muppet_3000
Cadet
- Joined
- Aug 5, 2020
- Messages
- 3
Hi Everyone,
I'm a new FreeNAS user but I'm pretty certain I'm in the right place for this post. Please redirect me if not.
I'm in the process of testing out my various use-cases for FreeNAS which is replacing a CentOS 7 server that just hosted a series of NFS shares that were mounted to various other machines on the network.
I have always used ACLs to restrict access and various permissions on my folders in the past (I'm not an expert on them but I know enough to give certain groups full access, certain other groups only read access and everyone else no access etc. etc.)
In the past I have always set the 'X' (note capitalisation) but on folders to signify that anything created under the directory (and all subdirs) should have the executable bit set if either the file is already executable OR if it is a directory.
However, with FreeNAS it would appear that the only way to achieve any form of executable bit is to have it set recursively for all created files and directories under the shared volume. I have logged onto the server using SSH to attempt to manually set the lower case "x" to an upper-case one using setfacl but I get setfacl: malformed ACL: "access permissions" field contains invalid flag "X` in response. Making me think that BSD/FreeNAS simply does not support this flag and as such there's no way to achieve this.
It's not the end of the world, I'd just rather not every single file I create on the volume have it's executable bit set (e.g. text files, jpeg files etc.).
Some helpful/important notes:
Hopefully I haven't missed anything, please ask if there's any more information required for debug.
What I'm after is either:
I'm a new FreeNAS user but I'm pretty certain I'm in the right place for this post. Please redirect me if not.
I'm in the process of testing out my various use-cases for FreeNAS which is replacing a CentOS 7 server that just hosted a series of NFS shares that were mounted to various other machines on the network.
I have always used ACLs to restrict access and various permissions on my folders in the past (I'm not an expert on them but I know enough to give certain groups full access, certain other groups only read access and everyone else no access etc. etc.)
In the past I have always set the 'X' (note capitalisation) but on folders to signify that anything created under the directory (and all subdirs) should have the executable bit set if either the file is already executable OR if it is a directory.
However, with FreeNAS it would appear that the only way to achieve any form of executable bit is to have it set recursively for all created files and directories under the shared volume. I have logged onto the server using SSH to attempt to manually set the lower case "x" to an upper-case one using setfacl but I get setfacl: malformed ACL: "access permissions" field contains invalid flag "X` in response. Making me think that BSD/FreeNAS simply does not support this flag and as such there's no way to achieve this.
It's not the end of the world, I'd just rather not every single file I create on the volume have it's executable bit set (e.g. text files, jpeg files etc.).
Some helpful/important notes:
- This occurs both via the NFS share but also if the file is created locally on the freeNAS box indicating that it is the ACLs that are the issue not the share
- If I remove the ACLs altogether the sticky executable bit problem also goes away
- I have tried looking for a definitive answer to this elsewhere online but haven't been able to find one
Code:
root@freenas[/mnt/storage]# getfacl test_restricted # file: test_restricted # owner: root # group: restricted_group group:restricted_group:rwxpDdaARWc--s:-------:allow owner@:rwxpDdaARWcCos:fd-----:allow group@:rwxpDdaARWc--s:fd-----:allow everyone@:--------------:fd-----:allow
Hopefully I haven't missed anything, please ask if there's any more information required for debug.
What I'm after is either:
- No FreeNAS/BSD doesn't support this, get over it and move on with your life
or - Yes here's the relevant option to tick in the GUI that will solve all of your problems in life (can't believe you didn't find this in the first place)