TOS 6.0.500 Official Release

[tanktarta]

SOLVED WITH WORKAROUND

Confirmed. By generating my own (self signed) certificate on the domain controller that has a non-negative serial number, TOS 6.0.500 can join the domain again.

I have no idea if the same problem might exist on a Microsoft domain controller. I would guess not, or that would mean TM didn't test this at all

So anyone else who might have a Samba based domain, using the out-of-the-box TLS configuration trying to join TOS to the domain, the full fix is here.

On the domain controller I did ..

Code: Select all

cd /var/lib/samba/private/tls
openssl req -newkey rsa:4096 -keyout custom-key.pem -nodes -x509 -days 730 -out custom-cert.pem

Then edited /etc/samba/smb.conf and added the following to global section.

Code: Select all

tls enabled = yes
tls keyfile = tls/custom-key.pem
tls certfile = tls/custom-cert.pem
tls cafile =

I still think this is a bug though. This configuration is fine with all other domain clients. At the very least, the error should be better than "incorrect username or password".

[abs1ck]

Hi. I even tried uninstalling Emby and reinstalling it from the TM store. This issue keeps happening, making it impossible to use (( Here's what I've done so far:

I gave full permissions to the folder.
I set the flag to apply permissions to subdirectories.
I reinstalled Emby, removing all configurations, and reassigned all folder permissions.
This happens in different situations, and I can't track any consistent pattern:

It happens when trying to resume playback. Playback starts, the video begins to load, and I see in the log that a reference to an object is missing. When I check the folder permissions at that moment, the Emby user no longer has access.

It also happens when scanning and updating metadata, or when trying to set an image. Often there's a failure, and I can see a "500" error in the developer console. When I check the folder permissions again, they’re gone.

If I perform a full library scan, at some point the folder permissions disappear. Images stop showing entirely, and I can't even check logs through Emby itself. I have to go through SMB to check, and it shows "access denied."

[terramaru]

On version 6.0.461 all worked good.

On version 6.0.500 permissions in subfolders is randomly "off" for users "media" and "qbittorrent" after few hours (i do nothing, it's set off automaticaly). And i can't return permissions for system user "qbittorrent" for subfolders. I am set off, set on and check flag "set for all subfolders", restarted nas - not work.

I can't set permissions in subfolders for system user "qbittorrent". App qbittorrent not work. And permissions for user "media" is sometimes set off randomly automaticaly.

NAS F4-423.

[abs1ck]

On version 6.0.461 all worked good.

On version 6.0.500 permissions in subfolders is randomly "off" for users "media" and "qbittorrent" after few hours (i do nothing, it's set off automaticaly). And i can't return permissions for system user "qbittorrent" for subfolders. I am set off, set on and check flag "set for all subfolders", restarted nas - not work.

I can't set permissions in subfolders for system user "qbittorrent". App qbittorrent not work. And permissions for user "media" is sometimes set off randomly automaticaly.

NAS F4-423.

Hi, here I have the same 1 in 1, only with emby, although qbittorrent can too, but I haven't used it yet on the release version))

[spamdz12o]

It works and is far more stable that the previous version. Even when I get 100% usage I can (sometimes) login and fix the issue... so that is a huge win.

What I found is that when using jdownloader dockerized, and I try to do other things, it is quite easy to get IO waiting to 100% and killing the system.

I could mitigate it by limiting the CPU and memory usage of the container, but still happens. Is there a way to limit disk access? As the daemon.json of docker is overwritten every update, I wanted to ask for options with this.
Or is there a way to script that when system usage is over 80% kill this container?

[spamdz12o]

Hi. I even tried uninstalling Emby and reinstalling it from the TM store. This issue keeps happening, making it impossible to use (( Here's what I've done so far:

I gave full permissions to the folder.
I set the flag to apply permissions to subdirectories.
I reinstalled Emby, removing all configurations, and reassigned all folder permissions.
This happens in different situations, and I can't track any consistent pattern:

I granted the permision via shell and it works....

