[Web Interface] Setting POSIX.1e ACL permissions causes Permissions screen to not show anymore

[mmix]

I believe this issue is not hardware related, but potentially a bug in web interface
I am using TrueNAS-SCALE-21.04-ALPHA.1

Steps to reproduce:

1. Create pool and dataset inside (SMB, inherit all)
2. Create user, lets call him john
3. Click on "Edit Permissions" on dataset from #1
4. "Use ACL Manager"
5. It shows basic three owner,group,other permissions. Add the 4th, user:john:rwx, although any permission set is ok
6. Save and close
7. It is no longer possible to use "Edit Permissions" on dataset, it just does nothing.

I think it is definitely related to acl not being default, the getfacl on dataset does return the proper config, which means that ACL manager did its job:

Code:

$ getfacl dataset1
# file: dataset1
# owner: root
# group: root
user::rwx
user:john:rwx
group::r-x
mask::rwx
other::r-x

However, if I reset the ACL from terminal using sudo setfacl -b dataset1, the Edit Permission screen shows up normally. But of course that rescinds everything ACL manager did.

I would have looked at the logs, but I dont know where the web interface code logs are.

 

[ornias]

Maybe because POSIX ACL permissions aren't even supported at all in TrueNAS-SCALE-21.04-ALPHA.1

;-)

 

[mmix]

Maybe because POSIX ACL permissions aren't even supported at all in TrueNAS-SCALE-21.04-ALPHA.1

But they work. When I connect via samba the permissions are observed. If I understood correctly, they are a feature of the underlying subsystems, and at that stage TrueNAS is just a configurator for those features. Or did I get this all wrong?

 

[mmix]

@ornias, I mean how else do you solve multi-user permissions needed for SMB/Windows use? If I want to give John write access and Jane only read access, how do you go about doing that without POSIX ACL or ACLs in general? the linux FS security is too narrow for that
Are the ACL lists in the FS actually NFSv4? I am sorry for sounding like a noob, but I really couldn't find any meaningful documentation on this and my assumption that these are POSIX ACLs actually came from TrueNAS itself (see below). This is what I get when I click "Use ACL Manager"

If I can instead use NFSv4 and have both NFS and SMB shares (because I have both linux and windows users), that would be great, but again this is not documented and most people warn of not using both NFS and SMB at the same time, again with half explanations.

 

[anodos]

It's a bug in the backend for the permissions editor. It's being worked on here: https://github.com/truenas/middleware/pull/6835, which is pending approval of kernel / zfs changes for NFSv4 ACL support.

 

[mmix]

It's a bug in the backend for the permissions editor. It's being worked on here: https://github.com/truenas/middleware/pull/6835, which is pending approval of kernel / zfs changes for NFSv4 ACL support.

Ah, ok. Thank you for the info, I'll watch for this in nightlies.

 

[ornias]

Ah, ok. Thank you for the info, I'll watch for this in nightlies.

So TLDR: It's not officially supported as of yet ;-)