Hello FreeNAS community,
I am having a problem when sharing my datasets (set to use Windows-ACLs) to windows clients using CIFS. While accessing the shares and modifying the permissions from a windows client works great, newly created files and folders show extra access rights, that where not inherited from the parent folder.
For example when I create a file "test.txt" in a given folder using a windows7 client the result is:
I did expect the new file to have exactly the same ACL as the parent folder, without the "fd" of course. Especially I do not want the added rights for "everyone". But actually I was hoping to get an exact (inherited) copy of the parent folders rights for new folders and files.
Showing the ACLs on the windows clients, for new folders, the correctly inherited rights are recognized as such, while the unwanted rights are folder specific (not inherited). For created files, none of the rights are shown as inherited.
This shares smb.conf part reads:
I am running Build "FreeNAS-9.2.0-RELEASE-x64",
CIFS has "EA Support" and "Support DOS File Attributes" checked.
The share has "Inherit Owner" set, because I do not want the user to be able to change ACLs (screws up my backup).
Unchecking "Inherit Owner" does not solve the problem. I tried through a lot of combinations supplying "inherit *" config values to samba, checking/unchecking "Inherit Owner"/"Inherit Permissions", but could not find a way to solve my problem.
I would really appreciate if any of you had a suggestion for me to get rid of these unwanted ACL entries. Should you need any additional intel, please ask and I will gladly supply it.
MainUser
I am having a problem when sharing my datasets (set to use Windows-ACLs) to windows clients using CIFS. While accessing the shares and modifying the permissions from a windows client works great, newly created files and folders show extra access rights, that where not inherited from the parent folder.
For example when I create a file "test.txt" in a given folder using a windows7 client the result is:
Code:
[root@st1] /mnt/RAID0-1/Users/test# getfacl ./ # file: ./ # owner: administrator # group: usersadmins group:usersr:r-x---a-R-c---:fd----:allow group:usersadmins:rwxpDdaARWcCo-:fd----:allow group:usersrw:rwxp-daARWc---:fd----:allow [root@st1] /mnt/RAID0-1/Users/test# getfacl test.txt # file: test.txt # owner: administrator # group: usersadmins group:usersr:r-x---a-R-c---:------:allow group:usersadmins:rwxpDdaARWcCo-:------:allow group:usersrw:rwxp-daARWc---:------:allow owner@:rw-p--aARWcCos:------:allow group@:rw-p--a-R-c--s:------:allow everyone@:rw-p--a-R-c--s:------:allow
I did expect the new file to have exactly the same ACL as the parent folder, without the "fd" of course. Especially I do not want the added rights for "everyone". But actually I was hoping to get an exact (inherited) copy of the parent folders rights for new folders and files.
Showing the ACLs on the windows clients, for new folders, the correctly inherited rights are recognized as such, while the unwanted rights are folder specific (not inherited). For created files, none of the rights are shown as inherited.
This shares smb.conf part reads:
Code:
path = /mnt/RAID0-1/Users/test printable = no veto files = /.snap/.windows/.zfs/ writeable = yes browseable = no inherit owner = yes inherit permissions = no vfs objects = zfsacl guest ok = no inherit acls = Yes map archive = No map readonly = no nfs4:mode = special nfs4:acedup = merge nfs4:chown = yes
I am running Build "FreeNAS-9.2.0-RELEASE-x64",
CIFS has "EA Support" and "Support DOS File Attributes" checked.
The share has "Inherit Owner" set, because I do not want the user to be able to change ACLs (screws up my backup).
Unchecking "Inherit Owner" does not solve the problem. I tried through a lot of combinations supplying "inherit *" config values to samba, checking/unchecking "Inherit Owner"/"Inherit Permissions", but could not find a way to solve my problem.
I would really appreciate if any of you had a suggestion for me to get rid of these unwanted ACL entries. Should you need any additional intel, please ask and I will gladly supply it.
MainUser