Also, why do you use emby from the store and not a dockerized version? I normally prefer containers, they are updated more frequently, and normally you have more control over them (CPU and memory limits) than with TM Store apps

[MisterXY]

Does this kernel implement the UDF file format of BluRay and DVD so that they can be mounted?

[DanielB]

Hi. I was the person who reported the permissions issue on the previous release, and like others, am seeing further issues, new issues, with 6.0.500 permissions.

For simplification of my setup, let's say I have a Shared Folder called "TNAS-PUBLIC" that has subfolders "DOCUMENTS", "MOVIES" and "AUDIO", and in addition to the Superuser account, I have users: User#1, User#2, guest, and Media. My goal is to give User#1 and User#2 full access to the TNAS-PUBLIC folder tree and through File Manager's right-click Properties->Permissions window, to give user Media access to only the "MOVIES" and "AUDIO" subfolders, and user guest to "Deny" (so I can grant individual folder access as needed, later).

Here's my observations after updating to TOS 6.0.500 (note: ALL operations below were done with the 'Replace the permissions for all subfolders' box manually CHECKMARKED every time it was available) :

• non-Superuser users could not access files they previously had access to.
• When I went to Control Panel->Shared Folders, and viewed folder's permissions for my shared folder "TNAS-PUBLIC", when the item 'User' selected in the dropdown, only my Superuser account had R/W permissions, all others users said "Null" and had no boxes checked for any permission type.
• When I switched the dropdown to 'User Group', both 'admin' + 'allusers' Permissions column said "Null" and all checkboxes were UNchecked.
• In File Manager, when I right-clicked on "TNAS-PUBLIC", and went Properties->Permissions, with 'Users' displayed in the dropdown, I saw only my Superuser had R/W permission - all other users had "Null" in the Permissions column and no boxes checked for any permission type. With 'User Group' displayed in the dropdown, both 'admin'+'allusers' said "Null" in the Permissions column and all boxes were UNchecked.
• To correct the user group permission issue, in Control Panel->Shared Folders and with "TNAS-PUBLIC" folder selected, I switched to 'User Group' and put checkmarks in the R/W column for both and then hit "Confirm". I opened Control-Panel->System->Processes and waited for the process setfacl to finish working (as this is the process that sets permissions).
• Still in the Shared Folders area, I then switched the dropdown to 'User' and enabled R/W access to the desired users (User#1 and User#2 only) and set user Media to "Deny". Then I clicked "Confirm". I again monitored the setfacl process and waited for it to complete. I went back to File Manager and right-clicked on my "TNAS-PUBLIC" folder and went Properties->Permissions and reviewed both the 'Users' and 'User Group' permissions for all users. It looked CORRECT!
• Next, in File Manager, I right-clicked on the "MOVIES" subfolder and checked its Permissions. Only Superuser had R/W permissions, everyone else had "Null" in the Permissions column and all checkboxes were UNchecked.
• I switched the File Manager Permissions dropdown to 'User Group' and saw that both 'admin'+'allusers' said "Null" in the Permissions column and had all checkboxes for both UNchecked.
• It was suggested in an above post to try temporarily resetting folder permissions to "Deny". In Control Panel->Shared Folders, I selected "TNAS-PUBLIC" and set 'User Group' for 'admin'+'allusers' to "Deny" then switched the dropdown to "Users" and did the same - then monitored the setfacl process until its completion. When that was done, I re-abled R/W permissions for 'admin'+'allusers' in the 'User Group' area then used the dropdown to switch to 'User' and set User#1 and User#2 to "R/W" and set user Media to "Deny". I clicked "Confirm" and again monitored setfacl to completion. I then switched to File Manager and reviewed the "TNAS-PUBLIC" folder's permissions (both 'User' and 'User Group'). They both appeared to be correct, with User#1 + User2 granted R/W permissions and user Media set to 'Deny'.
• Still in File Manager, I selected the "MOVIES" subfolder and viewed it Properties. On the 'General' tab, I noticed the Owner is set to "sys" rather than the name of my Superuser account. I'm not sure what that means or why that is.
• Switching to the Permissions tab, with 'Users' showing in the dropdown, I saw User#1 + User#2 have R/W permissions and 'guest' set to "Null" and 'Media' set to "Deny". (<- shouldn't "guest" be "Deny" by default, not "Null"?)
• In the same window, I manually set user 'Media' to "R/W" and hit "Confirm", then monitored the setfacl process until completion. However, I then switched the dropdown to "User Group" and noticed that for both 'admin'+'allusers', the Permissions column says "Null" and all checkboxes for both are UNchecked.
• I manually set 'admin'+'allusers' to "R/W' and hit "Confirm" and waited for the setfacl process to complete. I then reopened the Properties window to confirm that my permissions were correct. They were!
• In then thought to check the permissions of a subfolder (ex: "TNAS-PUBLIC\MOVIES\A_Movie"). With 'Users' displayed in the dropdown, everything looked good... NO, there was 1 issue: user 'guest' correctly has "Deny" in the Permissions column but it is missing its checkmark so has an empty checkbox. I checked other subdirectories of the "MOVIES" folder and this issue is consistent, and also occurs inside all other "TNAS-PUBLIC\" subfolders.
• I then though to check other subfolders of subfolders (ex: "TNAS-PUBLIC\AUDIO\CDs\") and discovered that only my Superuser account had R/W permissions - all other users (User#1+User#2+guest+Media) have "Null" in the Permissions column and all their checkboxes are UNchecked. Switching the dropdown to "User Group", both 'admin'+'allusers' are also "Null" + all UNchecked.
• Examining this more, I noticed that while the Properties windows for "TNAS-PUBLIC\AUDIO" folder shows the Owner as the mysterious "sys" (but does have 'Users' and "User Group' permissions correctly set), some subdirectories of it are owned by my Superuser account while others are owned by "sys", yet ALL have the same permissions issue as described in the previous bullet point.
• I right-clicked on "AUDIO" and went to its Permissions tab, where User#1+User#2+guest+Media all appear correctly configured. I checked the "Replace " box at the bottom as usual, and tried setting setting all users to "Deny" temporarily, hoping that when I switch any or all of User#1/User#2/Media back to "R/W" a few minutes later, it would inherit and persist. It does NOT, it has no effect: despite having set "R/W" on the parent folder "AUDIO", all its subfolders still show only R/W permission for the Superuser while all other users are "Null" and UNcheckmarked. Subfolder 'User Group' items also all have both 'admin'+'allusers' "Null" and UNcheckmarked, despite being set correctly in the parent folder.
• I then went to Control Panel->User Group and checked permissions. First, I clicked on 'admin' and in its Permissions tab, I saw my "TNAS-PUBLIC" share set to "R/W", some shares set to "Customize", and some set to "Null". This is wrong, as admin should have (and did previously have before the update) R/W permission for everything and (I assume) none of them should be "Null" and should instead be "Deny" by default. Similarly, when I clicked on 'allusers' and checked its permissions, all my shares were "Null" except for "TNAS-PUBLIC", because it's the only share I've manually dealt with for now since the upgrade to TOS 6.0.500
• Next, I went to Control Panel->User and checked permissions. My Superuser account WAS correctly set, with "R/W" set for everything and its ability to be changed from that greyed out.
• I checked User#1 permissions: the 1 folder I've dealt with, "TNAS-PUBLIC" is set correctly to "R/W" but all other share are set to "Customize" for some reason (I didn't set them this way).
• I checked User#2 permissions: the 1 folder I've dealt with, "TNAS-PUBLIC" is set correctly to "R/W" but 2 other shares have "Deny" in their Permissions column but have all checkboxes UNchecked ("Deny" column should have checkmark) while 3 other shares are set to "Customize" for some unknown reason yet their Permission column contradicts this and says "Deny".

In other words, permissions in TOS 6.0.500 are a mess and not tested properly (at all?) before release.

