NFS4ACL delete permission not respected through NFS

Hello community,

I am relatively new to TrueNAS and currently try to get NFS4ACLS on NFS- and SMB-fileshares to work in a predictable manner. The basics work as expected but I have trouble in understanding what is going on with the delete permissions. For some reason I can always delete a file or folder even though I don’t have the permission assigned.

Here is my setup:

Version: TrueNAS-13.0-U6.2 (core)

I have a dataset mounted to ‘/nfs4’ on ‘nfsclient1’ (linux debian). Root squash is disabled by mapping root to nobody/nogroup.

root@nfsclient1:~# mount -t nfs -o vers=4.2,sec=sys truenas:/mnt/Share/srv/data /nfs4/
root@nfsclient1:~# ls -lshn /nfs4/
ls: cannot open directory '/nfs4/': Permission denied

So far so good. Now switching to ‘user1’:
Here you can see the file ‘foo’ which is owned by ‘root’ (I have also tried other owners/group). ‘User1’ is a member of group ‘1000’. He should have only ‘rwaxtTnNcy’ permission to that file. Still the user is able to delete the file.

user1@nfsclient1:/nfs4$ nfs4_getfacl -R foo
# file: foo
A:g:10000:rwaxtTnNcy
A::EVERYONE@:

user1@nfsclient1:/nfs4$ getfacl -R foo
# file: foo
# owner: root
# group: root
user::---
group::---
other::---

user1@nfsclient1:/nfs4$ ls -lshn foo
512 ---------- 1 0 0 0 Oct 22 09:43 foo
user1@nfsclient1:/nfs4$ rm foo
user1@nfsclient1:/nfs4$

When accessing the share though SMB the delete permission works. Is that a limitation of NFS or am I missing something here? As mentioned all other permissions seem to work fine also through NFS (e.g write owner). Only ‘delete’ and ‘delete children’ seem no to work (as I) expected.

What are the permissions server-side? (parent directory and file – getfacl)

This is the governing standard on deletion.