 Time here for more systems and since 12.0 true NAS Core has been released There have been some changes to the way the permission system works I wanted to cover those changes and this is also going to fix if you are someone who had the problem of Do the in-place upgrade and a broke some of the permissions We're not sure how to fix that by simply stripping off the old permissions and putting on new ones And of course we'll start with how to set up a brand new share and the proper way to get those permissions set up for a Single user and for a group of users and for a shared group before we get started with that Let's first feel like to learn more about me and my company head over to Lawrence systems calm If you like to hire short project, there's a hires button right at the top If you'd like to help keep this channel sponsor free and thank you to everyone who already has there is a join button here for YouTube and a patreon page your support is greatly appreciated if you're looking for deals or discounts on products and services We offer on this channel check out the affiliate links down below They're in the description of all of our videos including a link to our shirt store We have a wide variety of shirts that we sell and new designs come out well randomly So check back frequently and finally our forums forums.laurancesystems.com is where you can have a more in-depth discussion about this video and other tech Topics you've seen on this channel now back to our content now the device You're going to be testing this on is a true nas mini 3.0 x plus and big shout out to IX systems for providing me with this for doing some testing and review And yes, I have a longer-term review that is coming on this particular device But it doesn't really matter if you're using a IX systems based device or build this yourself The way that permissions work is the same either way This is true nas 12.0 release now This is the fully released version of true nas not the beta anymore and as of November 2020 the most current version Now one thing we're going to go over is a couple of prerequisites here. Let's go to accounts and users We're gonna start with the one user I have created in here Tom And we're going to build our first data set with permissions on there This is pretty much a clean system because I keep reloading it and testing it in different configurations So there's really not much on here. It's pretty default and we're going to go over here to storage Pools and let's create a new data set go ahead and hit add data set and we'll call it youtube Permissions youtube permissions demo Pretty straightforward on how we do this nothing special and we're going to go ahead and just hit submit So we didn't do anything other than a default create on here now This is where there's definitely some changes that have occurred compared to the previous versions. We go over here And it did have options to edit permissions or edit acls now. It's just edit permissions These are the default linux style permissions and we want to actually change this over to acl So we're going to go over here and hit use acl manager We can create a custom access control list or select from their presets We'll actually go with the restricted one now open kind of like it implies is going to create an open control As a matter of fact, we'll say continue real quick here and you'll see what it creates We have a everyone that can go in here the group whoever the group owner is and whoever The owner is so we have an owner a group owner And then an everyone option on here if we select a different one such as Restricted hit okay, and now it's only the Whoever the owner is whoever the group is and then we can select another one here again And look at the home options And once again, we have everyone put some other permission nuances have been changed in between to reflect setting up like a home drive So as I said, we'll start with restricted So we'll go here. We want to restrict this only to tom by default It has root and it has wheel. We do not want root and wheel This is something that in tunas 12 You're going to have problems with because you should be assigning it to a user and not letting root own everything But this is how I believe in the older versions of free nasa didn't have any problem with this It is more of a challenge. So we're not going to use root and wheel for these We're going to actually go ahead and use the groups we have which whenever you create a new user It also creates a group. So that group we have is tom So we'll grab tom here apply We'll grab tom again here Whenever there's a user created there's a company group apply user apply group We selected the permissions and we'll leave these right here pretty basic just like that If there's existing data apply recursively that means grab and apply these ACLs to everything underneath and hit save And that's all you need to do to create it and now have tom own it So let's go back in here and take a look at it We're going to go to edit permissions. Hey look tom owns it. Now if we were to switch that and we'll say wheel for example apply group save Let me go back in and edit again You can see now it has wheel, but we want tom to own it for purposes of this demo where we're at right now Apply group apply recursively. You know, there's no data in there. We didn't put anything in there yet, but we'll go ahead and hit save All right, so now we have youtube permissions. We've created a data set and we've established that tom owns it The tom group and one more time we'll go back in here and make sure tom has full permissions for everything But we see full control here and we can even change this from basic permission modify and we just want to say full control I want to make sure tom owns and has control of everything in here Because that's the user we're going to start testing with and then we'll create the other users next So we go ahead and hit save Now one thing I will note if you have screwed this up and you've already gotten to the point where you've applied a bunch of permissions You're not sure what's going on and everything's kind of a mess Pretty easy to fix and what you do in that particular circumstance is go back over to edit permissions And you can just hit strip acls Remove all acl permissions from the child data sets and current data set strip acls And it basically lets you start over and this is sometimes the best place to start if you've been playing with this for a while And you're kind of stuck and you're like, I'm not sure what I did. I'm not sure what acls I have applied I just need to wipe all these access controls off, which doesn't affect the data This just affects the permissions assigned to each object and folder underneath and you can just strip them off That's kind of what happens when you have done some in place upgrades And maybe you don't know or maybe some mistakes were made along the way Because you didn't document all the changes you made either way strip acls is pretty straightforward to strip all the access control Is but we're not going to do that because we just set them right and we created this new Next we're going to create a share Now when you're creating a share Windows share we're going to add Go to mount The pool and a nice thing is it tells you acl is present in this path, so it already understands which one does We do have this other folder. This is a video sync test. I'm doing Unrelated to this video, but you notice how it doesn't have an acl needed as ice ocage This does so we go here That's the folder we want to share What's the name we want to use we'll call it YouTube YouTube permissions now of note and I've done videos before in snapshots and I'll be doing some updated ones for true nas 12 But they essentially work the same By default it does have enabled shadow copies enabled and this is only if you have snapshots also turn on for the data set On a scope of this particular video, but pretty easy if you turn the snapshots on Once you turn them on start and stop the SMB service to make sure it understands that this options enabled and