i’ve been working a lot with this lately, and i’ve finally got it to work. i realize everyone’s setup is unique so it’s almost impossible to just make a straightforward/linear guide. but, i will at least document my flow and hopefully show you all the concepts you need to actually do it. everything else i’ve found online doesn’t help, without chatGPT telling me what i needed i never would have found all the info from forums.
After going through it, i realize there are simpler ways to do it, but the concepts are all still applied. “simpler” only means a way to leverage the defaults more. further, the simpler ways are not capable of allowing the user/owner/person to maintain access to files via SMB as well as allow their apps services to work. Permissions are a bigger problem than most “experts” want to admit.
There is no way a hobby-level person trying to do this on a weekend could possibly get this to work. they will just end up frustrated with a half-broke system and abandon the project. honestly, this is a problem for the industry, and it’s why Synology exists. After all this, if i were to do it again, i would probably just buy a synology myself.
there are some up-and-coming solutions. hexos seems to be trying to simplify it, but their project is still under development. i’ve not tried Unraid but that might be a managed software as well. and lately there’s been several no-name brands coming out with solutions (aoostar, ugreen, minisforum, etc…) which seem promising as well.
one other thing i realized through the process, i was focusing wayyy too much on “NAS” hardware, when really the issues all surround the software config/setup. i think there’s a lot of focus made on the hardware side, because it easier to explain and show in a cute article or youtube video. i got caught up in that, conflating the hardware with “working setup”. i thought i would need 12x drives in a 2x 6-drive raidz2 vdev setup. with my requirements, and for most home users, i would say to buy 2x large-capacity drives and just use them in raidz1. Drives are more reliable than they used to be — if you’re really worried about that, maybe buy a 3rd drive as a cold spare. either way, hardware should not be as large a focus as it’s been.
table of contents:
- Dataset Layout
- Users and Groups
- apps, root, your smb user?
- who should own the files?
- what basic “posix/unix” permissions need to be set
- the setgid/setuid bit
- all things ACL
- what is an acl
- how they are applied
- Minimum entries / ACE’s needed
- how we want ours to look
- passing users/groups between host and containers
- easier method: what it seems like they are suggesting to do
- limitations/downsides
- references at the end – this will be a long list
Dataset Layout
several guides exist for this. i recommend putting everything in a single dataset, and then putting folders (directories) under it.
a popular zfs feature to save storage space by reducing duplicated files is called “hardlinks”. hardlinks can only persist within a single dataset. so that’s why we keep everything together.
Some argue that keeping everything together makes me more difficult to separate your backups, which is true. i can accept that i have a “flat” scheme for that.
users and groups
because i wanted to allow for a multi-user setup, i needed to create multiple users