Hi all,
I'm still learning about FreeNAS and I have the following scenario that I'm trying to figure out.
I've created a local user,
For testing purposes, I've created a dataset,
Since the user
When I touch a file as
If I use Windows explorer to add explicit full permissions to the user
It looks like if I'm setting explicit permissions for a user and that user is the owner of a file, the explicit ACL does not get set.
If I create another file after setting the explicit user permission on the share, it gets the expected permissions:
If I then change ownership of
Is that expected? Is this a Windows problem? Is this how setting ACLs is supposed to work?
If I wanted to have a good control over explicit permissions, would it be a good idea to set share and file ownership to
Thank you!
I'm still learning about FreeNAS and I have the following scenario that I'm trying to figure out.
I've created a local user,
bozho - mainly for non-root SSH access to FreeNAS and jails. The user is a member of bozho and wheel groups.For testing purposes, I've created a dataset,
test, with Windows permissions and created an SMB share with defaults. Running getfacl on it returns this (as expected):Code:
# file: test
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:r-x---a-R-c---:fd-----:allow
Since the user
bozho is a member of the group wheel, I can connect from Windows and create a file there. Running getfacl on it returns (again, as expected):Code:
# file: test/a.txt
# owner: bozho
# group: wheel
owner@:rwxpDdaARWcCos:------I:allow
group@:rwxpDdaARWcCos:------I:allow
everyone@:r-x---a-R-c---:------I:allow
When I touch a file as
root over SSH, the file has these permissions:Code:
# file: test/b.txt
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:------I:allow
group@:rwxpDdaARWcCos:------I:allow
everyone@:r-x---a-R-c---:------I:allow
If I use Windows explorer to add explicit full permissions to the user
bozho on the test share and run getfacl again on both the directory and the files, I get these:Code:
# file: test
# owner: root
# group: wheel
owner@:rwxpDdaARWcCo-:fd-----:allow
group@:rwxpDdaARWcCo-:fd-----:allow
everyone@:r-x---a-R-c---:fd-----:allow
user:bozho:rwxpDdaARWcCo-:fd-----:allow
# file: test/a.txt
# owner: bozho
# group: wheel
user:root:rwxpDdaARWcCo-:------I:allow
group@:rwxpDdaARWcCo-:------I:allow
everyone@:r-x---a-R-c---:------I:allow
owner@:rwxpDdaARWcCo-:------I:allow
# file: test/b.txt
# owner: root
# group: wheel
owner@:rwxpDdaARWcCo-:------I:allow
group@:rwxpDdaARWcCo-:------I:allow
everyone@:r-x---a-R-c---:------I:allow
user:bozho:rwxpDdaARWcCo-:------I:allow
It looks like if I'm setting explicit permissions for a user and that user is the owner of a file, the explicit ACL does not get set.
If I create another file after setting the explicit user permission on the share, it gets the expected permissions:
Code:
# file: test/c.txt
# owner: bozho
# group: wheel
owner@:rwxpDdaARWcCo-:------I:allow
group@:rwxpDdaARWcCo-:------I:allow
everyone@:r-x---a-R-c---:------I:allow
user:bozho:rwxpDdaARWcCo-:------I:allow
If I then change ownership of
a.txt to the root user, the files keeps its explicit root user permissions, but it doesn't get explicit bozho permissions:Code:
# file: test/a.txt
# owner: root
# group: wheel
user:root:rwxpDdaARWcCo-:------I:allow
group@:rwxpDdaARWcCo-:------I:allow
everyone@:r-x---a-R-c---:------I:allow
owner@:rwxpDdaARWcCo-:------I:allow
Is that expected? Is this a Windows problem? Is this how setting ACLs is supposed to work?
If I wanted to have a good control over explicit permissions, would it be a good idea to set share and file ownership to
nobody:nobody by default?Thank you!
