I want to give a group full control on a dataset and all nested files and folders. The dataset has SMB/NFSv4 ACLs.
This directory has owner@ and group@ values that do not align with directories within the dataset, therefore I cannot simply add the ACL for the group and choose “Apply permissions recursively” because it will overwrite the owner@ and group@ for nested files and folders. I can’t see a way within the GUI to apply just a single ACL recursively and ignore the existing ACLs.
I also tried using the CLI to set the permissions using the following command:
root@truenas[~]# midclt call filesystem.setacl '{
"path": "/mnt/path/to/dataset",
"dacl": [
{
"tag": "GROUP",
"type": "ALLOW",
"perms": {
"BASIC": "FULL_CONTROL"
},
"flags": {
"BASIC": "INHERIT"
},
"id": 100001106
}
],
"options": {
"recursive": true,
"traverse": true
},
"uid": null,
"gid": null,
"acltype": "NFSV4"
}'
I guess this is formatted incorrectly? Not sure how, I tried to reference this: filesystem.setacl — TrueNAS API v25.04.1 documentation
In the audit log I just had the following:
{
"success": false,
"method": "filesystem.setacl",
"params": [
{
"path": "/mnt/path/to/dataset",
"dacl": [
{
"tag": "GROUP",
"type": "ALLOW",
"perms": {},
"flags": {},
"id": 100001106
}
],
"options": {
"recursive": true,
"traverse": true
},
"uid": null,
"gid": null,
"acltype": "NFSV4"
}
],
"description": "Filesystem set ACL /mnt/path/to/dataset",
"authenticated": true,
"authorized": true
}
The perms and flags objects are empty, is it not reading these values correctly from my command? It seems this might be the case because I tried with NFS4ACE_AdvancedFlags and they then appeared correctly in the audit log (perms remained empty). But I want to use NFS4ACE_BasicFlags, and the API implies this is possible.
Any ideas?