#Help to set up Taildrive

Hi. Please can you help me troubleshoot my taildrive setup?

Aim: I have a simple setup for personal use, linking 7 devices, all exclusively access by me. I want to setup file sharing which allows all devices to access all shares.

What I've done:

• Followed the official documentation adding node attrs - the first option here: https://tailscale.com/docs/features/taildrive#enable-taildrive-in-the-policy-file
• When i add grants - the broadest policy as suggetsed in the docs, after saving, I no longer have connectivity and need to disconnect from tailscale to revert the changes

I've attached my ACL config

I suspect what's going on is that your only rule that's defined gives access to taildrive, and that's it. You've removed the default rule, which allows access to everything , and only added what you needed for taildrive. That means, you're not giving yourself any other access to your devices. Tailscale's rules are deny by default so without a definition, you'd lock yourself out.

What happens if you add another rule giving yourself access to your own devices (without the app definition in the grant)

        "src": ["autogroup:member"],
        "dst": ["autogroup:self"],
        "ip":  ["*"],
   },```

Thanks. I tried this but it didn't work. still no network access"grants": [ { "src": ["autogroup:member"], "dst": ["autogroup:self"], "ip": ["*"], "app": { "tailscale.com/cap/drive": [ { "shares": ["*"], "access": "rw", }, ], }, }, { "src": ["autogroup:member"], "dst": ["autogroup:self"], "ip": ["*"], }, ],

i don't think I removed the 'default rule'

The default rule is usually:

  "grants": [
    {
      "src": ["*"],
      "dst": ["*"],
      "ip": ["*"]
    }
  ] ```

And I don't see it in your ACL file you provided, so it was changed

Thanks. Sorry to be a pain but could you possibly suggest what the full grant sections should be? I'm new to this and finding it quite confusing.

I might start off with something like:

//give members access to their own shares
"grants": [
  {
    "src": ["autogroup:member"],
    "dst": ["autogroup:self"],
    "app": {
      "tailscale.com/cap/drive": [{
        "shares": ["*"],
        "access": "rw"
      }]
    }
  },
  //allow every device to get everwhere (default rule)
  {
      "src": ["*"],
      "dst": ["*"],
      "ip": ["*"]
  }
 ] 
 

There's not alot of detail you're providing about devices on your tailnet and whether or not you've tagged them, but this might be something I would try to see if it works.

Amazing! Thanks seems to be working perfectly now. I really appreciate your help.