I am trying to move over a SMB share to NFS for my media server VM.
I have 2 accounts configured for remote access from different hosts to the NAS: jellyfin and mgmtpc. Both of which have full read/write/execute access to my media library dataset and can access the dataset without issues when logged in via SMB.
When I use the Mapall user option and set it to jellyfin, no files can’t be accessed from the remote host. However when I set this option to mgmtpc it starts working.
I don’t know what exactly happened but I would like to use the jellyfin account for my media server.
I did some more digging and found out the that the owner of the files are all mgmtpc (expected).
However, I have ACLs setup that state that both users should have full read/write/execute access to the contents of the folder.
Running the getfacl command shows that the ACL is only applied to the dataset and not the subdirectories (even if I check the apply recursively option)
Just a note, owner is the user who created the file. You will never see more than one entry for owner. This is a property of *nix filesystem permissions generally. Posix acl is not the same, it expands with features that the basic filesystem permissions lack. So you are correct to be checking with getfacl. Don’t worry about owner, I think it’s unrelated to your issue.
Sounds like perhaps it’s the ACLs then? Did you try modifying them at all?
I noticed also you said everything worked fine over SMB. Was everything created from a windows machine via SMB? From mgmtpc I assume?
Assuming you’ve only ever used local user accounts? No AD or LDAP anywhere? I don’t know TrueNAS super well so just putting things out there in case it can help someone with pinpointing your issue.
Not sure how TrueNAS does user mappings if that’s relevant here.
Sorry if you’ve already googled all this. It sounds like mapall should do that but you need to do it against the initial correct creator of the data. Could you share the commands you used? I’d ensure you used mapall against the original creator of the data. So if the data was created by mgmtpc you should use mapall against the UID/GID of that user/machine to say “everyone who accesses this data is me, the person who made the data.”
That’s my understanding from reading about mapall briefly. It just makes it think whomever is accessing the data is who you specify in via mapall. If that person isn’t the owner then it’ll tell you no way jose you didn’t make this data.
So again to somewhat repeat myself- when you use mapall you’re saying “everyone who tries to access this data is this UID and/or GID” based on what you specified in the command. From what I’ve read it doesn’t actually change the underlying or original owner/permissions. Just repeating for myself honestly because that’s how I understand it.
I would experiment more with this using some fake data elsewhere and see the results. Use chown and chmod to play with things and see how it changes access.
Also NFSv3 vs NFSv4 makes a difference here. Somewhere.
