bcat
Explorer
- Joined
- Oct 20, 2022
- Messages
- 84
Hello all! I've been trying out Truenas Scale for a little while now and am currently running 22.02.4. SMB clients are various Windows 10 machines (with latest updates). Overall, I'm really happy with how NFSv4 ACLs work and how they're presented over SMB, but there's one weird thing I can't figure out. I've searched around the forums, but haven't found anything specific about this, so I figured I'd ask here.
To repro, first create a new dataset with "Share Type" set to "SMB" (all other options default).
Scale sets a default NFSv4 ACL with four inherited entries.
Then create a new SMB share with "Default share parameters".
Now create two files in the share, one from the command line (e.g., via
It seems that even though ACL entries in the root of the share have inheritance enabled, files (and folders) created over SMB end up with non-inherited ACL entries. Here are the differences in the file ACLs as viewed from the TrueNAS side:
This isn't a big deal for me in practice because my ACL setups are quite simple, and recursively updates ACLs from the dataset root whenever I need to change them is realistically fine, but this behavior doesn't match my (admittedly naive) understanding of how NFSv4 ACLs "should work", and so I'd like to understand the mismatch, if only for my own education. :)
To repro, first create a new dataset with "Share Type" set to "SMB" (all other options default).
Scale sets a default NFSv4 ACL with four inherited entries.
Then create a new SMB share with "Default share parameters".
Now create two files in the share, one from the command line (e.g., via
touch
over SSH) and one from a Windows client via SMB, then look at their ACLs through Windows Explorer. The file created directly from Unix has inheritance enabled, but the file created over SMB from Windows does not.It seems that even though ACL entries in the root of the share have inheritance enabled, files (and folders) created over SMB end up with non-inherited ACL entries. Here are the differences in the file ACLs as viewed from the TrueNAS side:
Code:
$ nfs4xdr_getfacl /mnt/data-pool/files/test/unix-file.txt # File: /mnt/data-pool/files/test/unix-file.txt # owner: 1000 # group: 0 # mode: 0o100770 # trivial_acl: false # ACL flags: none owner@:rwxpDdaARWcCos:------I:allow group@:rwxpDdaARWc--s:------I:allow group:builtin_users:rwxpDdaARWc--s:------I:allow group:builtin_administrators:rwxpDdaARWcCos:------I:allow $ nfs4xdr_getfacl /mnt/data-pool/files/test/smb-file.txt # File: /mnt/data-pool/files/test/smb-file.txt # owner: 1000 # group: 0 # mode: 0o100700 # trivial_acl: false # ACL flags: none owner@:rwxpDdaARWcCos:-------:allow group:builtin_users:rwxpDdaARWc--s:-------:allow group:builtin_administrators:rwxpDdaARWcCos:-------:allow
This isn't a big deal for me in practice because my ACL setups are quite simple, and recursively updates ACLs from the dataset root whenever I need to change them is realistically fine, but this behavior doesn't match my (admittedly naive) understanding of how NFSv4 ACLs "should work", and so I'd like to understand the mismatch, if only for my own education. :)