Scale error by setting ALCs

I replicated in dataset from TrueNAS Core to Scale.
Now I’m having problems setting the ALC rights. The following error message appears.

[EPERM] Filesystem permissions on path /mnt/storage_pool prevent access for group "tester" to the path /mnt/storage_pool/NEW-Rreplication-Test. This may be fixed by granting the aforementioned group execute permissions on the path: /mnt/storage_pool.

How do I reset all ALC permissions from the entire pool to zero?
Or is there another way to slove the problem?

Unfortunately I can no longer find the Strip ALC function in the GUI.

What is output of stat /mnt/storage_pool? This typically means that you removed the other execute bit from that path manually via shell.

This is the output.

admin@truenas[~]$ stat /mnt/storage_pool
  File: /mnt/storage_pool
  Size: 3               Blocks: 1          IO Block: 512    directory
Device: 0,64    Inode: 34          Links: 3
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-07-05 02:07:50.407334100 -0700
Modify: 2024-12-13 04:43:52.287503936 -0800
Change: 2024-12-13 04:43:52.287503936 -0800
 Birth: 2022-03-25 08:57:42.304115236 -0700

storage_pool on the new TrueNAS Scale system ist a brand new created pool. I’m sure, that I don’t change here anything over the shell.
I only did a repliation (pull) to that new pool.

What is the output of midclt call filesystem.getacl /mnt/storage_pool?

What is also output of midclt call filesystem.stat /mnt/storage_pool?

admin@truenas[~]$ midclt call filesystem.getacl /mnt/storage_pool 
{"acl": [{"tag": "owner@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": true, "EXECUTE": true, "APPEND_DATA": true, "DELETE_CHILD": false, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": true, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": true, "READ_ACL": true, "WRITE_ACL": true, "WRITE_OWNER": true, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}, {"tag": "group@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": false, "EXECUTE": true, "APPEND_DATA": false, "DELETE_CHILD": false, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}, {"tag": "everyone@", "id": -1, "perms": {"READ_DATA": true, "WRITE_DATA": false, "EXECUTE": true, "APPEND_DATA": false, "DELETE_CHILD": false, "DELETE": false, "READ_ATTRIBUTES": true, "WRITE_ATTRIBUTES": false, "READ_NAMED_ATTRS": true, "WRITE_NAMED_ATTRS": false, "READ_ACL": true, "WRITE_ACL": false, "WRITE_OWNER": false, "SYNCHRONIZE": true}, "flags": {"BASIC": "NOINHERIT"}, "type": "ALLOW"}], "trivial": true, "uid": 0, "gid": 0, "path": "/mnt/storage_pool", "nfs41_flags": {"protected": false, "defaulted": false, "autoinherit": true}, "acltype": "NFS4"}

admin@truenas[~]$ midclt call filesystem.stat /mnt/storage_pool
{"realpath": "/mnt/storage_pool", "type": "DIRECTORY", "size": 3, "allocation_size": 512, "mode": 16877, "uid": 0, "gid": 0, "atime": 1720170470.0, "mtime": 1734093832.0, "ctime": 1734093832.0, "btime": 1648223862.0, "mount_id": 142, "dev": 64, "inode": 34, "nlink": 3, "is_mountpoint": true, "is_ctldir": false, "attributes": ["MOUNT_ROOT"], "user": "root", "group": "root", "acl": false}

What is output of midclt call filesystem.stat /mnt/storage_pool/NEW-Rreplication-Test?

I made a new test from a snapshot. So the command line is changed.

admin@truenas[~]$ midclt call filesystem.stat /mnt/storage_pool/VMware               
{"realpath": "/mnt/storage_pool/VMware", "type": "DIRECTORY", "size": 8, "allocation_size": 11264, "mode": 16384, "uid": 1000, "gid": 1000, "atime": 1720170471.0, "mtime": 1734096169.0, "ctime": 1734096169.0, "btime": 1648223908.0, "mount_id": 400, "dev": 65, "inode": 34, "nlink": 8, "is_mountpoint": true, "is_ctldir": false, "attributes": ["MOUNT_ROOT"], "user": null, "group": null, "acl": false}

If you create a user who is a member of the group tester, can it chdir into /mnt/storage_pool/VMWare via shell?

You mean, that I should log in with that new user to the truenas gui instead of admin?

I mean SSH into TrueNAS as admin, su to the user and try to literally cd /mnt/storage_pool/VMWare.

The validation error is raised when the middlewared sets euid to a fake credential that only has the group in question and tries to chdir to the path and on error walks it back until it can succeed.

One other item to consider, what is the output of midclt call filesystem.stat /mnt?

admin@truenas[~]$ midclt call filesystem.stat /mnt
{"realpath": "/mnt", "type": "DIRECTORY", "size": 3, "allocation_size": 512, "mode": 16877, "uid": 0, "gid": 0, "atime": 1731103543.0, "mtime": 1734093831.0, "ctime": 1734093831.0, "btime": 1733229435.0, "mount_id": 34, "dev": 31, "inode": 34, "nlink": 3, "is_mountpoint": true, "is_ctldir": false, "attributes": ["MOUNT_ROOT"], "user": "root", "group": "root", "acl": false}
admin@truenas[~]$