The obvious thing I can see is that you have a share ACL. Try loosing that (reset to default) and see if that’s better. Your filesystem ACL should be sufficient to control access.
I’d also lose the owner@ and group@ entries. You’ll need to apply permissions recursively to re-stamp all permissions.