Hello community,
I am relatively new to TrueNAS and currently try to get NFS4ACLS on NFS- and SMB-fileshares to work in a predictable manner. The basics work as expected but I have trouble in understanding what is going on with the delete permissions. For some reason I can always delete a file or folder even though I don’t have the permission assigned.
Here is my setup:
Version: TrueNAS-13.0-U6.2 (core)
I have a dataset mounted to ‘/nfs4’ on ‘nfsclient1’ (linux debian). Root squash is disabled by mapping root to nobody/nogroup.
root@nfsclient1:~# mount -t nfs -o vers=4.2,sec=sys truenas:/mnt/Share/srv/data /nfs4/
root@nfsclient1:~# ls -lshn /nfs4/
ls: cannot open directory '/nfs4/': Permission denied
So far so good. Now switching to ‘user1’:
Here you can see the file ‘foo’ which is owned by ‘root’ (I have also tried other owners/group). ‘User1’ is a member of group ‘1000’. He should have only ‘rwaxtTnNcy’ permission to that file. Still the user is able to delete the file.
user1@nfsclient1:/nfs4$ nfs4_getfacl -R foo
# file: foo
A:g:10000:rwaxtTnNcy
A::EVERYONE@:
user1@nfsclient1:/nfs4$ getfacl -R foo
# file: foo
# owner: root
# group: root
user::---
group::---
other::---
user1@nfsclient1:/nfs4$ ls -lshn foo
512 ---------- 1 0 0 0 Oct 22 09:43 foo
user1@nfsclient1:/nfs4$ rm foo
user1@nfsclient1:/nfs4$
When accessing the share though SMB the delete permission works. Is that a limitation of NFS or am I missing something here? As mentioned all other permissions seem to work fine also through NFS (e.g write owner). Only ‘delete’ and ‘delete children’ seem no to work (as I) expected.