that'll enable shadow copies But you don't really need to change anything from the advance the basic options are fine But I wanted to note these are currently the defaults when you create a new share In the new version of true nas these defaults though May not be the options you have if you did an in place upgrade So if you didn't play upgrade It will not change options for example like shadow copy was not I believe part of the default Several versions ago and because it is now you may want to change and check those things you can Redo the existing but in this case we're creating new so these are going to be the defaults. All right, we're going to hit submit And then we're going to go and do a test now I'm going to do the test in windows because the assumptions a lot of people are using windows But this will work just as well in linux So go over here go over to my windows machine And we're just going to do this by p address There's our youtube permissions Create a new folder test Folder all right Maybe I have some documents in here. Let me see do I have some random stuff We'll go ahead and paste that in there as well There we go a couple random documents we threw in here now if we go here right click and go to properties We can see tom creator owner each one of the permission sets and then the group tom that's in here as well So all of this is configured properly sets up that's easy enough to understand for how tom can get in there But if you work in larger organizations But not big enough to have active directory and I bring that up because If you were doing this in active directory, it works slightly different because you'll have active directory handling all the permissions And you'll have it connecting to the server out of scope of this today or talk This is all going to be based on users and permissions based inside of the true nasa system itself So now we know how to create a user the permissions and everything else will create a user We're going to get to next but pretty easy to create users in here. We're going to create one more Because who else works with tom? So we need to add another user We're going to go over here accounts users add And uh marcus works with tom so we have a create a marcus user username marcus password And go ahead and hit submit not worried about home drives out of scope again of this So we want to have two different users Now we're going to go and create a group because both of these people work at lorence systems And we'll just create a group id called lts. So there's our group id We'll hit submit Then we're going to go over here into the lts group We're going to edit the members And the two members are currently marcus and tom Save now we have two separate users We've created a group put these users inside of that group. Now we're going to go back over here. I'm going to go to our storage pools YouTube permissions here, and we're going to go ahead and edit We want to edit the permissions and also you have to do Because we're going to go here and we're going to change the group to lts Apply a group and because group has full control so does the owner so whoever creates it has full control People that are members of scope have full control We have some things that we've already created. I want to make sure those have the right permission So we want to apply it recursively we hit save And now that group object has been created Now let's go ahead and we're going to actually going to log in via linux and smarkis and create some files Right marcus is logged in and can see some of this. Let's dump a couple random things in there All right, we threw a few folders in here and let's go over in windows and take a look And now windows can see the other files created and we're going to go ahead and do a properties on them Look at the security And we see that marcus is the creator of these, but do we have read write access to it? Should be able to create a new folder here oops test folder And yes, we can now the test folder right here properties Security And the creator was tom on this as opposed to marcus So i'm able to create folders i own underneath and these are the ones that the marcus user was able to create and we go back over here Drag in now you can see this is from the linux side of the house I was able to do this as well and there's a test folder and if I wanted to create even more folders You kind of get the idea we can keep creating more and more folders There's the xxx one. I just created and windows can see it as well So it's pretty straightforward getting the permission set up on here now one less one more thing that'll cover in terms of how this works I've sshed into the system just so you can see what looks like from the command line as well So you can see which owners have which and they can be changed here if you ever needed them They can be done from the command line as well Also related to that is the git FACL command you can also Script and modify these and if you just want to look at some of the permissions And if you want to have an understanding of how it works your command line You can look up the different commands of how you do these and it will break down who owns what so Owner is tom group lts and let's go side run the same command again. So cd YouTube permissions and let's look at something like that obs folder. So we'll do the same command again But this time we're going to go look at the obs folder And you can see who the owner and group is for that so on and so forth So you can kind of give an idea there's a handful command line options that work as well But it's pretty straightforward to manage it through the interface. So let's go switch back over to linux or sorry the true nas web interface and over here Edit permissions and if we needed to apply different groups different permissions You can see we'd be able to do it here also of note when you're adding acl items We did the group at an owner at as in these people right here. Who are the owner? You can also specify a specific user And you only have the user tom, but whichever user you have created If you need to specify a specific permission as well and set the allow types basic Inherent modifier who can say like full control This is a way you can specify a user who's not maybe part of the group But also implicitly you want to have on there and then you can keep So on and so forth Maybe another group that you want to add maybe another acl item And yes, you can just keep going with this and this is sometimes why strip acl is so important because you've built out So many complexities with this and then we go back over to strip acl if we need to That'll remove all of them and we can start back over again We go back and edit permissions when you strip acl it brings us back to the generic Linux style permissions go back to acl manager and the process starts over So hopefully it's helpful Hopefully this clarified some of the problems you're having and like I said If you did some in place upgrades or you've been playing with this While you don't remember all the changes you may have made or whether or not you did things recursively You can always start with strip acls remove them all start over start with all the templates and sometimes You know, it's just easier to do it that way. All right, and thanks And thank you for making it to the end of the video If you like this video, please give it a thumbs up If you'd like to see more content from the channel hit the subscribe button and hit the bell icon If you like YouTube to notify you when new videos come out If you'd like to hire us head over to laurancesystems.com fill out our contact page And let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums.laurancesystems.com Where we can carry on the discussion about this video other videos or other tech topics in general even suggestions for new videos They're accepted right there on our forums, which are free Also, if you like to help the channel in other ways head over to our affiliate page We have a lot of great tech offers for you. And once again, thanks for watching and see you next time