0
I have a FreeNAS (FreeBSD) system with a CIFS share (called "library") backed by a ZFS file system. The share is set up as per the FreeNAS GUI to use "Windows / Mac" ACLs which I'm led to believe means NFSv4 ACLs.
This is how I want the basic ACLs to be:
nas# getfacl /mnt/big/library/test
# file: /mnt/big/library/test
# owner: DOMAIN\administrator
# group: DOMAIN\domain admins
owner@:rwxpDdaARWcCo-:fd----:allow
group@:rwxpDdaARWcCo-:fd----:allow
everyone@:r-x---a-R-c---:fd----:allow
Which from the Windows 7 GUI appears as "Full control" for "DOMAIN\administrator" and "DOMAIN\Domain Admins" and "Read & execute" for "Everyone" inherited from the root of the share. Windows even recognises the owner as the "Administrator" correctly.
I'm having two problems which I believe might be related.
Firstly if I modify or create an ACE on an existing object (file or directory) Windows replaces the owner@
ACE with one for group:DOMAIN\administrator
and in the case of adding, it creates a group ACE for group:DOMAIN\joe
for the user. I don't so much mind the fact it thinks a user is a group (so long as it works), but replacing the owner ACE is a pain because now if I change the owner of the object the ACE will still exist for the previous owner.
The second annoyance is when creating a new object the ACL looks like this:
nas2# getfacl /mnt/big/library/test/New\ folder/
# file: /mnt/big/library/test/New folder/
# owner: DOMAIN\joe
# group: DOMAIN\domain users
owner@:rwxpDdaARWcCo-:fd----:allow
group@:rwxpDdaARWcCo-:fd----:allow
everyone@:r-x---a-R-c---:fd----:allow
Although it seems to have inherited ACEs correctly, it hasn't kept the owner or group of the parent directory. Is there a way to have it created with the properties of the containing directory?
Looking at the setfacl manpage it states:
-d The operations apply to the default ACL entries instead of access
ACL entries. Currently only directories may have default ACL's.
This option is not applicable to NFSv4 ACLs.
Which to me implies that NFSv4 ACLs don't support default ACEs which would seem to be what I need to fix my second issue. Does anyone know if that is correct?
Apologies for the question's title, I really can't think of succinct way of phrasing this one. – Samuel Harmer – 2014-08-13T08:53:34.517