napp-it Folder Shares - Help!

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

ZzBloopzZ

Member
Jan 7, 2013
91
13
8
Hello,

I desperately seek the help of STH. Spent over 2 hours playing around with ACL permissions on napp-it and cannot figure it out! Using ZFS on latest version of OmniOS + napp-it.

Basically, I would like to create two user accounts. User A, which should have full read/write permissions. Then user B, should have only READ permissions, do not want them modifying any files.

User accounts are already created. I went to ACL Extension > ACL on folders and set everyone@ to read_set for pool30tb/Data/ . Then user A to full_set and user B to read_set.

However, if I access pool30tb/Data/ through Windows as user A and create a folder called "Movies", that folder will not show up for User B. I am guessing this is because it gives full ownership of that folder to user A? I plan to add many folders under pool30tb/Data/ and want full access to certain folders visible to both user A (full control) and B (read only), while other folders only accessible by user A only.


Thank You!
 
Last edited:

gea

Well-Known Member
Dec 31, 2010
3,141
1,184
113
DE
Hello,

I desperately seek the help of STH. Spent over 2 hours playing around with ACL permissions on napp-it and cannot figure it out! Using ZFS on latest version of OmniOS + napp-it.

Basically, I would like to create two user accounts. User A, which should have full read/write permissions. Then user B, should have only READ permissions, do not want them modifying any files.

User accounts are already created. I went to ACL Extension > ACL on folders and set everyone@ to read_set for pool30tb/Data/ . Then user A to full_set and user B to read_set.

However, if I access pool30tb/Data/ through Windows as user A and create a folder called "Movies", that folder will not show up for User B. I am guessing this is because it gives full ownership of that folder to user A? I plan to add many folders under pool30tb/Data/ and want full access to certain folders visible to both user A (full control) and B (read only), while other folders only accessible by user A only.


Thank You!
probable reason: inheritance problems

- you must set ACL for everyone@: read_set with inheritance enabled to files and folders (you missed inheritance)
as well as the users settungs for user A (User B is redundand because of the everyone rule)
- ZFS property aclinheritance must be set to passthrough


Problem:
If you set Unix-permissions to a folder like chmod 755, ACL inheritance settings are lost
You can reset needed ACL recursively to /Data with acl-extension: reset ACL or from Windows as root as long as you have only allow rules.
 

ZzBloopzZ

Member
Jan 7, 2013
91
13
8
For everyone@: it is read_set and inheritance is file,dir. Do I need to check "inherit only" also?
 

ZzBloopzZ

Member
Jan 7, 2013
91
13
8
Thank you Gea, as always! I think I figured it out!

Is this how it should look like? This is the permissions for my main data folder (pool30tb/Data/)

I will be primarily using the user Bloop on my main computer. I will be creating all new folders/files within Data with Bloop account also. Automatically all of those files/folders should be readx for everyone else except owner/Bloop? All I should have to do now is just create the other user accounts I want, and assuming should be good to go?

Also, either this is a serious bug or I am an idiot. When trying to reset ACL's, the reset ACL's as owner+readx would work fine for the folders. However, it would not work on files. I even checked the Files checkmark, but it would not reset ACL for the files. I then tried unchecking folders and making sure only files was checked, but still the permissions would not change. Luckily, it was just junk test data. I ended up deleting everything under pool30tb/Data and re-creating folders under Bloop and it seems to be working the way I want.

Edit: Also, aclinherit = (passthrough) which I hope is fine for my needs.
 
Last edited: