Hello forum...
I have an SMB share running on Freenas 11.2-U3
My MacOS users can use the share as expected, unless they tag a directory (A feature of the MacOS Finder). This will add extended attributes to a dir.
Once a file is tagged, it can no longer be moved or deleted. Tagging files works. Any ideas on how I can tag the dirs with out the permissions being changed?
These are the (working) permissions on an untagged dir:
These are the permissions on a dir once it has been tagged from the MacOS A deny has been added for the owner!:
The extended attributes on the tagged dir:
Setting tags on files is not a problem.
A newly upload (Untagged) file:
After tagging the file (Unchanged permissions):
Here is the share config:
I have an SMB share running on Freenas 11.2-U3
My MacOS users can use the share as expected, unless they tag a directory (A feature of the MacOS Finder). This will add extended attributes to a dir.
Once a file is tagged, it can no longer be moved or deleted. Tagging files works. Any ideas on how I can tag the dirs with out the permissions being changed?
These are the (working) permissions on an untagged dir:
Code:
# file: BB # owner: tbp # group: fileserver-write owner@:rwxpDdaARWcCo-:fd----I:allow group@:rwxpDdaARWcCos:fd-----:allow everyone@:r-x---a-R-c---:fd----I:allow
These are the permissions on a dir once it has been tagged from the MacOS A deny has been added for the owner!:
Code:
# file: AA # owner: tbp # group: kontrapunkt-fileserver-write owner@:--x-----------:-------:deny owner@:rwxpDdaARWcCo-:fdi---I:allow group@:rwxpDdaARWcCos:fd-----:allow everyone@:r-x---a-R-c---:fdi---I:allow group@:rwxpDdaARWcCos:fd-----:allow owner@:rw-p--aARWcCos:-------:allow group@:rwxpDdaARWcCos:fd-----:allow everyone@:rwxp--a-R-c--s:-------:allow
The extended attributes on the tagged dir:
Code:
# lsextattr user AA AA DosStream.com.apple.metadata:_kMDItemUserTags:$DATA DosStream.AFP_AfpInfo:$DATA
Setting tags on files is not a problem.
A newly upload (Untagged) file:
Code:
# file: NetSpot.dmg # owner: tbp # group: fileserver-write owner@:rw-p--aARWcCos:-------:allow group@:rw-p--a-R-c--s:-------:allow everyone@:rw-p--a-R-c--s:-------:allow
After tagging the file (Unchanged permissions):
Code:
Account Management [J1023889] # getfacl NetSpot.dmg # file: NetSpot.dmg # owner: tbp # group: fileserver-write owner@:rw-p--aARWcCos:-------:allow group@:rw-p--a-R-c--s:-------:allow everyone@:rw-p--a-R-c--s:-------:allow
Here is the share config:
Code:
[Files] access based share enum = Yes hosts allow = hosts allow = 172.30.10.0/24 172.30.11.0/24 172.22.33.0/24 path = "/mnt/storage/files" read list = @fileserver-read read only = No store dos attributes = No valid users = @fileserver-write @fileserver-read veto files = /*.DS_Store/.apdisk/.TemporaryItems/.windows/.mac/ vfs objects = catia zfs_space zfsacl fruit streams_xattr fruit:encoding = native fruit:veto_appledouble = no zfsacl:expose_snapdir = True zfsacl:acesort = dontcare nfs4:chown = true nfs4:acedup = merge nfs4:mode = special fruit:resource = stream fruit:metadata = stream
Last edited: