Help to setup Truenas ElectricEel-24.10.2 SMBv3 for OSX

TrueNAS General
,
1

I tried already over countless hours to set up a simple dataset to be shared over SMB to an mac running 14.7 (Sonoma).

Despite my efforts and reading lots of different articles, I just cannot set it up to work.

Can someone who might set up similar help out.

Here is what I wanted to set-up:
mount an SMB share from Truenas under the logged in user’s home folder on SOX and keep all usr/group/xattr etc access so that it follows the same access as it would be just any other folder in the home folder. Usually on a standard OSX install the first user that generally anyone uses has the id -u => 501 and id -g => 20.

here is the ls -lah on OSX and the moounted SMB (they should be identical, but seems cut out on SMB ):
OSX:
drwxr-xr-x 9 usr1 staff 288B Jun 20 2017 .
drwxr-xr-x 15 usr1 staff 480B May 23 2018 …
drwxr-xr-x 3 usr1 staff 96B Jan 10 2018 Documents
-rw-r–r-- 1 usr1 staff 1.3K Apr 5 2016 picture1.jpg
-rw------- 1 usr1 staff 1.6K Apr 5 2016 picture2.jpg

SMB:
drwx------ 1 usr1 staff 16K Jun 20 2017 .
drwx------ 1 usr1 staff 16K May 23 2018 …
drwx------ 1 usr1 staff 16K Jan 10 2018 Documents
-rwx------ 1 usr1 staff 1.3K Apr 5 2016 picture1.jpg
-rwx------ 1 usr1 staff 412B Apr 5 2016 picture2.jpg

On Truenas:
1.) I set an user with id 501 and gid 20. Created one dataset only for this purpose, set ACL Type: SMB/NFSv4; ACL Mode: Passthrough.
For the actual owner/group etc ACLs I set FULL Controll for USR/GROUP/EVERYONE just for testing now

2.) For the sahre: I tried all different Purpose that is available; I experiemneted with the different combinations of the “Other Options” as well. I even tried to set using the shell (Although this made OSX to not be able to mount the share in any way):
midclt call sharing.smb.update <share_id> ‘{“auxsmbconf”: “vfs objects = catia fruit streams_xattr fruit:aapl = yes”}’

Here is one of the log I have while trying to mount the share when the above cli is run to set things for OSX:
[2025/03/21 14:27:40.306907, 3] …/…/lib/util/access.c:372(allow_access)
Allowed connection from 192.168.1.4 (192.168.1.4)
[2025/03/21 14:27:40.307247, 3] …/…/source3/smbd/smb2_oplock.c:1410(init_oplocks)
init_oplocks: initializing messages.
[2025/03/21 14:27:40.309023, 3] …/…/source3/smbd/smb2_negprot.c:1156(smb2_multi_protocol_reply_negprot)
Requested protocol [NT LM 0.12]
[2025/03/21 14:27:40.309122, 3] …/…/source3/smbd/smb2_negprot.c:1156(smb2_multi_protocol_reply_negprot)
Requested protocol [SMB 2.002]
[2025/03/21 14:27:40.309174, 3] …/…/source3/smbd/smb2_negprot.c:1156(smb2_multi_protocol_reply_negprot)
Requested protocol [SMB 2.???]
[2025/03/21 14:27:40.309528, 3] …/…/source3/smbd/smb2_negprot.c:368(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF
[2025/03/21 14:27:40.310318, 3] …/…/auth/gensec/gensec_start.c:1084(gensec_register)
GENSEC backend ‘gssapi_spnego’ registered
[2025/03/21 14:27:40.310431, 3] …/…/auth/gensec/gensec_start.c:1084(gensec_register)
GENSEC backend ‘gssapi_krb5’ registered
[2025/03/21 14:27:40.310489, 3] …/…/auth/gensec/gensec_start.c:1084(gensec_register)
GENSEC backend ‘gssapi_krb5_sasl’ registered
[2025/03/21 14:27:40.310573, 3] …/…/auth/gensec/gensec_start.c:1084(gensec_register)
GENSEC backend ‘spnego’ registered
[2025/03/21 14:27:40.310696, 3] …/…/auth/gensec/gensec_start.c:1084(gensec_register)
GENSEC backend ‘schannel’ registered
[2025/03/21 14:27:40.310765, 3] …/…/auth/gensec/gensec_start.c:1084(gensec_register)
GENSEC backend ‘ncalrpc_as_system’ registered
[2025/03/21 14:27:40.310810, 3] …/…/auth/gensec/gensec_start.c:1084(gensec_register)
GENSEC backend ‘sasl-EXTERNAL’ registered
[2025/03/21 14:27:40.310897, 3] …/…/auth/gensec/gensec_start.c:1084(gensec_register)
GENSEC backend ‘ntlmssp’ registered
[2025/03/21 14:27:40.311060, 3] …/…/auth/gensec/gensec_start.c:1084(gensec_register)
GENSEC backend ‘ntlmssp_resume_ccache’ registered
[2025/03/21 14:27:40.311243, 3] …/…/auth/gensec/gensec_start.c:1084(gensec_register)
GENSEC backend ‘http_basic’ registered
[2025/03/21 14:27:40.311341, 3] …/…/auth/gensec/gensec_start.c:1084(gensec_register)
GENSEC backend ‘http_ntlm’ registered
[2025/03/21 14:27:40.311417, 3] …/…/auth/gensec/gensec_start.c:1084(gensec_register)
GENSEC backend ‘http_negotiate’ registered
[2025/03/21 14:27:40.311790, 3] …/…/source3/smbd/smb2_negprot.c:1221(smb2_multi_protocol_reply_negprot)
Selected protocol SMB 2.???
[2025/03/21 14:27:40.312285, 3] …/…/source3/smbd/smb2_negprot.c:368(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2025/03/21 14:27:40.383163, 3] …/…/auth/ntlmssp/ntlmssp_util.c:78(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62888215
[2025/03/21 14:27:40.385101, 3] …/…/auth/ntlmssp/ntlmssp_server.c:512(ntlmssp_server_preauth)
Got user=[usr1] domain=[MY_HOME] workstation=[MY_MAC] len1=24 len2=220
[2025/03/21 14:27:40.385275, 3] …/…/source3/auth/auth.c:202(auth_check_ntlm_password)
auth_check_ntlm_password: check_ntlm_password: Checking password for unmapped user [MY_HOME][usr1]@[MY_MAC] with the new password interface
[2025/03/21 14:27:40.385378, 3] …/…/source3/auth/auth.c:208(auth_check_ntlm_password)
auth_check_ntlm_password: check_ntlm_password: mapped user is: [MY_HOME][usr1]@[MY_MAC]
[2025/03/21 14:27:40.388267, 3] …/…/source3/passdb/lookup_sid.c:1720(get_primary_group_sid)
Forcing Primary Group to ‘Domain Users’ for my
[2025/03/21 14:27:40.389044, 3] …/…/source3/passdb/lookup_sid.c:1720(get_primary_group_sid)
Forcing Primary Group to ‘Domain Users’ for my
[2025/03/21 14:27:40.389573, 3] …/…/source3/auth/auth.c:274(auth_check_ntlm_password)
auth_check_ntlm_password: sam_ignoredomain authentication for user [usr1] succeeded
[2025/03/21 14:27:40.389757, 3] …/…/auth/auth_log.c:1237(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [MY_HOME][usr1] at [Fri, 21 Mar 2025 14:27:40.389709 CET] with [NTLMv2] status [NT_STATUS_OK] workstation [MY_MAC] remote host [ipv4:192.168.1.4:56005] became [MY_HOME][usr1] [S-1-5-21-871643717-2070335205-3576766932-20076]. local host [ipv4:192.168.1.2:445]
{“timestamp”: “2025-03-21T14:27:40.389963+0100”, “type”: “Authentication”, “Authentication”: {“version”: {“major”: 1, “minor”: 3}, “eventId”: 4624, “logonId”: “0”, “logonType”: 3, “status”: “NT_STATUS_OK”, “localAddress”: “ipv4:192.168.1.2:445”, “remoteAddress”: “ipv4:192.168.1.4:56005”, “serviceDescription”: “SMB2”, “authDescription”: null, “clientDomain”: “MY_HOME”, “clientAccount”: “my”, “workstation”: “MY_MAC”, “becameAccount”: “my”, “becameDomain”: “MY_HOME”, “becameSid”: “S-1-5-21-871643717-2070335205-3576766932-20076”, “mappedAccount”: “my”, “mappedDomain”: “MY_HOME”, “netlogonComputer”: null, “netlogonTrustAccount”: null, “netlogonNegotiateFlags”: “0x00000000”, “netlogonSecureChannelType”: 0, “netlogonTrustAccountSid”: null, “passwordType”: “NTLMv2”, “clientPolicyAccessCheck”: null, “serverPolicyAccessCheck”: null, “duration”: 7040}}
[2025/03/21 14:27:40.390398, 2] …/…/source3/auth/auth.c:332(auth_check_ntlm_password)
check_ntlm_password: authentication for user [usr1] → [usr1] → [usr1] succeeded
[2025/03/21 14:27:40.390477, 3] …/…/source3/param/loadparm.c:3983(lp_load_ex)
lp_load_ex: refreshing parameters
[2025/03/21 14:27:40.390634, 3] …/…/source3/param/loadparm.c:561(loadparm_s3_init_globals)
Initialising global parameters
[2025/03/21 14:27:40.390903, 3] …/…/source3/param/loadparm.c:2885(lp_do_section)
Processing section “[global]”
[2025/03/21 14:27:40.391603, 3] …/…/source3/param/loadparm.c:1687(lp_add_ipc)
adding IPC service
[2025/03/21 14:27:40.391780, 3] …/…/auth/ntlmssp/ntlmssp_sign.c:623(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2025/03/21 14:27:40.391845, 3] …/…/auth/ntlmssp/ntlmssp_util.c:78(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2025/03/21 14:27:40.391960, 3] …/…/auth/ntlmssp/ntlmssp_sign.c:623(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2025/03/21 14:27:40.392012, 3] …/…/auth/ntlmssp/ntlmssp_util.c:78(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2025/03/21 14:27:40.392411, 3] …/…/source3/auth/token_util.c:707(finalize_local_nt_token)
Failed to fetch domain sid for MY_WG
[2025/03/21 14:27:40.394373, 3] …/…/source3/smbd/password.c:84(register_homes_share)
Adding homes service for user ‘my’ using home directory: ‘/var/empty’
[2025/03/21 14:27:40.404805, 3] …/…/lib/util/access.c:372(allow_access)
Allowed connection from 192.168.1.4 (192.168.1.4)
[2025/03/21 14:27:40.405008, 3] …/…/source3/smbd/smb2_service.c:584(make_connection_snum)
make_connection_snum: Connect path is ‘/tmp’ for service [IPC$]
[2025/03/21 14:27:40.405118, 3] …/…/source3/smbd/vfs.c:115(vfs_init_default)
Initialising default vfs hooks
[2025/03/21 14:27:40.405233, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2025/03/21 14:27:40.522995, 2] …/…/source3/param/loadparm.c:2902(lp_do_section)
Processing section “[my_home]”
[2025/03/21 14:27:40.523099, 3] …/…/lib/util/access.c:372(allow_access)
Allowed connection from 192.168.1.4 (192.168.1.4)
[2025/03/21 14:27:40.523129, 3] …/…/source3/smbd/smb2_service.c:584(make_connection_snum)
make_connection_snum: Connect path is ‘/mnt/flash_store/my_home’ for service [my_home]
[2025/03/21 14:27:40.523147, 3] …/…/source3/smbd/vfs.c:115(vfs_init_default)
Initialising default vfs hooks
[2025/03/21 14:27:40.523166, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2025/03/21 14:27:40.523178, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [shadow_copy_zfs]
[2025/03/21 14:27:40.531488, 3] …/…/lib/util/modules.c:167(load_module_absolute_path)
load_module_absolute_path: Module ‘/usr/lib/x86_64-linux-gnu/samba/vfs/shadow_copy_zfs.so’ loaded
[2025/03/21 14:27:40.531511, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [streams_xattr]
[2025/03/21 14:27:40.532409, 3] …/…/lib/util/modules.c:167(load_module_absolute_path)
load_module_absolute_path: Module ‘/usr/lib/x86_64-linux-gnu/samba/vfs/streams_xattr.so’ loaded
[2025/03/21 14:27:40.532427, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [fruit]
[2025/03/21 14:27:40.533349, 3] …/…/lib/util/modules.c:167(load_module_absolute_path)
load_module_absolute_path: Module ‘/usr/lib/x86_64-linux-gnu/samba/vfs/fruit.so’ loaded
[2025/03/21 14:27:40.533375, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [catia]
[2025/03/21 14:27:40.534244, 3] …/…/lib/util/modules.c:167(load_module_absolute_path)
load_module_absolute_path: Module ‘/usr/lib/x86_64-linux-gnu/samba/vfs/catia.so’ loaded
[2025/03/21 14:27:40.534264, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [yes]
[2025/03/21 14:27:40.534291, 0] …/…/lib/util/modules.c:49(load_module)
Error loading module ‘/usr/lib/x86_64-linux-gnu/samba/vfs/yes.so’: /usr/lib/x86_64-linux-gnu/samba/vfs/yes.so: cannot open shared object file: No such file or directory
[2025/03/21 14:27:40.534310, 0] …/…/source3/smbd/vfs.c:185(vfs_init_custom)
error probing vfs module ‘yes’: NT_STATUS_UNSUCCESSFUL
[2025/03/21 14:27:40.534321, 0] …/…/source3/smbd/vfs.c:399(smbd_vfs_init)
smbd_vfs_init: vfs_init_custom failed for yes
[2025/03/21 14:27:40.534329, 0] …/…/source3/smbd/smb2_service.c:612(make_connection_snum)
make_connection_snum: vfs_init failed for service my_home
[2025/03/21 14:27:40.534344, 3] …/…/source3/smbd/smb2_server.c:4050(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_BAD_NETWORK_NAME] || at …/…/source3/smbd/smb2_tcon.c:151
[2025/03/21 14:27:40.534767, 3] …/…/lib/util/access.c:372(allow_access)
Allowed connection from 192.168.1.4 (192.168.1.4)
[2025/03/21 14:27:40.534804, 3] …/…/source3/smbd/smb2_service.c:584(make_connection_snum)
make_connection_snum: Connect path is ‘/mnt/flash_store/my_home’ for service [my_home]
[2025/03/21 14:27:40.534823, 3] …/…/source3/smbd/vfs.c:115(vfs_init_default)
Initialising default vfs hooks
[2025/03/21 14:27:40.534834, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2025/03/21 14:27:40.534850, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [shadow_copy_zfs]
[2025/03/21 14:27:40.534861, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [streams_xattr]
[2025/03/21 14:27:40.534869, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [fruit]
[2025/03/21 14:27:40.534877, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [catia]
[2025/03/21 14:27:40.534885, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [yes]
[2025/03/21 14:27:40.534909, 0] …/…/lib/util/modules.c:49(load_module)
Error loading module ‘/usr/lib/x86_64-linux-gnu/samba/vfs/yes.so’: /usr/lib/x86_64-linux-gnu/samba/vfs/yes.so: cannot open shared object file: No such file or directory
[2025/03/21 14:27:40.534921, 0] …/…/source3/smbd/vfs.c:185(vfs_init_custom)
error probing vfs module ‘yes’: NT_STATUS_UNSUCCESSFUL
[2025/03/21 14:27:40.534931, 0] …/…/source3/smbd/vfs.c:399(smbd_vfs_init)
smbd_vfs_init: vfs_init_custom failed for yes
[2025/03/21 14:27:40.534939, 0] …/…/source3/smbd/smb2_service.c:612(make_connection_snum)
make_connection_snum: vfs_init failed for service my_home
[2025/03/21 14:27:40.534952, 3] …/…/source3/smbd/smb2_server.c:4050(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_BAD_NETWORK_NAME] || at …/…/source3/smbd/smb2_tcon.c:151
[2025/03/21 14:27:40.537181, 3] …/…/lib/util/access.c:372(allow_access)
Allowed connection from 192.168.1.4 (192.168.1.4)
[2025/03/21 14:27:40.537218, 3] …/…/source3/smbd/smb2_service.c:584(make_connection_snum)
make_connection_snum: Connect path is ‘/tmp’ for service [IPC$]
[2025/03/21 14:27:40.537238, 3] …/…/source3/smbd/vfs.c:115(vfs_init_default)
Initialising default vfs hooks
[2025/03/21 14:27:40.537249, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2025/03/21 14:27:40.537718, 3] …/…/source3/smbd/msdfs.c:985(get_referred_path)
get_referred_path: |my_home| in dfs path \192.168.1.2\my_home is not a dfs root.
[2025/03/21 14:27:40.537741, 3] …/…/source3/smbd/smb2_server.c:4050(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at …/…/source3/smbd/smb2_ioctl.c:355
[2025/03/21 14:27:40.540759, 3] …/…/lib/util/access.c:372(allow_access)
Allowed connection from 192.168.1.4 (192.168.1.4)
[2025/03/21 14:27:40.540949, 3] …/…/source3/smbd/smb2_service.c:584(make_connection_snum)
make_connection_snum: Connect path is ‘/tmp’ for service [IPC$]
[2025/03/21 14:27:40.541051, 3] …/…/source3/smbd/vfs.c:115(vfs_init_default)
Initialising default vfs hooks
[2025/03/21 14:27:40.541104, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2025/03/21 14:27:40.542259, 3] …/…/source3/smbd/msdfs.c:985(get_referred_path)
get_referred_path: |my_home| in dfs path \192.168.1.2\my_home is not a dfs root.
[2025/03/21 14:27:40.542376, 3] …/…/source3/smbd/smb2_server.c:4050(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at …/…/source3/smbd/smb2_ioctl.c:355
[2025/03/21 14:27:40.545569, 3] …/…/lib/util/access.c:372(allow_access)
Allowed connection from 192.168.1.4 (192.168.1.4)
[2025/03/21 14:27:40.545760, 3] …/…/source3/smbd/smb2_service.c:584(make_connection_snum)
make_connection_snum: Connect path is ‘/tmp’ for service [IPC$]
[2025/03/21 14:27:40.545861, 3] …/…/source3/smbd/vfs.c:115(vfs_init_default)
Initialising default vfs hooks
[2025/03/21 14:27:40.545917, 3] …/…/source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2025/03/21 14:27:40.546939, 0] …/…/source3/smbd/msdfs.c:107(parse_dfs_path_strict)
parse_dfs_path_strict: can’t parse hostname from path \192.168.1.2
[2025/03/21 14:27:40.547041, 3] …/…/source3/smbd/smb2_server.c:4050(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at …/…/source3/smbd/smb2_ioctl.c:355
[2025/03/21 14:27:43.670060, 3] …/…/source3/smbd/server_exit.c:229(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)

