NFSv4 ACLs on Generic Datasets for Use with NFS Shares: Reasons Not to Do This?

So, I’ve been trying to understand Unix-style ACLs over here: [25.10.1] How to Add Group Permissions to Generic Dataset (for NFS Share)?

I think I’ve just about got it, but it got me wondering–do I even need them?

I use NFS v 4.x (the latest version my clients support) with Generic shares.

Previously, mostly for NFS shares meant for Proxmox to use, I’ve manually set the Generic datasets that back the shares to use NFS v4 ACLs, and everything (seems) to work fine.

So, I suppose my question is, what’s the downside of always using NFSv4 ACLs on generic datasets that back NFS shares? I’d be able to use the same ACL interface for all my SMB and NFS shares.

Put another way, how much am I going to regret later using NFSv4 ACLs on Generic datasets backing NFS shares? It seems like NFS should have no problems with something called an NFSv4 ACL–I’m guessing defaulting to Unix-style permissions is meant to make it easy to use NFS v3 on a fresh TrueNAS CE install, but that’s just a guess.

It’s about on-disk ACL format. NFSv3 technically doesn’t have ACL support. Changing on-disk ACL format after the fact just means you have to redo permissions entirely.

Thanks for the clarification.

so, if I’m creating a brand new generic dataset that will only be used with NFS v4, I should be safe to use NFS v4 ACLs, right?

That’s just the style of on-disk format. Kernel / ZFS understands and enforces them. Local processes, SMB, etc will obey whatever is set there and just work (because they can’t bypass the kernel). We have real ACLs that really get enforced by the kernel / filesystem (which is why people run into permissions problems a lot).