brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5b8a9f6e035709454cb43e5f9661b3d110a0ea5c
oam/knowledge base/truenas core.md
Michele Cereda 335fb1f95e chore: diy nas progresses
2023-09-14 00:24:11 +02:00

4.2 KiB
Raw Blame History

TrueNAS core

Table of contents

  1. TL;DR
  2. Default permissions on files and directories
    1. Default permissions in SMB shares
  3. Further readings
  4. Sources

TL;DR

Default permissions on files and directories

Suppose you want a shared dataset to set the default permissions of newly created files and directories to 0664 and 0775 respectively.

The best way to achieve this would be to set up the dataset's ACLs accordingly:

Who ACL Type Permissions Type Permissions Flags Type Flags Translated getfacl Tags Resulting Unix Permissions
owner@ Allow Advanced Read Data, Write Data, Append Data
Read Named Attributes, Write Named Attributes
Read Attributes, Write Attributes
Delete
Read ACL, Write ACL
Write Owner
Synchronize		 Advanced File Inherit owner@:rw-p-daARWcCos:f------:allow -rw-------
owner@ Allow Basic Full Control Advanced Directory Inherit owner@:rwxpDdaARWcCos:-d-----:allow drwx------
group@ Allow Advanced Read Data, Write Data, Append Data
Read Named Attributes, Write Named Attributes
Read Attributes, Write Attributes
Delete
Read ACL, Write ACL
Write Owner
Synchronize		 Advanced File Inherit group@:rw-p-daARWcCos:f------:allow ----rw----
group@ Allow Basic Full Control Advanced Directory Inherit group@:rwxpDdaARWcCos:-d-----:allow d---rwx---
everyone@ Allow Advanced Read Data
Read Named Attributes
Read Attributes
Read ACL		 Advanced File Inherit everyone@:r-----a-R-c---:f------:allow -------r--
everyone@ Allow Advanced Read Data
Read Named Attributes
Execute
Read Attributes
Read ACL		 Advanced Directory Inherit everyone@:r-x---a-R-c---:-d-----:allow d------r-x

Default permissions in SMB shares

A simpler but arguably worse way to achieve a similar result only for SMB shares is by using the mask smb.conf additional parameters in the share definition:

create mask = 664
directory mask = 775

If a dataset has no ACLs set and you create a SMB share for it, you are asked to create them for its filesystem.
You can cancel at this point and go for the additional parameters instead.

Further readings

Sources

All the references in the further readings section, plus the following: