Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-101685

Default to fruit:nfs_aces = no so that SMB permissions changes are accessible when copied to Mac

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done (View Workflow)
    • Priority: Low
    • Resolution: Done
    • Affects Version/s: 11.2-U4
    • Fix Version/s: 11.2-U5
    • Component/s: Services
    • Labels:
      None
    • Attempts to pass:
      1
    • Testing System:
      X10-HA
    • QA Status:
      Test Passes TrueNAS
    • Acceptance Criteria:
      Hide
      `testparm -s | grep nfs_aces` should the following when fruit is added to a share's vfs objects:
      "fruit:nfs_aces = no"
      Show
      `testparm -s | grep nfs_aces` should the following when fruit is added to a share's vfs objects: "fruit:nfs_aces = no"

      Description

      Repro:
      - create dataset Test4, share type = Windows, everything else default
      - edit Test4 permissions: ACL type = Windows, owner = nobody, group = FooGroup, applied recursively
      - create a new SMB share pointing to Test4, all settings default
      - from a Windows PC, connect as user=sean (a member of FooGroup), copy some files to the share.
      - ssh as root to FreeNAS and:

      root@freenas[/mnt/ekur/Test4]# ll
      total 19
      drwxrwxr-x+  2 nobody  FooGroup  uarch    5 May  3 11:49 ./
      drwxr-xr-x  12 root    wheel              uarch   12 May  3 11:44 ../
      -rwxrwxr-x+  1 sean    FooGroup  uarch 8196 May  3 11:49 .DS_Store*
      -rwxrwxr-x+  1 nobody  FooGroup  uarch    0 May  3 11:44 .windows*
      -rwxrwxr-x+  1 sean    FooGroup  uarch 2416 Apr 30 22:32 test.txt*

      - Back in Windows, right-click > Properties > Security. Make some permission change, ex: "Everyone" has read-only access, remove that, since this share should be available only to employees in FooGroup.
      - Now back on the FreeNAS shell I see:

      root@freenas[/mnt/ekur/Test4]# ll
      total 19
      drwxrwx---+  2 nobody  FooGroup  uarch    5 May  3 11:49 ./
      drwxr-xr-x  12 root    wheel              uarch   12 May  3 11:44 ../
      ----rwx---+  1 sean    FooGroup  uarch 8196 May  3 11:49 .DS_Store*
      -rwxrwxr-x+  1 nobody  FooGroup  uarch    0 May  3 11:44 .windows*
      ----rwx---+  1 sean    FooGroup  uarch 2416 Apr 30 22:32 test.txt*

      Notice that test.txt changed from 775 to 070.

      In and of itself I could live with that.

      *But* the problem is that if I then connect to the same share, as the same user, but from a Mac:
      - I can open and view the file directly off the share
      - *but* if I copy the file from the share to the Mac, the file gets 070 permission (on the Mac) and I can't open the file.

      It's rather nonsensical that I should be able to view & edit a file *on* a share, but not access my own local copy of it.

      See also:
      https://www.ixsystems.com/community/threads/unix-permission-changes-after-copying-to-freenas-and-back-again-via-smb.75483/#post-529240

       

      Surely this is a bug?!

        Attachments

          Container Issues

            Activity

              People

              • Assignee:
                awalker Andrew Walker
                Reporter:
                seanm Sean McBride
                QE Engineer:
                Bonnie Follweiler
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Merged after freeze:

                  Summary Panel