crlorentzen
Cadet
- Joined
- Apr 6, 2020
- Messages
- 9
Background:
Truesnas Scale allows the use of either POSIX or NFSv4 permissions. To manage NFSv4 permissions from the CLI one uses nfs4xdr_getfacl and nfs4xdr_setfacl.
Version: TrueNAS-SCALE-22.02.0
Problem Description:
The nfs4xdr_setfacl -x command acts like -s when using an acl_spec. When using an acl_spec it replaces instead of removes the specified acl.
Reproduction Steps:
1. On an nfsv4 dataset run the following commands create the test file
The facl should look similar to
2. attempt to remove one line using the spec e.g. the 3th spec:
The resulting facl is:
"--test" also shows the same resulting facl.
Expected Result:
when using -x 3, instead of the acl_spec it acts as expected
This was found on my newly upgraded from CORE to SCALE Truenas home server, a generic Intel based 16GB with 10TB of RAIDZ2 sharing both with SMB and NFSv4
I have not exhaustively tested the nfs4xdr tooling, and could be doing this wrong, but I think I have proven that "-x" works correctly with the index, but with an acl_spec it acts like "-s"
Truesnas Scale allows the use of either POSIX or NFSv4 permissions. To manage NFSv4 permissions from the CLI one uses nfs4xdr_getfacl and nfs4xdr_setfacl.
Version: TrueNAS-SCALE-22.02.0
Problem Description:
The nfs4xdr_setfacl -x command acts like -s when using an acl_spec. When using an acl_spec it replaces instead of removes the specified acl.
Reproduction Steps:
1. On an nfsv4 dataset run the following commands create the test file
Code:
touch x nfs4xdr_setfacl -s user:10005:rwx-----------:-------:allow x nfs4xdr_setfacl -a user:10004:rwx-----------:-------:allow x nfs4xdr_setfacl -a user:10003:rwx-----------:-------:allow x nfs4xdr_setfacl -a user:10002:rwx-----------:-------:allow x nfs4xdr_setfacl -a user:10001:rwx-----------:-------:allow x nfs4xdr_setfacl -a user:10000:rwx-----------:-------:allow x
The facl should look similar to
Code:
nfs4xdr_getfacl x # File: x # owner: 0 # group: 0 # mode: 0o100000 # trivial_acl: false # ACL flags: none user:10000:rwx-----------:-------:allow user:10001:rwx-----------:-------:allow user:10002:rwx-----------:-------:allow user:10003:rwx-----------:-------:allow user:10004:rwx-----------:-------:allow user:10005:rwx-----------:-------:allow
2. attempt to remove one line using the spec e.g. the 3th spec:
nfs4xdr_setfacl -x user:10003:rwx-----------:-------:allow x
The resulting facl is:
Code:
# File: x # owner: 0 # group: 0 # mode: 0o100000 # trivial_acl: false # ACL flags: none user:10003:rwx-----------:-------:allow
"--test" also shows the same resulting facl.
Expected Result:
when using -x 3, instead of the acl_spec it acts as expected
Code:
# File: x # owner: 0 # group: 0 # mode: 0o100000 # trivial_acl: false # ACL flags: none user:10000:rwx-----------:-------:allow user:10001:rwx-----------:-------:allow user:10002:rwx-----------:-------:allow user:10004:rwx-----------:-------:allow user:10005:rwx-----------:-------:allow
This was found on my newly upgraded from CORE to SCALE Truenas home server, a generic Intel based 16GB with 10TB of RAIDZ2 sharing both with SMB and NFSv4
I have not exhaustively tested the nfs4xdr tooling, and could be doing this wrong, but I think I have proven that "-x" works correctly with the index, but with an acl_spec it acts like "-s"