einsatz-hh
Cadet
- Joined
- May 12, 2023
- Messages
- 4
Greetings Programs!
We are running 2 TrueNAS Core VMs, latest patch (TrueNAS-13.0-U5.3), dozens of SMB Shares, set up as per ix manual:
- Datasets for each Share
- ACL mode: restricted
- default ACL-Options (root:wheel) plus one additional AD-Group for the users
- Share-ACL: everyone allowed
- Share-Options: Multi-protocol (AFP/SMB) shares)
- SMB-Service options: default - not even "Enable Apple SMB2/3 Protocol Extensions" activated since macOS 13 does not show color tags anymore when it's activated - and it does not solve the following problem.
Everything works "fine", extended Attributes, transfer speeds, file integrity... if you don't count poorly scripted third-party-apps that create wrong ACLs like "collect" feature in Adobe InDesign/Illustrator etc.
Default ACL looks like this:
# file: /mnt/Data-Pool/Dataset/Filename
# owner: AD.User
# group: wheel
owner@:rwxpDdaARWcCos:------I:allow
group@:rwxpDdaARWc--s:------I:allow
group:AD.Group:rwxpDdaARWcCos:------I:allow
everyone@:--------------:------I:allow
When copying Files via Finder on macOS13 from one SMB share directly to another (on the same server or another) the ACL ends up looking like this:
# file: /mnt/Data-Pool/Dataset/Filename
# owner: AD.User
# group: wheel
group:AD.User:-w-p-d-A-W--os:-------:allow
owner@:-w-p-d-A-W--os:-------:allow
group:AD.User:rwxpDdaARWcCos:------I:allow
owner@:rwxpDdaARWcCos:------I:allow
group@:rwxpDdaARWc--s:------I:allow
group:AD.Group:rwxpDdaARWcCos:------I:allow
The same scenario on Windows Server 2016 works fine.
Right now I am running a script each night to find all files whose ACL does not match a certain Master File and re-apply the permissions recursively on those.
Is that a known error in Macs SMB protocols?
Couldn't find anything about this specific behaviour.
Thanks a lot and thanks a lot more!
We are running 2 TrueNAS Core VMs, latest patch (TrueNAS-13.0-U5.3), dozens of SMB Shares, set up as per ix manual:
- Datasets for each Share
- ACL mode: restricted
- default ACL-Options (root:wheel) plus one additional AD-Group for the users
- Share-ACL: everyone allowed
- Share-Options: Multi-protocol (AFP/SMB) shares)
- SMB-Service options: default - not even "Enable Apple SMB2/3 Protocol Extensions" activated since macOS 13 does not show color tags anymore when it's activated - and it does not solve the following problem.
Everything works "fine", extended Attributes, transfer speeds, file integrity... if you don't count poorly scripted third-party-apps that create wrong ACLs like "collect" feature in Adobe InDesign/Illustrator etc.
Default ACL looks like this:
# file: /mnt/Data-Pool/Dataset/Filename
# owner: AD.User
# group: wheel
owner@:rwxpDdaARWcCos:------I:allow
group@:rwxpDdaARWc--s:------I:allow
group:AD.Group:rwxpDdaARWcCos:------I:allow
everyone@:--------------:------I:allow
When copying Files via Finder on macOS13 from one SMB share directly to another (on the same server or another) the ACL ends up looking like this:
# file: /mnt/Data-Pool/Dataset/Filename
# owner: AD.User
# group: wheel
group:AD.User:-w-p-d-A-W--os:-------:allow
owner@:-w-p-d-A-W--os:-------:allow
group:AD.User:rwxpDdaARWcCos:------I:allow
owner@:rwxpDdaARWcCos:------I:allow
group@:rwxpDdaARWc--s:------I:allow
group:AD.Group:rwxpDdaARWcCos:------I:allow
The same scenario on Windows Server 2016 works fine.
Right now I am running a script each night to find all files whose ACL does not match a certain Master File and re-apply the permissions recursively on those.
Is that a known error in Macs SMB protocols?
Couldn't find anything about this specific behaviour.
Thanks a lot and thanks a lot more!
