SOLVED Strip out ACLs recursively

Samuel Tai

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
Unfortunately, using the GUI to strip out ACLs to start over with ACLs only strips out the top level of a share.

1590606947665.png


To actually strip out the ACLs, you have to run find . -exec setfacl -b {} \; from the root of the share.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Samuel Tai said:
Unfortunately, using the GUI to strip out ACLs to start over with ACLs only strips out the top level of a share.

View attachment 38858

To actually strip out the ACLs, you have to run find . -exec setfacl -b {} \; from the root of the share.
Click to expand...
What do you mean that it only strips from top level of share? This should happen recursively for all files inside the share.
 
Samuel Tai

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
Only the root level of the share has its ACLs stripped. Subdirectories and files still retain their ACLs, as can be seen via ls -l. Their permission bits all end with a +, to indicate their ACLs are still in place.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Samuel Tai said:
Only the root level of the share has its ACLs stripped. Subdirectories and files still retain their ACLs, as can be seen via ls -l. Their permission bits all end with a +, to indicate their ACLs are still in place.
Click to expand...
It works correctly on my test servers. ACL is stripped from everything except child datasets.
midclt call core.get_jobs output for setacl job:
Code:
  {
    "id": 479,
    "method": "filesystem.setacl",
    "arguments": [
      {
        "path": "/mnt/dozer/PERMTEST",
        "dacl": [],
        "uid": 1000,
        "gid": 65533,
        "options": {
          "recursive": true,
          "traverse": false,
          "stripacl": true
        }
      }
    ],
    "logs_path": null,
    "logs_excerpt": null,
    "progress": {
      "percent": 100,
      "description": "Finished setting ACL.",
      "extra": null
    },
    "result": null,
    "error": null,
    "exception": null,
    "exc_info": null,
    "state": "SUCCESS",
    "time_started": {
      "$date": 1590607580552
    },
    "time_finished": {
      "$date": 1590607580670
    }
  }


You may want to verify that the correct flags are being set by the GUI.
 
Samuel Tai

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
OK, you're correct. I'd misread the pop-up text initially to think the Strip ACLs box defaulted to recursively stripping out ACLs.
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Strip out ACLs recursively"

Similar threads

R
11.3 SMB share permissions not behaving as expected
Replies
5
Views
2K
AltecBX
AltecBX
A
21.08 + docker + smb share = lost access problem?
Replies
3
Views
1K
aakaa
A
B
Can't edit ACLs for iocage mounts
Replies
1
Views
921
Bozerg
B
anodos
  • Locked
ACL problems on CIFS shares when file saved inside Microsoft Excel
Replies
2
Views
2K
anodos
anodos
anodos
  • Sticky
Methods For Fine-Tuning Samba Permissions
2 3
Replies
51
Views
118K
Davvo
Davvo
Top