SOLVED TrueNAS-SCALE-22.02-RC.2 ACL Issue

[jyang]

I searched the forums, and saw similar ACL issue in 21.06, not sure if it is exactly the same. Here is my setup
1. I created 2 users and a group.
2. a dataset called share2 with the following ACL with restricted preset. Also notice, I checked "Apply permission recursively", before saving the ACL. But it was unchecked next time I open it, it is not persisting??

3. mapped the share on win10, and the security looked good on the share folder, family group has full control

4. Created a file, and it looked like below, the family group was gone, so the other user can't open the file

5. Then I go to the share dataset ACL, check that box, and save. The file was populated with family group with full control

Did I do sth wrong, or is this a bug?

Thanks

 

[HarryMuscle]

I believe apply recursively will only apply the permissions to existing files and folders. If you create a new file or folder after applying the permissions they will not inherit the permissions. What you probably want is default permissions.

Thanks,
Harry

 

[jyang]

I believe apply recursively will only apply the permissions to existing files and folders. If you create a new file or folder after applying the permissions they will not inherit the permissions. What you probably want is default permissions.

Thanks,
Harry

Thanks, but as you can see in the first screenshot, it has the Group Default with read|write|execute. Or is it sth different?

 

[ClassicGOD]

"User Obj." and "Group Obj." refer to the owner. So if user 'jyang' creates a folder or file it becomes the owner and all "User Obj." and "Group Obj." refer now to this user (and it's primary group). Add a "Group" (not Group Obj.) entry for 'family' with 'Default' checkbox enabled ('Default' is what decides if the entry will be inherited or not). Apply recursively and test again.

 

[jyang]

"User Obj." and "Group Obj." refer to the owner. So if user 'jyang' creates a folder or file it becomes the owner and all "User Obj." and "Group Obj." refer now to this user (and it's primary group). Add a "Group" (not Group Obj.) entry for 'family' with 'Default' checkbox enabled ('Default' is what decides if the entry will be inherited or not). Apply recursively and test again.

YES! that fixed it. Thank you.
One more question, I read the manual regarding POSIX vs NFSv4. My understanding is NFSv4 provides more controls, but for home server use, and linux client, POSIX is better. Am I correct?

 

[ClassicGOD]

YES! that fixed it. Thank you.
One more question, I read the manual regarding POSIX vs NFSv4. My understanding is NFSv4 provides more controls, but for home server use, and linux client, POSIX is better. Am I correct?

Honestly I have no idea :D I know that NFSv4 ACL is recommended for SMB but never really dove into details.

 

[da-anda]

is there a way to force a specific user group for newly created files? So that regardless of the user, the default ACL will be "username:my-specific-group"?

 

[ZataH]

is there a way to force a specific user group for newly created files? So that regardless of the user, the default ACL will be "username:my-specific-group"?

Did you ever find a solution to this?

 

[da-anda]

Did you ever find a solution to this?

not really. All you can do is to use advanced ACLs

 

[ZataH]

not really. All you can do is to use advanced ACLs

Everything I tried, it seems that in SCALE when a user write a new file, it will be that users primary group that will be owner. And not the owner set in ACL.
From what I could gather, this is how it works on linux, and there is no way to have it function like it does on CORE

 

[da-anda]

that is correct, but with advanced ACLs you can assign additional user group permissions, not just the basic ones. So you can assign permissions for several groups, but the main group will sadly still be the users primary group.