Unexpected permission inheritance with CIFS

[cchayre]

Just threw together a new 9.2.1.2 build and I'm trying to determine if what I'm seeing is unexpected in terms of permission inheritance. For example, when I create a (UNIX) dataset with the perms set to 770 and try to share via CIFS (Inherit ACL checked), any new file that I copy to the directory is 744 and any new folder is 755. Same thing if I check the inherit permissions box as well. I've also attempted changing the default CIFS masks as well, to no avail.

Suggestions? Anything come to mind that I could be doing wrong? I'm having similar luck with my testing on CIFs and directories (as opposed to datasets). Initial client testing was done using and OS X-based machine.

 

[cchayre]

I also ran across this, which sounds very similar:
http://forums.freenas.org/index.php...cifs-shares-not-inheriting-permissions.19183/

 

[Middling]

It seems to be a problem with Mavericks. I've just upgraded my hackintosh (to 10.9.2 from 10.8.5) and have encountered the same problem.

When using Mavericks default SMB2 connection you can create or copy directories to a FreeNAS share and afterwards from the client the permissions appear to be 700, but if you SSH in and check the permissions then directories actually have 677 permissions which prevents the owner from even browsing them under SMB.

The only workaround i know currently is to force Mavericks to use SMB1 instead of SMB2. When in the Finder use CMD-K to open up the server connection dialogue and use the format "cifs://server.domain/share" instead of "smb://server.domain/share".

 

[cchayre]

Actually, the machine I tried was Mountain Lion. Thanks for the Mavericks info though---something I will need to watch out for very soon .

Looking into other threads, bug IDs, etc, I actually think my issue is related to the ZFS ACL. I'm planning to adjust the ACL sometime when I get the chance and see if that helps. If not, I will be wracking my brain again.

 

[Middling]

Strange. I was running Mountain Lion up until yesterday and new directories would have 755 permissions with new files having 644.

Here's my Samba config:

Code:

[global]
    dos charset = CP437
    server string = File Server
    server role = standalone server
    map to guest = Bad User
    obey pam restrictions = Yes
    smb passwd file = /var/etc/private/smbpasswd
    private dir = /var/etc/private
    max log size = 51200
    smb ports = 445
    disable netbios = Yes
    deadtime = 15
    hostname lookups = Yes
    load printers = No
    printcap name = /dev/null
    disable spoolss = Yes
    dns proxy = No
    pid directory = /var/run/samba
    panic action = /usr/local/libexec/samba/samba-backtrace
    idmap config * : backend = tdb
    create mask = 0666
    directory mask = 0777
    ea support = Yes
    directory name cache size = 0
    strict locking = No
 
[media]
    comment = Media Share
    path = /mnt/storage/media
    write list = user1
    guest ok = Yes
    hide dot files = No
    veto files = /.snap/.windows/.zfs/
    mangled names = No
    vfs objects = zfsacl, streams_xattr, aio_pthread
    zfsacl:acesort = dontcare
    nfs4:chown = yes
    nfs4:acedup = merge
    nfs4:mode = special
    recycle:subdir_mode = 0700
    recycle:directory_mode = 0777
    recycle:touch = yes
    recycle:versions = yes
    recycle:keeptree = yes
    recycle:repository = .recycle/%U