File and Directory ACL Permissions difference when created from Linux vs Windows

[user0241233]

Hello,

I'm new to TrueNAS and ACL so apologies if this is a basic question. I have a TrueNAS Scale drive that is mounted to Linux and Windows Systems. We have an Active Directory and Domain Controller that systems including TrueNAS have joined. We have domain accounts and groups. Let's say some of the groups are: Software, Hardware, Middleware, Domain Users, root etc. The ACL permissions on these mounts are set using nfs4xdr_setfacl. Users are allowed to create files in certain directories. Each domain user account has access to Linux systems as well as Windows.


TrueNAS-SCALE-22.02.3 behaviour: Previously when a certain user created a file while logged in through linux system, the group owner got set as 'domain users' which is the desired behaviour. But when the same user created a file using Windows, the group owner got set as 'root' and no permissions show for 'domain users' when I do nfs4xdr_getfacl on the file.

I upgraded TrueNAS to TrueNAS-SCALE-22.02.4. Now the permissions are different based on whether a file is created or a directory, as well as if it is created from Windows or Linux.

	Creating file in Windows	Creating directory in Windows	Creating file in Linux	Creating directory in Linux
ACL	nfs4xdr_getfacl windows_file.txt # File: windows_file.txt # owner: james # group: domain users # mode: 0o100750 # trivial_acl: false # ACL flags: none group:james:rwxpDdaARWcCos:-------:allow owner@:rwxpDdaARWcCos:-------:allow group:Hardware:r-x---a-R-c--s:-------:allow group:Software:r-x---aARWcCos:-------:allow group@:r-x---a-R-c--s:-------:allow	nfs4xdr_getfacl windows_dir # File: windows_dir # owner: james # group: domain users # mode: 0o40750 # trivial_acl: false # ACL flags: none group:james:rwxpDda-R-c--s:fd-----:allow group:Hardware:r-x---a-R-c--s:fd-----:allow group:Software:r-x---aARWcCos:fd-----:allow group:james:rwxpDdaARWcCos:-------:allow owner@:rwxpDdaARWcCos:-------:allow owner@:rwxpDdaARWcCos:fdi----:allow group@:r-x---a-R-c--s:-------:allow group@:r-x---a-R-c--s:fdi----:allow	nfs4xdr_getfacl linux_file.txt # File: linux_file.txt # owner: james # group: 0 # mode: 0o100750 # trivial_acl: false # ACL flags: none user:james:rwxpDda-R-c--s:------I:allow group:Hardware:r-x---a-R-c--s:------I:allow group:Software:r-x---aARWcCos:------I:allow owner@:rwxpDdaARWcCos:------I:allow group@:r-x---a-R-c--s:------I:allow	nfs4xdr_getfacl linux_dir # File: linux_dir # owner: james # group: 0 # mode: 0o42750 # trivial_acl: false # ACL flags: none user:james:rwxpDda-R-c--s:fd----I:allow group:Hardware:r-x---a-R-c--s:fd----I:allow group:Software:r-x---aARWcCos:fd----I:allow owner@:rwxpDdaARWcCos:fd----I:allow group@:r-x---a-R-c--s:fd----I:allow
Errors	'group:james' shouldn't be there as 'james' group doesn't exist and it wasn't set in the ACL	'group:james' shouldn't be there as 'james' group doesn't exist and it wasn't set in the ACL. 'owner@' and 'group@' are set twice with different permissions. Even 'group:james' is set twice. This shouldn't be the case.	'# group' should be 'domain users' not 0 (0 is the UID for root). 'user:james' shouldn't be set as james is the file owner and its permissions are satisfied by 'owner@' keyword.	'# group' should be 'domain users' not 0 (0 is the UID for root). 'user:james' shouldn't be set as james is the file owner and its permissions are satisfied by 'owner@' keyword.

I haven't been able to find out what's causing this.

Systems Info:
Windows: Windows 10
Linux: Rocky Linux 8.6
TrueNAS: TrueNAS-SCALE-22.02.4
ACL: NFSv4

Please let me know if you need further information.

Thanks

 

[bcat]

I don't know the cause, but I (and at least one other person) observed similar problems inconsistent ACLs for files created on Windows vs. Linux, as well as the duplicate ACEs you noted.