2

Not sure what is wrong, but perhaps you’ve over complicated the setup.

Rather than focus on OSX compatibility, just focus on users having desired access. With minimum config, what appears to be broken?

After that try more custom configs until it breaks unexpectedly.
Then people can review the one change to normal and see if it is an expected or unexpected issue.

1 Like
3

OK.
so lets break it down what I did as I think I kept it pretty simple, or maybe not and it is already complicated overkill (for me it seems reasonable to match the IDs)?
So, I setup the Dataset and share’s Owner’s user & group to match the ID of the one in OSX [id -u => 501 and id -g => 20].
On the Dataset/Share ACL I set owner@ - usr1, group@ - usr1, ebveryone@ to Full Control

Than on OSX I press CMD+K and use: smb://usr1@

Than I ls the original OSX folder (that previously I uploaded and for the sake of test on the TrueNas shell I set 777 for the folder, just to be sure there is no permission problem from Truenas) and the mounted folder that gets mounted to /Volumes/myShare.

And here is the problem that the original folder on OSX and the mounted SMB share on OSX although they should be identical, but seems not and pretty much cut out on the mounted SMB (is it expected? I expected 777 as I set onTruneas using the shell and the share’s ACL to be 777?, am I missing something here, maybe, please let me know if that the case and I am doing something.):

On TrueNas:
ls -lah /mnt/flash_store/myShare/
drwxrwxrwx 9 usr1 staff … .
drwxrwxrwx 15 usr1 staff … …
drwxrwxrwx 3 usr1 staff 10 Jan … Documents
-rwxrwxrwx usr1 staff 5 Apr … picture1.jpg
-rwxrwxrwx 1 usr1 staff 5 Apr … picture2.jpg

Original folder on OSX ~/myOriginalShareFolder/:
drwxr-xr-x 9 usr1 staff 288B Jun 20 2017 .
drwxr-xr-x 15 usr1 staff 480B May 23 2018 …. …
drwxr-xr-x 3 usr1 staff 96B Jan 10 2018 Documents
-rw-r–r-- 1 usr1 staff 1.3K Apr 5 2016 picture1.jpg
-rw------- 1 usr1 staff 1.6K Apr 5 2016 picture2.jpg

ls of SMB mounted on OSX /Volumes/myShare/:
drwx------ 1 usr1 staff 16K Jun 20 2017 .
drwx------ 1 usr1 staff 16K May 23 2018 … …
drwx------ 1 usr1 staff 16K Jan 10 2018 Documents
-rwx------ 1 usr1 staff 1.3K Apr 5 2016 picture1.jpg
-rwx------ 1 usr1 staff 412B Apr 5 2016 picture2.jpg

4

You are using this wrong. SMB is not designed to match Unix user/group IDs.

There is a Use as Home Share check in the SMB shares for creating a home directory.

5

Indeed.

The permissions on the TrueNAS side will be whatever the ACLs dictate. It doesn’t matter what they were on the MacOS side, as long as the files can be read and thus copied.

Maybe NFS would be a better fit? Maybe.