Here's the scenario. SMB share from TrueNAS is mounted on RHEL box using multiuser and an AD service account. AD user can create directories and files just fine. Running getfacl on that mount point on the RHEL box gives me
AD user creates directory under root of share. Directory by default gets
AD user creates directory under that one. Ownership, permissions, context are all the same as the first one.
Note that the first subdirectory has mode 0777. If the AD user does a chmod on it, even a chmod 0777, then tries to mkdir a subdirectory, it says mkdir: cannot create directory: permission denied. If I then to an ls -laZ in the parent, the new subdirectory has
If I go to the TrueNAS machine's Shell and stat that directory, I can see its mode is now 0000.
What is it that would cause this?
Before the chmod, if I run getfacl from the NAS onto the subdirectory, I get:
then after the chmod:
See how the s:fd is gone from all the entries? It's confusing that everyone@ is there twice and that the AD account entry appears suddenly after the chmod.
Note that at all times, I can create files under a subdirectory, it's only creating directories under it that get the 0000 mode.
owner: root, group: domain\040users. user::rwx, group::rwx, owner::rwx
.AD user creates directory under root of share. Directory by default gets
permission 0777, owner is AD user, group is Domain Users (AD group)
. Context is system_[URL='https://www.reddit.com/u/object_r/']u/object_r[/URL]/cifs_t/s0
.AD user creates directory under that one. Ownership, permissions, context are all the same as the first one.
Note that the first subdirectory has mode 0777. If the AD user does a chmod on it, even a chmod 0777, then tries to mkdir a subdirectory, it says mkdir: cannot create directory: permission denied. If I then to an ls -laZ in the parent, the new subdirectory has
mode ?---------, owner ?, group ?, and the context section is just blank
.If I go to the TrueNAS machine's Shell and stat that directory, I can see its mode is now 0000.
What is it that would cause this?
Before the chmod, if I run getfacl from the NAS onto the subdirectory, I get:
Code:
owner@:rwxpDdaARWcCos:fd----I:allow group@:rwxpDdaARWcCos:fd----I:allow everyone@:rwxpDdaARWc--s:fd----I:allow everyone@:--------------:fd----I:allow
then after the chmod:
Code:
group:ad-test-user:rwxpDdaARWcCo-:-------:allow owner@:rwxpDdaARWcCo-:-------:allow group@:rwxpDdaARWcCo-:-------:allow everyone@:rwxpDdaARWcCo-:-------:allow everyone@:--------------:fd-----:allow
See how the s:fd is gone from all the entries? It's confusing that everyone@ is there twice and that the AD account entry appears suddenly after the chmod.
Note that at all times, I can create files under a subdirectory, it's only creating directories under it that get the 0000 mode.