SOLVED acl_get_file() failed: Invalid argument

[oliviersu]

TrueNas version : 12.0-U5.1 , Share folder with Active Directory user by ACL .
when run the command :
setfacl -m g:"DOMAIN\domain admins":full_set:fd:allow,g:"DOMAIN\domain users":modify_set:fd:allow,owner@:full_set:fd:allow,group@:rxaRc:fd:allow,everyone@:rxaRc:fd:allow /mnt/dozer/SHARE
get the error message: setfacl: /mnt/dozer/SHARE : acl_get_file() failed: Invalid argument

getfacl /mnt/dozer/SHARE
get the error message: getfacl: ./rnd-datastore: Invalid argument

 

[anodos]

What is behind that path? ZFS dataset? Did you manually alter ZFS dataset properties? Did pool originate from other server / OS?

 

[oliviersu]

yes , it is ZFS Dataset . I used the webgui to setup ACL with AD user ,it does not work. The pool originate local disk but need share the dataset with ubuntu user and windows user .

 

[anodos]

What is output of zfs get all dozer/SHARE?

 

[oliviersu]

NAME PROPERTY VALUE SOURCE
dozer/SHARE type filesystem -
dozer/SHARE creation Wed Sep 22 10:03 2021 -
dozer/SHARE used 2.43T -
dozer/SHARE available 57.6T -
dozer/SHARE referenced 2.43T -
dozer/SHARE compressratio 1.00x -
dozer/SHARE mounted yes -
dozer/SHARE quota 60T local
dozer/SHARE reservation none local
dozer/SHARE recordsize 128K default
dozer/SHARE mountpoint /mnt/dozer/SHARE default
dozer/SHARE sharenfs off default
dozer/SHARE checksum on default
dozer/SHARE compression off inherited from pool
dozer/SHARE atime on default
dozer/SHARE devices on default
dozer/SHARE exec on default
dozer/SHARE setuid on default
dozer/SHARE readonly off default
dozer/SHARE jailed off default
dozer/SHARE snapdir hidden default
dozer/SHARE aclmode passthrough local
dozer/SHARE aclinherit passthrough inherited from pool
dozer/SHARE createtxg 21814547 -
dozer/SHARE canmount on default
dozer/SHARE xattr sa local
dozer/SHARE copies 1 local
dozer/SHARE version 5 -
dozer/SHARE utf8only off -
dozer/SHARE normalization none -
dozer/SHARE casesensitivity sensitive -
dozer/SHARE vscan off default
dozer/SHARE nbmand off default
dozer/SHARE sharesmb off default
dozer/SHARE refquota 60T local
dozer/SHARE refreservation none local
dozer/SHARE guid 17049327047172061536 -
dozer/SHARE primarycache all default
dozer/SHARE secondarycache all default
dozer/SHARE usedbysnapshots 0B -
dozer/SHARE usedbydataset 2.43T -
dozer/SHARE usedbychildren 0B -
dozer/SHARE usedbyrefreservation 0B -
dozer/SHARE logbias latency default
dozer/SHARE objsetid 782 -
dozer/SHARE dedup off default
dozer/SHARE mlslabel none default
dozer/SHARE sync standard default
dozer/SHARE dnodesize legacy default
dozer/SHARE refcompressratio 1.00x -
dozer/SHARE written 2.43T -
dozer/SHARE logicalused 2.34T -
dozer/SHARE logicalreferenced 2.34T -
dozer/SHARE volmode default default
dozer/SHARE filesystem_limit none default
dozer/SHARE snapshot_limit none default
dozer/SHARE filesystem_count none default
dozer/SHARE snapshot_count none default
dozer/SHARE snapdev hidden default
dozer/SHARE acltype off local
dozer/SHARE context none default
dozer/SHARE fscontext none default
dozer/SHARE defcontext none default
dozer/SHARE rootcontext none default
dozer/SHARE relatime off default
dozer/SHARE redundant_metadata all default
dozer/SHARE overlay on default
dozer/SHARE encryption off default
dozer/SHARE keylocation none default
dozer/SHARE keyformat none default
dozer/SHARE pbkdf2iters 0 default
dozer/SHARE special_small_blocks 0 default
dozer/SHARE org.freenas:description clone from nas local
dozer/SHARE org.truenas:managedby 10.10.10.10 local

 

[oliviersu]

@anodos

 

[anodos]

Why have you set `acltype` to `off`?

 

[anodos]

zfs set acltype=nfsv4 dozer/SHARE

 

[anodos]

acltype=off is not supported on TrueNAS Core / Enterprise.

 

[oliviersu]

zfs set acltype=nfsv4 dozer/SHARE

Thanks @anodos , it works for getfacl command . but it can not be mounted in ubuntu by Active Directory user . it always show the error messages : noacl_connect: noacl: non-trivial ACL detected on conncectpath /mnt/<pool>/SHARE. Denying access to share . make_connection_snum: SMB_VFS_CONNECT for service 'SHARE' at '/mnt/<pool>/SHARE' failed: No error: 0

 

[anodos]

Thanks @anodos , it works for getfacl command . but it can not be mounted in ubuntu by Active Directory user . it always show the error messages : noacl_connect: noacl: non-trivial ACL detected on conncectpath /mnt/<pool>/SHARE. Denying access to share . make_connection_snum: SMB_VFS_CONNECT for service 'SHARE' at '/mnt/<pool>/SHARE' failed: No error: 0

Yeah, that's because you have unchecked ACL on SMB share. You can use the webui to strip the ACL from the path.