9/8/2023 0 Comments Freenas cifs permissions![]() ![]() One possible oddity is that the owner of all folders and files for the whole tree is an administrative level user (not administrator!), to allow us to be able to access and change permissions as administrators. ![]() We are using freenas here due to ZFS snapshotting plus redundancy, it is also providing NFS services to other machines and iSCSI to other machines, so replacing this server with a windows based file server (or for that matter, another SAN/NAS server), while, not out of the question, would not be an easy job. Note: all folders and files are created via samba client (not from the linux shell directly) either via IIS code executing as a user that has rights to that folder, or via a windows explorer window while logged into the server as a user that has rights to create files and folders. ![]() I added 'force create mode' and 'force directory mode' while testing. I have reviewed the smb.conf file by hand to eliminate potential GUI issues, here are any that I think might be relevant from searching google for this issue. In this case, the newly created folder doesn't get any ACLs assigned to it (explorer has no permission to the created folder) but I suspect this is most likely due to an order-of-operations type issue as when IIS/.net creates the folder in the other scenario, things happen in a different order than when you create a folder via explorer. The folder, at least, according to windows, is set to inherit permissions. The same error/problem occurs if I try to create a folder using windows explorer while logged in as a user that has access to the share (and write access to the folder in question). (AD\applicationpoolidentity is the user for the site, group is the same as the other folders) If I view the created folder via SSH, I see this:ĭ-w-rwx-+ 2 AD\applicationpoolidentity group 2 Sep 8 17:28 _testFolder_ Sep 8 17:28:05 ssasan01 smbd: change_dir_owner_to_parent: failed to change current working directory to -snip-/App_Data/packages/created/_testFolder_. source3/smbd/open.c:543(change_dir_owner_to_parent) The following error appears in the log samba log (level is currently 1 as this is a production server) Please review the stack trace for more information about the error and where it originated in the code.Įxception Details: System.UnauthorizedAccessException: Access to the path -snip-\App_Data\packages\created\_testFolder_ is denied. Access to the path -snip-\App_Data\packages\created\_testFolder_ is denied.ĭescription: An unhandled exception occurred during the execution of the current web request. The resulting folder is created successfully on disk, and appear to inherit the ACL permissions from the parent, however the create call returns an error. In a folder, that the IIS user has access to (write/modify/read/execute) (App_Data, actually) application code attempts to create a folder using DirectoryInfo.Create IIS sites run as an active directory user unique to that site.īoth the application pool (each site has it's own one) identity and the "physical path credentials" for the site in IIS are configured to be the same active directory user.įor the most part everything is working except folder creates. The freenas server is joined to an AD provided by windows servers. We have FreeNAS-9.2.1.3-RELEASE-圆4 providing a samba share to IIS (hosted by 2012 R2, if that's relevant) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |