Help understanding ACLs

Hello everyone!

Long time lurker (about 2 years or so) but first time poster. Mainly due to being able to figure things out on my own, however I’m hoping someone can help me out with my issue…

I am running TrueNAS Core on my server as a VM. I am reconfiguring a few things and have noticed some changes in how filesystem ACLs are handled so maybe someone can give me insight or guidance.

I have (2) pools…
Pool1 has (3) 6TB drives in RAIDZ1 configuration.
Pool2 has (3) 4TB drives in RAIDZ1 configuration.

Pool1 was created a couple years ago when I first started TrueNAS (FreeNAS at that time). I added Pool2 a couple months ago. I want to move some of the data from Pool1 to Pool2 but I having issues with the ACLs working properly. Seems like things have changed during the updates. Below is how I would like to have the file structure on Pool2:

Users: User1, User2

Basic structure:
  • User1 is the admin and should have access to all folders (Dataset01) and is assigned to a group I need “admin”.
  • User2 should only have access to Folder02.

When I create the filesystem ACL for Dataset01 and assign User1, I can connect fine. However when I assign User2 to Folder2, I get an error when trying to connect stating that the user doesn’t have permissions (this is on a Mac, but needs to work for Windows as well). I’ve also tried assigning a group to the share instead of the user and same error.

Can anyone help me out with this? I fell like I’ve exhausted everything but I’m sure it’s something stupid I’m missing. Let me know if you need any info and I will gladly provide it. TIA

Folder01 and Folder02 are datasets too, right?

Can you show us the permissions config please to sanity check them?

@newuser080624 yes both folders are datasets. Folder structure is:


@Johnny_Fartpants I assume you want the permissions as seen from the shell, so here you go:

root@NAS[~]# getfacl /mnt/pool2/dataset03
# file: /mnt/pool2/dataset03
# owner: root
# group: wheel
root@NAS[~]# getfacl /mnt/pool2/dataset03/Folder02
# file: /mnt/pool2/dataset03/Folder02
# owner: root
# group: wheel

Did you set permissions from the CLI or UI? Can we see UI permissions?

For User2 you have to set at least (filesystem ACL) “traverse” permission for Dataset01. Otherwise navigation to Folder02 will not be possible.

@newuser080624 Looks like that did it! Strange that I don’t have that set anywhere in Pool1, yet I can connect to shares in that pool. I figured it was something stupid 0_o thanks for the help on that. Going to go thru and reset permissions on everything now.