setfacl: Operation not supported

[Fab Sidoli]

Dear All,

I'm mounting a ZFS dataset which is a user's home directory on an RHEL 7 box using cifs automounts.

The automount map mount options are pulled from AD:

-fstype=cifs,vers=2.0,rw,sec=krb5,username=nobody,cruid=99,cifsacl,rsize=32768,wsize=32768,multiuser

When mounted the options appear as follows:

rw,relatime,vers=2.0,sec=krb5,cache=strict,multiuser,uid=0,noforceuid,gid=0,noforcegid,addr=XXX.XXX.XXX.XXX,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,cifsacl,noperm,rsize=32768,wsize=32768,echo_interval=60,actimeo=1

[not sure where these have come from]

When I try to change the permissions on a file using the following command I get an error:

user # setfacl -m "u:bob:r" somefile
setfacl: somefile: Operation not supported

getfacl sort of works in that it just shows the POSIX.

user # getfacl somefile
# file: somefile
# owner: jim
# group: group
user::rwx
group::r-x
other::---

In Windows explorer I have added another user to the permissions but this isn't showing under linux.

On the ZFS box I do see the ACE.

root@FreeNAS[~]# getfacl /mnt/path/somefile
# file: /mnt/path/somefile
# owner: jim
# group: group
user:jane:r-x---a-R-c---:-------:allow
owner@:rwxpDdaARWcCo-:------I:allow
group@:r-x---a-R-c---:------I:allow

I can't tell if this is a FreeNAS problem blocking this because of the mount options or if RHEL is being silly.

Does anyone have an idea how to debug.

Thanks,
Fab

 

[SweetAndLow]

What is zfs get aclmode for the dataset?

 

[Fab Sidoli]

Both aclmode and aclinherit are set to passthrough from the pool down.

 

[SweetAndLow]

so you are not using acl's that's why it doesn't work. You would need it set to restrictive to have acl's work I think. Personally I avoid them and only use rwx even if i'm using smb shares. Works better if you have jails that need mount points or use mostly *nix systems.

 

[Fab Sidoli]

Now, I'm confused.

I'm trying to operate in a mixed environment with Windows and Linux users. In an ideal world, Linux users would continue to chmod but be able to see any extra ACEs set on the Windows side.

 

[SweetAndLow]

I don't think it really works like that with freenas. Once you set a dataset as smb it changes the aclmode to restrictive which prevents chmod from working. And when it's set to passthrough i don't think you get acl's. In mixed mode I just use rwx style permissions and then setup a couple tricks to get it working with smb.

 

[Fab Sidoli]

I see. I'm certain this is not how this used to work on the old Oracle storage appliances we had..... but that may just have been a dream.

 

[anodos]

On the linux client the setfacl command is probably for POSIX1e ACLs and not NFSv4 ACLs. Try looking into nfs4_setfacl.

 

[Fab Sidoli]

On the linux client the setfacl command is probably for POSIX1e ACLs and not NFSv4 ACLs. Try looking into nfs4_setfacl.

Thanks, you are absolutely right. The nfs4_setacl command does indeed work - apologies for not figuring this out myself. I was not thinking about it correctly and blindly using the setfacl command as I could remember that it at least existed.