POSIX permissions

Questions about using NAS on Mac OS.
Post Reply
m_emelchenkov
Starting out
Posts: 32
Joined: Fri Aug 21, 2020 2:33 pm

POSIX permissions

Post by m_emelchenkov »

Hi! I tried to enable POSIX permissions in SMB and make it work in macOS 10.13.6. Unfortunately, not working for me. It's still 0700 and `chmod` does not change anything. Anybody has success? I tried to add

Code: Select all

[global]
unix extensions = yes
and also tried enable Windows ACL support (just in case), but none works.

Firmware version 4.5.3.1652.
torch1
Know my way around
Posts: 137
Joined: Thu Jul 04, 2019 4:53 am

Re: POSIX permissions

Post by torch1 »

Maybe something on the Samba wiki would help you: https://wiki.samba.org/index.php/Settin ... ended_ACLs
User avatar
OneCD
Guru
Posts: 12010
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: POSIX permissions

Post by OneCD »

m_emelchenkov wrote: Sun May 09, 2021 6:33 pm

Code: Select all

[global]
unix extensions = yes
Note: this value is explicitly set to 'no' when (re)starting the Samba service. You'll need to hack the init script to set it: viewtopic.php?p=673524#p673524

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
m_emelchenkov
Starting out
Posts: 32
Joined: Fri Aug 21, 2020 2:33 pm

Re: POSIX permissions

Post by m_emelchenkov »

OneCD wrote: Sun May 16, 2021 4:20 am
m_emelchenkov wrote: Sun May 09, 2021 6:33 pm

Code: Select all

[global]
unix extensions = yes
Note: this value is explicitly set to 'no' when (re)starting the Samba service. You'll need to hack the init script to set it: viewtopic.php?p=673524#p673524
I know it. I modified the config file by patching init script and double-checked the result after restarting. Not working for me anyway.
Mousetick
Experience counts
Posts: 1081
Joined: Thu Aug 24, 2017 10:28 pm

Re: POSIX permissions

Post by Mousetick »

What exactly is the goal here?

Samba Unix Extensions are obsolete, they work only with the older CIFS protocol (as opposed to SMB 2+).
m_emelchenkov
Starting out
Posts: 32
Joined: Fri Aug 21, 2020 2:33 pm

Re: POSIX permissions

Post by m_emelchenkov »

@Mousetick, exact goal is I want to have a copy my work files and folders with proper permissions, same as I have on macOS. And also want to restore it correctly on another machine. I don't want to use iSCSI / NFS / ... for this, I thought I'll be able to use SMB. Now I see it seems it's impossible even with altering config, right?

Thanks for notifying about obsoletance of Samba Unix Extensions, I did not know this fact.
Mousetick
Experience counts
Posts: 1081
Joined: Thu Aug 24, 2017 10:28 pm

Re: POSIX permissions

Post by Mousetick »

I'm afraid you're going to have to live with the simplified 0700 permissions via SMB on the macOS side if you want to keep things simple.

If you want to be able to manage the permissions more granularly from macOS over SMB, you'll need to enable Advanced Permissions (not the Windows ACLs, they're something else) on the QNAP NAS which are POSIX ACLs and then you're in for quite a bit of pain. For one thing, macOS uses NFS ACLs which are richer than POSIX ACLs and don't map 1-to-1 between them. Second, if there are other non-macOS clients to the SMB server, they may not handle the ACLs well or at all and you may run into permissions issues. Third, I think it's recommended to make the NAS an Active Directory Server and have the macOS clients be members of this ADS so both the macOS clients and the NAS all use the same users and groups for ACLs, otherwise they're disparate and it can quickly become a big mess.

Don't take my word for it. I can't tell you much more than that as I don't have much experience with this setup on QNAP NAS. I'm aware that it's a can of worms.

For this reason I don't use QNAP's Samba server, instead I run my own Samba server that I can configure at will. I'm using this configuration, which preserves POSIX permissions between Linux and macOS in both directions, without any complicated ACL or ADS setup:

Code: Select all

fruit:nfs_aces = yes
while QNAP uses

Code: Select all

fruit:nfs_aces = no
There may be other QNAP settings that would need to be changed, I don't know.

So with my configuration, a normal file has the correct 0644 permissions, an executable file has the correct 0755 permissions and so forth. I can chmod from the macOS side and the permissions are reflected on the Linux side.

You could try to apply the same configuration on your NAS, but do it at your own risks, I have no idea what the results will be - good or bad. I don't use QNAP's SMB server, can't help you with deviating from its standard configuration too much.
m_emelchenkov
Starting out
Posts: 32
Joined: Fri Aug 21, 2020 2:33 pm

Re: POSIX permissions

Post by m_emelchenkov »

@Mousetick It works! Thank you very much for the solution and especially for a such detailed description, I see you know this topic very very well and it is very pleasant that you share your knowledge, old-world sys. adms. are rare nowadays :-).
Mousetick
Experience counts
Posts: 1081
Joined: Thu Aug 24, 2017 10:28 pm

Re: POSIX permissions

Post by Mousetick »

I spent a lot of time studying and testing Samba's configuration for my own needs (Linux server with Linux, macOS, and Windows clients, a handful of users/groups, no central user directory, only POSIX permissions, no ACLs). I'm a stickler for preserving file metadata across platforms. Samba is a wonderful piece of software, extremely configurable and flexible, but also very old with a lot of outdated cruft and poorly documented. Making things worse are the SMB clients on macOS and Windows with their own undocumented behaviors and quirks. I haven't used Netatalk or AFP in a very long time but I still know a little bit about how it works.

No need for a donation, but thanks for the offer. I'm glad I was able to help and my bag of tricks worked for you.
m_emelchenkov
Starting out
Posts: 32
Joined: Fri Aug 21, 2020 2:33 pm

Re: POSIX permissions

Post by m_emelchenkov »

👍👍👍
lisanet
First post
Posts: 1
Joined: Fri Aug 06, 2021 1:58 am

Re: POSIX permissions

Post by lisanet »

If you're interested in installing your own samba server, take a look at a blog article, I've written a few days ago. (although it's in german, the commands should be self explanatory) -> https://lisanet.de/qnap-smb-macos-und-d ... x-rechten/

I ran into the same issue with file and directories always having 700 permissions. I could only solve it by installing my own samba server with the above mentioned setting of NFS ACEs.

Additionally I've added a small script, which will make the samba server nicely work with QNAP's FileStation, so that you can add, delete or modify shares, users and permissions in QTS.
Pete842
Starting out
Posts: 10
Joined: Fri Sep 02, 2022 7:20 am

Re: POSIX permissions

Post by Pete842 »

Old thread but still relevant as even in October 2022 Qnaps stock smb server does not preserve file permissions.

@Mousetick: Would you share your smb.conf. The number of options in smb.conf is overwhelming. I‘m still trying to find the optimal settings to work on the server side with Qnaps suite of apps and on the client side with recent macos (Monterey and Ventura).

@lisanet: Followed your guide to setup my own smb server but ran into a couple of issues. Posted a comment on your site but it is awaiting moderation for a couple of weeks. Do you still maintain your blog?
Post Reply

Return to “Mac OS”