smb access issue child dataset

[EtienneB]

Hello, I am at a little loss here.
I have a Parent Dataset and a Child Dataset and use SMB for access currently.
Using ACL in the GUI, I set user permissions so that a my 'afpsync' user can only read/edit the Child Dataset but not the Parent Dataset.
User afpsync can log in to the server, but it has no access to the Child Dataset.
However, when I add user afpsync to a Group that also has access to the Parent Dataset, then user afpsync can access the Child Dataset.

Is it normal behaviour? I haven't been able to find an documentation/explanation that a Child dataset has to have the same permissions as the Parent.
Or is it a bit buggy?

getfacl output of the child is:
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
group:www:rwxpDdaARWc--s:fd-----:allow
group:family:rwxpDdaARWc--s:fd-----:allow
group:afpsync:rwxpDdaARWc--s:fd-----:allow
user:www:rwxpDdaARWc--s:fd-----:allow
everyone@:--------------:fd-----:allow


(user afpsync is member of group afpsync)

Thanks for any clarification/help

 

[anodos]

This is normal behavior. User needs a minimum of execute (x) to traverse the mountpoint (or the TRAVERSE) permissions set.

 

[EtienneB]

Thanks for that. You helped me in the direction I needed.
So I ended up setting my Child Dataset as I shown above.
And for Parent Dataset I added de afpsync user ACL with Traverse - Allow and another ACL with Read - Deny.
Now the afpsync user can mount the Parent and Child but only see the contents of the Child.