Hi all,
I'm still learning about FreeNAS and I have the following scenario that I'm trying to figure out.
I've created a local user,
For testing purposes, I've created a dataset,
Since the user
When I touch a file as
If I use Windows explorer to add explicit full permissions to the user
It looks like if I'm setting explicit permissions for a user and that user is the owner of a file, the explicit ACL does not get set.
If I create another file after setting the explicit user permission on the share, it gets the expected permissions:
If I then change ownership of
Is that expected? Is this a Windows problem? Is this how setting ACLs is supposed to work?
If I wanted to have a good control over explicit permissions, would it be a good idea to set share and file ownership to
Thank you!
I'm still learning about FreeNAS and I have the following scenario that I'm trying to figure out.
I've created a local user,
bozho
- mainly for non-root SSH access to FreeNAS and jails. The user is a member of bozho
and wheel
groups.For testing purposes, I've created a dataset,
test
, with Windows permissions and created an SMB share with defaults. Running getfacl
on it returns this (as expected):Code:
# file: test # owner: root # group: wheel owner@:rwxpDdaARWcCos:fd-----:allow group@:rwxpDdaARWcCos:fd-----:allow everyone@:r-x---a-R-c---:fd-----:allow
Since the user
bozho
is a member of the group wheel
, I can connect from Windows and create a file there. Running getfacl
on it returns (again, as expected):Code:
# file: test/a.txt # owner: bozho # group: wheel owner@:rwxpDdaARWcCos:------I:allow group@:rwxpDdaARWcCos:------I:allow everyone@:r-x---a-R-c---:------I:allow
When I touch a file as
root
over SSH, the file has these permissions:Code:
# file: test/b.txt # owner: root # group: wheel owner@:rwxpDdaARWcCos:------I:allow group@:rwxpDdaARWcCos:------I:allow everyone@:r-x---a-R-c---:------I:allow
If I use Windows explorer to add explicit full permissions to the user
bozho
on the test
share and run getfacl
again on both the directory and the files, I get these:Code:
# file: test # owner: root # group: wheel owner@:rwxpDdaARWcCo-:fd-----:allow group@:rwxpDdaARWcCo-:fd-----:allow everyone@:r-x---a-R-c---:fd-----:allow user:bozho:rwxpDdaARWcCo-:fd-----:allow # file: test/a.txt # owner: bozho # group: wheel user:root:rwxpDdaARWcCo-:------I:allow group@:rwxpDdaARWcCo-:------I:allow everyone@:r-x---a-R-c---:------I:allow owner@:rwxpDdaARWcCo-:------I:allow # file: test/b.txt # owner: root # group: wheel owner@:rwxpDdaARWcCo-:------I:allow group@:rwxpDdaARWcCo-:------I:allow everyone@:r-x---a-R-c---:------I:allow user:bozho:rwxpDdaARWcCo-:------I:allow
It looks like if I'm setting explicit permissions for a user and that user is the owner of a file, the explicit ACL does not get set.
If I create another file after setting the explicit user permission on the share, it gets the expected permissions:
Code:
# file: test/c.txt # owner: bozho # group: wheel owner@:rwxpDdaARWcCo-:------I:allow group@:rwxpDdaARWcCo-:------I:allow everyone@:r-x---a-R-c---:------I:allow user:bozho:rwxpDdaARWcCo-:------I:allow
If I then change ownership of
a.txt
to the root
user, the files keeps its explicit root
user permissions, but it doesn't get explicit bozho
permissions:Code:
# file: test/a.txt # owner: root # group: wheel user:root:rwxpDdaARWcCo-:------I:allow group@:rwxpDdaARWcCo-:------I:allow everyone@:r-x---a-R-c---:------I:allow owner@:rwxpDdaARWcCo-:------I:allow
Is that expected? Is this a Windows problem? Is this how setting ACLs is supposed to work?
If I wanted to have a good control over explicit permissions, would it be a good idea to set share and file ownership to
nobody:nobody
by default?Thank you!