SOLVED TrueNAS Scale SMB/ACL permissions don't inherit

[vlad-infra-admin]

Hello,

Can somebody help me with the issue. Possibly, I didn't configured something correctly on the new version.
I recently updated TrueNAS from 22.02.3 to 22.12.0

Let me explain what is wrong.

I have shared dataset data2 > media

set permissions to FullControl for 'owner' and 'nas_editors' @group and Group

Users 'vladislav' and 'syncthing' has Primary Group - 'nas_editors'

So if I click Use ACL Presets everything will be applied accordingly

I can see correct rights on windows as well

Now if I create a folder or file via Windows or Mac on SMB, doesn't matter I have rights that will looks like this below

All SMB Parameters are default, you can see it below. Not sure why the permission is not inherited. It was working on previous version of TrueNAS.

 

[vlad-infra-admin]

I believe I figure it out. Once I switched ACL Mode to Restricted permissions become as I wanted them to be for new files/folders

 

[anodos]

What is the output of zfs get aclinherit for the dataset in question?

 

[vlad-infra-admin]

What is the output of zfs get aclinherit for the dataset in question?

Hmmm
It shows this. Is it different settings than the one I set in GUI (ACL Mode - Restricted) ?

Code:

data2                                                                                                                                         aclinherit  passthrough    local
data2/media                                                                                                                              aclinherit  passthrough    local
data2/media/cinema                                                                                                                 aclinherit  passthrough    inherited from data2/media

 

[anodos]

Please send me a debug via PM.

 

[Hafnernuss]

I think I am facinga similar issue.
With active ACL settings, I can create a file via Windows and the correct permissions seem to be applied. However, if a certain app is creating a file, the permissions appear to be wrong.

I have set the ACL inherit mode to "restricted", but the

Code:

zfs get aclinherit

command always shows the dataset in question with "discard" instead of "inherit".

 

[anodos]

NFSv4 acltype aclinherit should be passthrough. POSIX1E should be discard.

 

[Sawtaytoes]

On those shares, you can do this to fix it:

Code:

zfs set aclinherit=passthrough your_pool/your_smb_dataset

 

[Hafnernuss]

Oh okay, thanks. I will try that out today. I am in fact using NFSv4 as it seems to be a bit easier to handle.

 

[anodos]

Oh okay, thanks. I will try that out today. I am in fact using NFSv4 as it seems to be a bit easier to handle.

The general recommendations for ZFS configuration for SMB are:
aclmode - restricted
aclinherit - passthrough

Then if you are dealing with local users, fine-tune as needed. E.g.
group: builtin_users - MODIFY - INHERIT

 

[Hafnernuss]

Strange, both aclmode and aclinherit are set to "discard".
I have set mode to restriced and inherit to passthrough, now everything seems to work as expected.
Thank you both very much for your help!