Filesystem ACLs - apply user/group not working


I have the problem that I cannot set ACLs at all. Whenever I try to apply a user and/or group to any dataset (regardless of existing or brand new) the “Updating ACLs” process finishes but the user/group is not applied.

I logged out and back into the web interface, restarted the server, etc: nothing changes.

The TrueNAS version is Scale and the users/groups come from an LDAP.

No idea what is happening here but working ACLs are very much needed in this setup. :wink:

Does anyone have any idea what is happening here? Thanks in advance!

ACLS generally work… no question there.

Its likely to be the LDAP configuration.
Have you validated the LDAP server?
Is this for controlling SMB or NFS?

I’d recommend updating to Dragonfish to resolve.
For SMB there are logging of authentication events that might help.

1 Like

The LDAP server shows as “healthy” in the TrueNAS settings and I can find all the groups and users from there in the “Set ACLs” dialogue. It just doesn’t save them.

Running journalctl -f in the TrueNAS shell does not show any activity when I click the “Apply” button and the “Updating ACLs” tasks is running and then finishes.

The ACLs are currently only being set on the filesystem (via the “datasets” menu option) but are later supposed to be shared via SMB, but I don’t even get to that part.

Upgraded to Cobia, still the same. Now trying Dragonfish update.

Upgraded to Dragonfish, still the same.

I installed the NextCloud app from the Charts on the same TrueNAS and that one syncs just fine with the same LDAP server.

The application of user and group only works when I use NFSv4 ACLs, not with POSIX it seems. Not sure why??

Are you applying recursively and checking the “apply user” and “apply group” boxes?
Without more information is blind guesswork.

Yes, that is exactly what I’m doing:

Select the user under “Owner”, check “Apply user” below.
Select the group under “Owner group”, check “Apply group” below.
Set permissions.
Check “Apply recursively”, check “Confirm” in the popup, click Continue
Click “Save Access Control List”.

I tracked down a bug related to this yesterday (been present since angelfish apparently). It impacts top-level directory when doing recursive setacl with user-specified owner / group whilst using POSIX1E ACL type. Will be fixed in 24.04.1. Subdirectories and files owner and group get set correctly.


Ah okay, nice! So, I’m not doing it wrong. :smiley: