How to removing all ACls system wide

[titan_rw]

I don't understand either. I use standard unix file permissions / users / groups to control access to both of my freenas boxes pools. There's nothing special I needed to do. I use 'chmod' and 'chown', etc to fix permissions if needed.

I had no need to modify fstab or anything that drastic, it just worked.

 

[kam270]

I don't understand either. I use standard unix file permissions / users / groups to control access to both of my freenas boxes pools. There's nothing special I needed to do. I use 'chmod' and 'chown', etc to fix permissions if needed.

I had no need to modify fstab or anything that drastic, it just worked.

Its good to hear you can use standard file permissions. Please tell me how I use only these and get rid of these godforsaken ACLs.

 

[titan_rw]

I don't know. Like I said, it just worked by default with unix permissions. Maybe it was because I've been using freenas since the 8.2 days? Did something change with recent versions maybe?

I know there was an option for 'windows file permissions' or something that I never checked. But unchecked was the default like I said.

 

[willnx]

Anyone else feel like he's about to hit machine code error ENORTFM ?

 

[willnx]

Seriously though, mount the share you want to borke up (as a user that has power to set ACLs), open window's file explorer, right click the network drive, and click "Properties"; now use your brain and google-foo to finish borking those permissions.

 

[ewhac]

Samba uses ACLs. Like it or not if you say "I don't want to use ACLs" then you are also saying "I don't want to use Samba or AFP". Both of those use ACLs.

Okay, I'd like to whine about this for a bit if I may, because I don't much care for ACLs, either. While I can see the flexibility they might provide on a shared directory, on a single-user desktop system I don't immediately see the value they provide over UNIX permission bits. And the command line syntax for setfacl(1) is awful.

A close reading of the acl(5) man page on Linux suggests that the system keeps UNIX permission bits and ACLs in sync -- changing one will change the other to a compatible setting. So that implies that using chmod(1) fiddles ACLs behind your back (reasonable, I suppose), so you're using ACLs whether you want to or not. The man page also explains the evaluation order for allow/deny processing (the BSD man pages are rather less forthcoming on this matter).

However, I appear to have b0rk3d something on one side or the other. When I run getfacl on a file on the FreeNAS server, I see this:

Code:

$ ls -l 01\ -\ Trebolactiko\ -\ Ascencion.ogg
-rw-r--r--  1 ewhac  ewhac  9478961 Aug 11 00:04 01 - Trebolactiko - Ascencion.ogg
$ getfacl 01\ -\ Trebolactiko\ -\ Ascencion.ogg
# file: 01 - Trebolactiko - Ascencion.ogg
# owner: ewhac
# group: ewhac
            owner@:rw-p--aARWcCos:------:allow
            group@:r-----a-R-c--s:------:allow
         everyone@:r-----a-R-c--s:------:allow

However, when I run getfacl on the same file from a CIFS mount on a Linux box, I see this:

Code:

$ ls -l 01\ -\ Trebolactiko\ -\ Ascencion.ogg
-rw-r--r-- 1 ewhac ewhac 9478961 Aug 11 00:04 01 - Trebolactiko - Ascencion.ogg
$ getfacl 01\ -\ Trebolactiko\ -\ Ascencion.ogg
# file: 01 - Trebolactiko - Ascencion.ogg
# owner: ewhac
# group: ewhac

The CIFS share is mounted as follows:

Code:

//xxxx/ewhac on /cifs/xxxx/ewhac type cifs (rw,relatime,vers=1.0,cache=strict,username=ewhac,domain=EWHAC-LAN,uid=xxxx,forceuid,gid=xxxx,forcegid,addr=10.x.x.x,unix,posixpaths,serverino,acl,rsize=1048576,wsize=65536,actimeo=1)

Any thoughts? (...Hmm. Now that I look at it, maybe I should crank 'vers' to 2.0?)

 

[cyberjock]

Not a clue. I haven't gotten to playing with linux stuff on CIFS yet in my guide. Not sure I'm going to write a section on it or not because it can quickly get out of hand because of all the different versions of the samba mounting package, defaults in all the linux distros, etc.

The problem is that ACLs and Unix are basically exclusive of each other. The same bits are set (or unset), which causes the havoc with CIFS shares and permissions.

Do chmod 777 (or at least find a file that has 777 permissions) on a file and then do a getfacl. You'll see that not all bits were set. They conflict... in a nasty way. Sorry but that's about all I'm going to say because, frankly, this thread is going nowhere and I really don't want to participate in such a dead-end discussion. I wasn't even going to look at this thread again but you had quoted me so I felt I should at least respond. ;)