macOS SMB ACL Permission

Hey all, having an issue with ACL’s on macOS. Running Dragonfish-24.04.2, the system is domain joined, smb share has an ACL, using the default NFS4_OPEN preset.

If I set the acl to drwxrwxrwx I get that on windows and linux. On the Mac side I’ll only get drwx------+

Tried Enabling and Disabling Apple SMB2/3 Protocol Extensions but that seems to have no effect.

Thanks in advance.

Are you managing permissions from the UI? If so can you post some screenshots of your current setup?

Sure, not doing anything in the command line. Here’s the screenshot of the ACL.

We don’t enable the NFS aces that MacOS uses to try to suss out posix mode (because it would be inaccurate). The + in MacOS indicates ACL is present and POSIX mode is not to be trusted.

1 Like

Apologies, I just looked up the + and @ character usage for permissions on macOS.

If I add the -e flag to ls I can see all the ACL’s correctly. So my shares do have the ACL equivalent of 777 already.

TIL

ls -la
-rwx------@  1 user  DOM\Domain Users    529  1 Dec  2023 notes.txt
ls -le

-rwx------@ 1 user  DOM\Domain Users    529  1 Dec  2023 notes.txt
 0: user:files inherited allow read,write,execute,delete,append,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown
 1: group:DOM\Domain Users inherited allow read,write,execute,delete,append,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown
 2: group:everyone inherited allow read,write,execute,delete,append,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown

Right. This is the same as if you had mounted a Windows server share. Displaying POSIX mode is a convenience feature, but it’s not terribly helpful since ACLs typically can’t be fully represented as a POSIX mode without loss of information.

1 Like