SMB share no permissions for user after upgrade from 9.3 to 11.3

[Paul5]

Upgrade 9.3 to 11.3 Loss of permissions. ACL?
Using SMB1 and NTLMv1 Authority

Media player to FN 9.3 user tes could delete rename etc...

In the upgrade and introduction of ACL I seem to have lost that and need help.
Root still has full editing rights.

I need to allow tes full control on Dataset called System.

I have:

Dataset called 'System'
Group called 'System'
User called 'tes'
Group called 'tes'

Tes has auxilliary for 'System'

I've also attached a screenshot with the ACL.

40 hours and counting. Should have stayed with 9.3

 

[Basil Hendroff]

I'm curious to know why your share has the experimental object ixnas enabled and zfs_space and zfsacls, which are enabled by default, disabled?

 

[Paul5]

I'm curious to know why your share has the experimental object ixnas enabled and zfs_space and zfsacls, which are enabled by default, disabled?

That's automatic. In an attempt to find a solution I deleted an recreated the share and that's how it was created.

My existing shares from the upgrade: streams_xattr, zfs_space, zfsacl which would have also been on the above one originally. I don't know/remember what they do so I don't change them.

 

[Paul5]

O' just in case the default ACL used is 'Restricted'

UPDATE:
I removed the ACLs and got back Owner - Group - Other set the dataset to 770 and all is good.
Today I recreated the ACL for 'System' and first thing I noticed was that it changed from 'root' to 'tes' for the owner.
Tested 'tes' out and it all seems to work. I had previously tried it as it is now created but it didn't work.
Upgrade bug?
Created user called Jo
Added ACL and entered Jo as a user > full control > Failed
Added 'System' group to Jo's aux and Jo has full control.
Removed all permissions from Jo's ACL other than read > Failed, still full control (ACL group override?)
Removed Jo's ACL and still full control
Removed the 'group@' ACL > Jo has no access.
In this case 'group@' determines what users and or users ACL can do.

Adding a user ACL for 'Fine Tuning' doesn't work. It's governed by 'group'

One issue/bug resolved by removing and recreating the ACL but now no fine tuning. Jo has to belong to 'system' group and have the default ACL 'group@' for access and permissions to work which he inherits all it's policys as per the ACL but to fine tune Jo's ACL to say 'read-only' doesn't work.

This is my first encounter with ACL's jumping from 9.3 to 11.3 but it seems to be experimental and buggy to be production. Yes :) I did download 'Stable'.

Definitely bugs: I just tried creating some clones on FreeNAS and Clonezillas response was: Clonezilla unknown partition table format on disk /dev/sda
Removed the ACL for pools under test that failed then recreated ACL Restricted with no changes and clones worked.

Well that's a day I'll never get back.