Gilt Brick
Dabbler
- Joined
- Sep 2, 2016
- Messages
- 34
Hi All,
I'm trying to clear up some confusion I have about ACL permissions.
1. When creating an ACL the default settings show an owner@ and group@ in the "Who" parameter.
The thread here mentions it's for the specific user owner and group owners of a file. - https://www.truenas.com/community/threads/11-3-acl-management-explain-root-wheel-owner-group.81801/
But don't the owners of a file have full control of the file? How do the permissions affect that?
2. Regarding inheritance flags from here - https://docs.oracle.com/cd/E19253-01/819-5461/gbaax/index.html
The flags seem to apply to the directory/files. I'm not sure why you would be settings these flags for each user/group. Can someone explain how the inheritance is applied and why it would be different for different users?
3. If I connect to the windows share as a non-owner I'm able to apply "deny" permissions to the owner so that when I switch to the owner I cannot read/write to the files. I still want the user to be able to change permissions for "lower" users but not change the permissions for the owner. How can I achieve this?
4. I have a Dataset inside of a Dataset and want to give a user permissions only inside the lower level one. I tried giving them full control in the lower one with no permissions in the higher one but am getting access denied. In order for them to be able to access the lower level one they need read and execute permissions in the higher one. How can I do this without giving them permission?
EDIT: solved, had to give the user "traverse" permissions in the higher dataset. In windows advanced share settings this shows as traverse folder/execute file, read attributes, read extended attributes, and read permissions. This doesn't allow the user to connect to the higher level dataset but does give them the set ACL permissions for the lower level dataset.
I'm clearly not understanding this so please ELI5, thanks!
I'm trying to clear up some confusion I have about ACL permissions.
1. When creating an ACL the default settings show an owner@ and group@ in the "Who" parameter.
The thread here mentions it's for the specific user owner and group owners of a file. - https://www.truenas.com/community/threads/11-3-acl-management-explain-root-wheel-owner-group.81801/
But don't the owners of a file have full control of the file? How do the permissions affect that?
2. Regarding inheritance flags from here - https://docs.oracle.com/cd/E19253-01/819-5461/gbaax/index.html
The flags seem to apply to the directory/files. I'm not sure why you would be settings these flags for each user/group. Can someone explain how the inheritance is applied and why it would be different for different users?
3. If I connect to the windows share as a non-owner I'm able to apply "deny" permissions to the owner so that when I switch to the owner I cannot read/write to the files. I still want the user to be able to change permissions for "lower" users but not change the permissions for the owner. How can I achieve this?
4. I have a Dataset inside of a Dataset and want to give a user permissions only inside the lower level one. I tried giving them full control in the lower one with no permissions in the higher one but am getting access denied. In order for them to be able to access the lower level one they need read and execute permissions in the higher one. How can I do this without giving them permission?
EDIT: solved, had to give the user "traverse" permissions in the higher dataset. In windows advanced share settings this shows as traverse folder/execute file, read attributes, read extended attributes, and read permissions. This doesn't allow the user to connect to the higher level dataset but does give them the set ACL permissions for the lower level dataset.
I'm clearly not understanding this so please ELI5, thanks!
Last edited:
