ACLs setting executable bit on files on NFS share

I recently setup a TrueNAS Scale server and I am struggling a little with ACLs and file permissions.

I have a dataset created as multiprotocol that I share via SMB and NFS.

I have assigned ACLs. I am using a Linux machine to connect the share(s).

When I connect via SMB, all works as I expect. But when I connect via NFS and create any files, they are marked executable.

Is there something I need to do to stop that from happening? Ideally, they would not be executable unless I specifically requested that permission.

I can’t edit my own post since I am new user but it is worth noting that I am running ElectricEel-24.10.0.2.

Back in the old CORE-only days, the simultaneous sharing of data by SMB and NFS, both with write access, was strongly discouraged. Has that changed? I have a large dataset shared by both, but the NFS access is read-only. It works great, even still in SCALE 24.10.0.2

I stay as far away from ACLs as possible. They are the devil’s pitchforks.

The behavior is the same even if I remove the SMB share.

I am fairly certain it has something to do with the way the ACLs are configured by default. I have another dataset that has POSIX permissions and that works as expected over NFS.

It’s possible that the combined sharing has already done it’s damage, even after removing the SMB share. But why not remove both, and re-set it up like your other dataset? Avoid ACLs

In this case, I need ACLs. POSIX permissions are not sufficient to represent the permissions.

OK, I found a solutions for this problem in case anyone comes across this issue in the future.

You can create separate ACLs for files and directories. That way you can exclude executable from files explicitly

This requires duplicating every permission which has write access. This is not much fun from an ongoing maintenance perspective.

If anyone finds a better way, please let me know.

1 Like