Other UI observations during this:

• Inconsistent item naming: In Control Panel->Shared Folder->Permissions, the dropdown contains item 'User' and 'User Group' while in File Manager->Properties->Permissions, the dropdown contains item "Users". As a native English speaker, I'd suggest "Users" be used for both.
• Inconsistent option location: In Control Panel->Shared Folder->Edit, the 'General' tab contains a checkbox item, "Replace the permissions of all subdirectories with the permissions of the folder" while in File Manager->Properties, the same checkbox item appears on the ->Permissions tab. It makes more sense for it to be on the Permissions tab in both instances as the option controls the application of user permissions.
• Improper/non-standard sorting behaviour: The sorting behaviour in TOS (both in File Manager and elsewhere, for instance Control Panel->Shared Folder) is that names starting with a capital letter are all sorted before names starting with a lower case letter — and regardless of whether it is a folder or filename. I expect folder first then files and lower case + capital letters to be treated as equal. So as an example, TOS shows a name-sorted column as "Audio","Books","Cartoon1.mp4","Videos","cartoon2.mp4","eBooks" rather than "Audio","Books","eBooks","Videos","Cartoon1.mp4","cartoon2.mp4" while a list of Users in Control Panel will appear as: "Admin123","Nicky","guest","media","nathan" instead of "Admin123","guest","nathan","Nicky","media". As a life-long Windows PC user and long-time Android user, I've never encountered the TOS-style sorting before and it makes no sense to me to want or need it sorted that way as we don't sort that way in our heads.
• Context-menu placement issue: I mentioned this a previous beta version thread and am not sure whether TOS 6.0.500 was meant to have fixed it or if it's still planned for a later release but I'm still having issues with often not being able to see/access items at the bottom of the right-click context menu in File Manager because the context menu is created in the wrong place on my (PC's) screen. This is particularly true if the File Manager window (etc) is in List view and not maximized but can still happen even when maximized. I didn't notice this issue prior to TOS 6.0.420.
• Too many items in a folder to show its Properties?:While manually changing permissions on shared folder/subfolders just now because of the 6.0.500 permissions bug, I right-clicked on one and selected "Properties", but both the General tab and Permissions tab fail to load (even after waiting 20 minutes), indefinitely timing out due to, I assume, the high number of files and/or folders within it. The same thing happens on the Android TNAS Mobile app with this subfolder, it never finishes loading ("size: statistics in progress..."). According to Windows, the directory has has 10,311 Files in 924 folders (45GB total). Because of both bugs, I cannot currently set its permissions through TOS and will have do via another method.

[abs1ck]

I fully support it, with access rights it is simply not possible to use the system. I started getting IO error errors, which were fixed after re-granting rights to folders and its subdirectories. Half of the containers have stopped working and cannot access them. The bets worked more stably, as soon as the release was released, the NAS turned into a garbage can that could not be used. Now it's clear why people are willing to pay more for software from Synology and Qnap.

[tanktarta]

Fwiw, I am so far happy with the new permissions in TOS 6. I also reported problems, but my issue was more with how groups were handled, and this has all been resolved in this release.

Like many others there most certainly, existing permissions I had were quite broken, but once corrected everything just works.My goal was mainly to assign NAS resources via (domain) groups, with a few user specific ones and it is doing this nicely now. Perhaps users who are more individual user or application wrt their permissions have a worse time.

So far to me at least it just seems the issues were caused by necessarily incompatible changes with existing permissions. It's understandable, and better beta testers go through it than real users, or have to wait till TOS 7 for a fully capable permissions system. I think TM may have made a mistake though blessing 6.0.500 as the official release. There probably should have been a beta or two more too iron out any issues in what was quite a large final changelog and people upgrading to it.

I would agree with all of @DanielB UI criticism points above, and would like to add a couple.

• The use of the word "Null" for default permissions is a bit scary. My initial thought was "whats broken!" seeing that word. "Default", or "Inherit" or anything extreme would be better for English speaks.
• The default size of the permissions dialog is a little small and always needs resizing to be usable. I know you have smaller screen devices to think of, but perhaps dialogs could open up as ration of the total available size instead of what is apparently a fixed size.