Permission issue - Can not apply permissions recursively

[Truenas009]

Hi, can anyone help please?

I have Truenas Scale RC2 installed. I really like the software, only if i can get the permissions to work properly.

On my datasets when i apply a single user, it works ok, but as soon as i try to add a second user to the dataset with the option "Apply permissions recursively" ticked, I get the below errors, I can not figure out what i am doing wrong?

====================================
[EINVAL] filesystem_acl.dacl: Default ACL entries are required in order to apply ACL recursively.
remove_circle_outlineMore info...
Error: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/middlewared/job.py", line 382, in run await self.future File "/usr/lib/python3/dist-packages/middlewared/job.py", line 420, in __run_body rv = await self.middleware.run_in_thread(self.method, *([self] + args)) File "/usr/lib/python3/dist-packages/middlewared/utils/run_in_thread.py", line 10, in run_in_thread return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs)) File "/usr/lib/python3.9/concurrent/futures/thread.py", line 52, in run result = self.fn(*self.args, **self.kwargs) File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1267, in nf return func(*args, **kwargs) File "/usr/lib/python3/dist-packages/middlewared/plugins/filesystem_/acl_linux.py", line 626, in setacl return self.setacl_posix1e(job, data) File "/usr/lib/python3/dist-packages/middlewared/plugins/filesystem_/acl_linux.py", line 585, in setacl_posix1e verrors.check() File "/usr/lib/python3/dist-packages/middlewared/service_exception.py", line 62, in check raise self middlewared.service_exception.ValidationErrors: [EINVAL] filesystem_acl.dacl: Default ACL entries are required in order to apply ACL recursively.

======================================

TIA

 

[NugentS]

I think that's working as intended. ie welcome to the f'king mess that is POSIX ACL's. Unintuitive, illogical and a disaster.
My opinion of course. Its all rooted in the past and hasn't moved with the times.
There is documentation all over the web saying how to use these properly - which are to my mind mind basically gobbledegook and do not pass the "KISS" principle.

I would try and tell you how to do it properly - but frankly I don't understand it (and not sure I want to)

 

[ClassicGOD]

POSIX ACL has 2 types of entries - "normal" one that dictates permission to current directory and "default" one that dictates permissions that will be inherited by sub directories etc.

Just add a copy of your user/group and mask entries with default checkbox checked and that should be it.

 

[NugentS]

@ClassicGOD That might actually be one of the clearest descriptions I have heard so far - it actually makes some sense

 

[pleb_123]

POSIX ACL has 2 types of entries - "normal" one that dictates permission to current directory and "default" one that dictates permissions that will be inherited by sub directories etc.

Just add a copy of your user/group and mask entries with default checkbox checked and that should be it.

not to forget user obj, group obj and other... what a mess this is. Why does one even have to add default copies when applying permissions recursively? Given that it is literally needed, the system should add them by default, and hide them, as the whole list becomes cluttered.

 

[NugentS]

If you are used to windows style permissions then switch the datasets to NFSv4 ACL's instead.