Defaults perms on new files/dirs created by Samba

I have a dataset called media which has the following permissions on it:


I have a Samba share with default share parameters and a user called servarr with primary group set to mediarw. I have a Ubuntu client mounting the share as the servarr user.

The newly created files end up with these permissions:

-rw-r--r--+ 1 servarr andrei 0 May 29 12:15 foo

Is there a way to control these permissions via ACLs somehow or do I need to stick create_mode into SMB auxiliary parameters? Also, is there a way to control which group gets set on newly created files/dirs? I thought it would be the primary one that servarr belongs to, but apparently not.

Is the dataset aclmode property set to RESTRICTED? (This is generally the recommended / supported configuration for SMB share datasets, and what is set by our presets on dataset creation if you use the “SMB” option).

Looks like it’s not.

truenas% zfs get all haven/media | grep acl
haven/media  aclmode               passthrough            local
haven/media  aclinherit            passthrough            inherited from haven
haven/media  acltype               nfsv4                  default
truenas% zfs get all haven | grep acl
haven  aclmode               passthrough            local
haven  aclinherit            passthrough            local
haven  acltype               nfsv4                  default

Is there a way to fix this without recreating the data set?

Change the aclmode to restricted.