AFP Share ignores permission setting

[Michael173]

Dear forum members,

over christmas time I have replaced our out-dated Linux Samba box by a new family file server based on FreeNAS build FreeNAS-9.3-STABLE-201412090314. Since hat least my wife and I use mainly a MacBook, I tried to set up an AFP share but run into a strange behavior regarding the permission settings:

Problem:

Directories are always created with the permissions 775 although they should have 770 according to the configuration - at least as far as I understand it.

Expected permission setting after creation of file and directory over AFP-Share :

drwxrwx--- 4 nobody images 4 Jan 9 22:16 ./
drwxr-x--- 6 root wheel 6 Jan 9 22:10 ../
drwxr-x--- 2 root images 9 Jan 9 22:16 .AppleDB/
drwxrwx--- 2 mickey images 3 Jan 9 22:16 test/

Current permission setting after creation of file and directory over AFP-Share :
(Checked via SSH on FreeNAS box)

[root@FreeNAS] /mnt/MIRROR_1/testing# ls -la
total 10
drwxrwx--- 4 nobody images 4 Jan 9 22:16 ./
drwxr-xr-x 6 root wheel 6 Jan 9 22:10 ../
drwxr-xr-x 2 root images 9 Jan 9 22:16 .AppleDB/
drwxrwxr-x 2 mickey images 3 Jan 9 22:16 test/

Configuration:

The permission type of the corresponding Dataset is UNIX, the mode 770. The user is set to nobody and the group to images.

The AFP-Shhare based on this Dataset has the following configuration:

• Allow List: @images, @images-adm
• Read-write Access: @images-adm
• AFP3 Unix Privs: Yes
  
• Default file permission: 660
  
• Default directory permission: 770
  
• Default umask: 007

The user who was connected to the share belongs to both groups images and images-adm.

Question:

I'd appreciate any hint if I made an error in reasoning - or is this a bug and I should file a bug report?

Thanks for your help!
Michael

 

[dlavigne]

[QUOTE]The permission type of the corresponding Dataset is UNIX[/QUOTE]

What is the "share type" in the dataset itself?

For AFP shares, it is recommended to have a share type of Mac and a permission type of Mac. If you use the Wizard to make a share, it does this automatically for you.

 

[Michael173]

I had "share type" and "permission type" set to Unix since I need a CIFS share on the same dataset as there a some windows clients around also. I know that it is NOT recommended to mix share types for a single dataset but I tried to configure the AFP and CIFS share in a way so they would act consistently (and simultaneous access to a single directory or file is quite unlikely also).

I just changed the settings for my test dataset to a share type of Mac and a permission type of Mac and tried again - the behavior is still the same:
Directories are created with the permissions 775 instead 770 which I would expect by the configuration.

 

[dlavigne]

I'm pretty sure the default starting permissions are 775. Why are you expecting 770? Can you not change them from the client system? FreeNAS is supposed to set default permissions which are then supposed to be fine-tuned from the client system.

 

[Michael173]

You can change the default permissions independent from the share you will use for each dataset. Here I have set the default to 770. The configuration of the AFP share also does reflect these permission setting - still it does not work. The more I think of it, the more I consider this as a bug - otherwise all these configuration settings would make no sense. I will file a bug report as soon as I have some time.

Of course the client likes to create new directories with 750 - but when using a CIFS share it was easy to force a different permission setting for each directory or file created on FreeNAS. I will now try and change the default umask on the Mac client, maybe this is a workaround.