Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Thanks for using the TrueNAS Community Edition issue tracker! TrueNAS Enterprise users receive direct support for their reports from our support portal.

Attempting to update permissions via API results in a mystery error

Description

Hello,

Whenever attempting to update the permissions on a path we get an error that doesn't seem to be related to our command:

URI: /api/v1.0/storage/permission/

Request json:

{"mp_path":"\/mnt\/Pool\/testuser",

"mp_user":"testuser",

"mp_mode":755,

"mp_group":"testuser",

"mp_acl":"unix"}

Results in:

"error_message": "", "traceback": "Traceback (most recent call last):\n\n File \"/usr/local/lib/python3.7/site-packages/tastypie/resources.py\", line 219, in wrapper\n response = callback(request, *args, **kwargs)\n\n File \"/usr/local/lib/python3.7/site-packages/tastypie/resources.py\", line 450, in dispatch_list\n return self.dispatch('list', request, **kwargs)\n\n File \"./freenasUI/api/utils.py\", line 252, in dispatch\n request_type, request, *args, **kwargs\n\n File \"/usr/local/lib/python3.7/site-packages/tastypie/resources.py\", line 482, in dispatch\n response = method(request, **kwargs)\n\n File \"./freenasUI/api/resources.py\", line 424, in put_list\n if form.commit(deserialized.get('mp_path')):\n\n File \"./freenasUI/storage/forms.py\", line 1713, in commit\n acl_is_present = (c.call('filesystem.stat', path))['acl']\n\n File \"./freenasUI/storage/forms.py\", line 1712, in commit\n dataset = c.call('pool.dataset.query', [['mountpoint', '=', path.rstrip('/')]], {'get': True})\n\n File \"/usr/local/lib/python3.7/site-packages/middlewared/client/client.py\", line 393, in call\n raise ClientException(c.error, c.errno, c.trace, c.extra)\n\nmiddlewared.client.client.ClientException\n"}

Problem/Justification

None

Impact

None

SmartDraw Connector

Katalon Manual Tests (BETA)

Activity

Show:

Drew WMay 27, 2020 at 4:24 PM

I think my final question would be when creating a user how do you specify that it shouldn't create these files?

 

rw-rr- 1 lastone lastone 983 May 27 09:23 .cshrc
rw-rr- 1 lastone lastone 323 May 27 09:23 .login
rw-rr- 1 lastone lastone 91 May 27 09:23 .login_conf
rw-rr- 1 lastone lastone 301 May 27 09:23 .mail_aliases
rw-rr- 1 lastone lastone 267 May 27 09:23 .mailrc
rw-rr- 1 lastone lastone 881 May 27 09:23 .profile
rw-rr- 1 lastone lastone 212 May 27 09:23 .rhosts
rw-rr- 1 lastone lastone 782 May 27 09:23 .shrc

Drew WMay 27, 2020 at 4:19 PM

Hello, okay I sort of figured it out. It's very confusing that clicking on Edit ACLs on a window share takes you to the filesystem ACL settings but that's cool. One note I will make I have no idea what the return value from api/v2.0/filesystem/setacl it seems to be a 5 digit number that keeps auto incrementing whether or not there is an error. it would be great if it threw errors normally.

Drew WMay 27, 2020 at 3:00 PM

Which of the API endpoints does the same thing as this URL in the UI?

https://HOST/ui/storage/pools/id/Pool/dataset/acl/SHAREPATH

It seems like if I use the UI to remove the "default" ACL it creates for "everyone" and add one that gives the user FULL ACCESS to their own share it works as intended. I am trying to replicate doing that via the API. The default ACL gives every user access to every share which is not at all desirable.

Is there a way to make the UI report the exact API commands it's using so that I can just copy the JSON that I need?

Andrew WalkerMay 22, 2020 at 6:25 PM

You need to use filesystem.setacl endpoint and not the smb.sharesec endpoint. The former is for setting filesystem ACLs and the latter is for setting NT ACL on the share itself.

Drew WMay 22, 2020 at 6:14 PM

Ah, okay I am trying to set the permissions on the SMB/CIFS share, so I POST:

{"share_name":"userone","share_acl":[{"ae_who_name":{"domain":"","name":"userone"},"ae_perm":"FULL","ae_type":"ALLOWED"}]}
{"share_name":"userone","share_acl":[{"ae_who_name":{"domain":"","name":"everyone"},"ae_perm":"FULL","ae_type":"DENIED"}]}

to: api/v2.0/smb/sharesec

in two requests, both requests return NULL and nothing seems to be updated in the UI. 

Basically I just need to make it so only userone (which is both the user and the sharename) has access to userone in both SMB/CIFS and FTP.. i.e. so other users can't see each other's folders. i.e. so userone can only see userone and not usertwo, userthree, userfour.

Behaves as Intended

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

More fields

Katalon Platform

Created May 22, 2020 at 1:49 PM
Updated July 1, 2022 at 4:53 PM
Resolved June 23, 2020 at 4:34 PM