb  2 01:27 user/
drwxrwxrwx+  1 nobody users 4096 Feb  2 01:27 user0/

As far as I can see the solution would just be to run setfacl -b on the affected directories to remove the ACL. Before I did this though I want to check that I've come to a logical conclusion and that by removing the ACL I won't cause any other permissions issues within Unraid. Is it normal to have these ACL rules on my shares or is there something wrong?

I am unsure what kinds of actions I should perform to make my diagnostics log useful so I've just created a new share and verified that it was created with ACL rules.

tower-diagnostics-20200202-1811.zip

  • Thanks 1
Link to comment
  • 1 year later...
3 minutes ago, TallMan206 said:

 Could you please tell me what command you typed in the CLI, to remove the ACL?

For example, folder /mnt/user/NAS/Media 

What command do I have to type?

 

Thanks.

Obligatory warning to be mindful of this command. If you can make sure you have backups just in case something goes wrong. It worked fine for me and a couple others but I'm far from a Linux expert and wouldn't want to cause you any data loss.

To just change that directory you would use:

setfacl -b /mnt/user/NAS/Media


If you have the same issue as me though, you more than likely want to do this recursively on all sub directories and files so just add the "R" argument:

setfacl -Rb /mnt/user/NAS/Media

 

  • Thanks 3
Link to comment

I think also having changed my cache drives from SATA SSD to NVME SSD, got me this strange behavior. 

When browsing folders, or copying files on my Unraid machine, folder get inaccessible because of changed permissions.

 

I have to go to the CLI to chmod 777 that folder again to make it accessible again. Tried the ACL trick but still the folders change permissions.

 

 

Link to comment
14 minutes ago, TallMan206 said:

I think also having changed my cache drives from SATA SSD to NVME SSD, got me this strange behavior. 

When browsing folders, or copying files on my Unraid machine, folder get inaccessible because of changed permissions.

 

I have to go to the CLI to chmod 777 that folder again to make it accessible again. Tried the ACL trick but still the folders change permissions.

 

 

Interesting, must be something to do with cache drives then.

I'd probably try experiment a bit to find a pattern.
Create a new share and look at the permissions. Try creating a share without cache access, see if that has any affect.
Check the permissions on "/mnt/user" or parent folders, maybe it's being inherited from a folder further up?
Try creating files through windows/linux using SMB, see if their permissions are okay or if it's only files generated by docker or unraid itself.

  • Like 1
Link to comment
6 minutes ago, TallMan206 said:

It indeed look like it is a Docker doing this. I am moving and copying files while both Dockers are off (Plex and Sabnzb) and now there seems no issue (yet)

Okay, by default Docker containers use the root user, meaning any files they create also belong to the root user so maybe this is the issue.
Some containers allow you to set a PUID and GUID.
For example on my plex docker I have PLEX_UID=99 and PLEX_GID=100. This will tell the container what user id and group id to use.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.