Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-101685

Default to fruit:nfs_aces = no so that SMB permissions changes are accessible when copied to Mac

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done (View Workflow)
    • Priority: Low
    • Resolution: Complete
    • Affects Version/s: 11.2-U4
    • Fix Version/s: 11.2-U5
    • Component/s: Services
    • Labels:
      None

      Description

      Repro:
      - create dataset Test4, share type = Windows, everything else default
      - edit Test4 permissions: ACL type = Windows, owner = nobody, group = FooGroup, applied recursively
      - create a new SMB share pointing to Test4, all settings default
      - from a Windows PC, connect as user=sean (a member of FooGroup), copy some files to the share.
      - ssh as root to FreeNAS and:

      root@freenas[/mnt/ekur/Test4]# ll
      total 19
      drwxrwxr-x+  2 nobody  FooGroup  uarch    5 May  3 11:49 ./
      drwxr-xr-x  12 root    wheel              uarch   12 May  3 11:44 ../
      -rwxrwxr-x+  1 sean    FooGroup  uarch 8196 May  3 11:49 .DS_Store*
      -rwxrwxr-x+  1 nobody  FooGroup  uarch    0 May  3 11:44 .windows*
      -rwxrwxr-x+  1 sean    FooGroup  uarch 2416 Apr 30 22:32 test.txt*

      - Back in Windows, right-click > Properties > Security. Make some permission change, ex: "Everyone" has read-only access, remove that, since this share should be available only to employees in FooGroup.
      - Now back on the FreeNAS shell I see:

      root@freenas[/mnt/ekur/Test4]# ll
      total 19
      drwxrwx---+  2 nobody  FooGroup  uarch    5 May  3 11:49 ./
      drwxr-xr-x  12 root    wheel              uarch   12 May  3 11:44 ../
      ----rwx---+  1 sean    FooGroup  uarch 8196 May  3 11:49 .DS_Store*
      -rwxrwxr-x+  1 nobody  FooGroup  uarch    0 May  3 11:44 .windows*
      ----rwx---+  1 sean    FooGroup  uarch 2416 Apr 30 22:32 test.txt*

      Notice that test.txt changed from 775 to 070.

      In and of itself I could live with that.

      *But* the problem is that if I then connect to the same share, as the same user, but from a Mac:
      - I can open and view the file directly off the share
      - *but* if I copy the file from the share to the Mac, the file gets 070 permission (on the Mac) and I can't open the file.

      It's rather nonsensical that I should be able to view & edit a file *on* a share, but not access my own local copy of it.

      See also:
      https://www.ixsystems.com/community/threads/unix-permission-changes-after-copying-to-freenas-and-back-again-via-smb.75483/#post-529240

       

      Surely this is a bug?!

        Attachments

          Activity

            People

            Assignee:
            awalker Andrew Walker
            Reporter:
            seanm Sean McBride
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Summary Panel