Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-105703

SMB (folder) permissions are half broken

    XMLWordPrintable

    Details

      Description

      Last couple of days I found out, while installing SQL server 2017 Database engine on a FreeNAS SMB share, that permissions, and the way FreeNAS handles permissions, is half broken.
      SQL server will (automatically with a Managed Service Account) disables inheritance on a folder. When this happens the folder hides and cannot be showed until you force inheritance to be turned on via ACL page on FreeNAS, which breaks the folder for SQL.

      Manually disable inheritance is possible, but this is also a problem. Even though my account is added to the domain admins group, which is set to be owner on that share/folder, it says that I don't have permission. I first have to make my account owner of that folder, click apply, disable inheritance and click apply again. When not following this order the folder breaks and is not accessible anymore. Have to reset inheritance via FreeNAS and can start all over again. (Please review the added images with the description)

      • Domain admins has been set to be user/group of the folder, just a group cannot be set... please add this. AGDLP (should be) pretty common to be used.

      Further on I am not sure if FreeNAS NTFS support is behaving ""exactly"" like it would be on a Windows File server. Because when updating the SQL server to the latest CU (20) it shows:
      Error: 17053, Severity: 16, State: 1.
      DoDevIoCtlOut() GetOverlappedResult() : Operating system error 1(Incorrect function.) encountered.

      https://docs.microsoft.com/en-us/archive/blogs/psssql/error-17053-when-using-third-party-network-storage-device-smb-file-share
      "If the device doesn’t support io code FSCTL_FILESYSTEM_GET_STATISTICS, there are different rampifications depending on which file System you use"

      Not sure if this is the case.

      Looking forward to you reply and the permission fixes for SMB shares.
      If you need any more information, please let me know.

        Attachments

        1. Accessed denied after clicking on continue.png
          8 kB
          Quinten
        2. after changing ACL in Windows.png
          78 kB
          Quinten
        3. afterwards it asks for permission.png
          19 kB
          Quinten
        4. before changing ACL in Windows.png
          84 kB
          Quinten
        5. Changing owner to group domain admins + changing inheritance breaks folder on NTFS securitysettings.png
          26 kB
          Quinten
        6. Inheritance disabled.png
          12 kB
          Quinten
        7. Inheritance on.png
          11 kB
          Quinten
        8. ixnas.so
          176 kB
          Andrew Walker

          Attachments

            JEditor

              Activity

                People

                Assignee:
                awalker Andrew Walker
                Reporter:
                Quinten Quinten
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Due:
                  Created:
                  Updated:
                  Resolved: