Yes, we changed what was allowed via the UI so that users can change Windows -> Unix permissions type. This performs a chmod (possibly with a -R) on the dataset in question. The resulting permissions are what you would expect with this combination of actions. In general, it's not a great idea to do this, but we allow it. If you need to strip the extended ACL, you can perform afind /mnt/NasPool/winshare | setfacl -b
. We can't perform this action by default because it is significantly more destructive than a recursive chmod. Big picture: we need a graphical ACL editor in the GUI.
@anodos Forgetting smb shares for the moment and concentrating just on dataset permissions, this is the comparison between FN11.1-7U and latest FN11.2-U2 for the simple sequence of changing the dataset share type from unix to windows and then back to unix again. There was never a need to use
setfactl -b
before to remove the extended ACL. Should this behaviour have changed? It is a separate issue, or is it related to the regression you have mentioned?
FN11.1-7U
Code:
[chris@freenas /mnt/NasPool]$ getfacl winshare # file: winshare # owner: chris # group: chris owner@:rwxp--aARWcCos:-------:allow group@:r-x---a-R-c--s:-------:allow everyone@:r-x---a-R-c--s:-------:allow [chris@freenas /mnt/NasPool]$ [chris@freenas /mnt/NasPool]$ getfacl ^C [chris@freenas /mnt/NasPool]$ getfac winshare -bash: getfac: command not found [chris@freenas /mnt/NasPool]$ getfacl winshare # file: winshare # owner: chris # group: chris owner@:rwxpDdaARWcCos:fd-----:allow group@:rwxpDdaARWcCos:fd-----:allow everyone@:r-x---a-R-c---:fd-----:allow [chris@freenas /mnt/NasPool]$ getfacl winshare # file: winshare # owner: chris # group: chris owner@:rwxp--aARWcCos:-------:allow group@:r-x---a-R-c--s:-------:allow everyone@:r-x---a-R-c--s:-------:allow [chris@freenas /mnt/NasPool]$
FN11.2-U2
Code:
[chris@freenas /mnt/NasPool]$ getfacl winshare # file: winshare # owner: chris # group: chris owner@:rwxp--aARWcCos:-------:allow group@:r-x---a-R-c--s:-------:allow everyone@:r-x---a-R-c--s:-------:allow [chris@freenas /mnt/NasPool]$ getfacl winshare # file: winshare # owner: chris # group: chris owner@:rwxpDdaARWcCos:fd-----:allow group@:rwxpDdaARWcCos:fd-----:allow everyone@:r-x---a-R-c---:fd-----:allow [chris@freenas /mnt/NasPool]$ getfacl winshare # file: winshare # owner: chris # group: chris owner@:rwxpDdaARWcCos:fd-----:allow group@:rwxpDdaARWcCos:fd-----:allow everyone@:r-x---a-R-c---:fd-----:allow [chris@freenas /mnt/NasPool]$