OpenZFS on OS X

Hi all,

I've been using v1.9.4 on Catalina for quite some time but had to do a fresh install and upgrade to Monterey / 2.1.0.

I've noticed that I can't add any users to a ZFS dataset or its subfolder. I've created a new "sharing-only" user to use while sharing a couple of folders via smb with read-only permissions. I can add that user to a folder created on an APFS drive without a problem. But I can't add to a folder that is on a ZFS dataset. Even if the dataset has com.apple.mimic=hfs flag. Adding user via System Preferences -> Sharing panel doesn't work either.

I was able to do this on 1.9.4 and Catalina. Is there any way I can add users to "Sharing & Permissions" panel for smb sharing on Moneterey / 2.1.0 too?

Thanks in advance

I noticed that alongside the com.apple.mimic property there are also

Code: Select all

aclinherit
acltype
aclmode
com.apple.devdisk


properties.

Code: Select all

NAME                      COM.APPLE.MIMIC_HFS  COM.APPLE.DEVDISK  ACLINHERIT     ACLTYPE   ACLMODE
tank/NetworkShare         hfs                  on                 restricted     nfsv4     discard

I've tried with aclmode "passthrough" and "restricted" but maybe I have to use a different combination?

I don't know for sure that this 2017 post from lundman is still the current state of affairs, but I'm pretty certain it is:

https://openzfsonosx.org/forum/viewtopic.php?f=11&t=3047&p=8150&hilit=acl#p8148

It's unusual to actually use ACLs, but ZFS had full ACL capability, what IS missing however is the UI integration of them. So you can not use, say, Finder, to change ACLs. You have to pop open terminal, and use chmod like all the elite hackers.

I just started a new topic after searching for recent posts on ACL, not realizing someone just posted about this yesterday.

To my understanding, using GUI might not be reliable due to how ACL is handled behind the scenes (potentially out of sync with calculated effective permissions), but should generally work equally well as using chmod. With my testing, however, neither approach had any effect with 2.1.0.

I'd say it's a bug and not by design based on OP's experience.

FadingIntoBlue wrote:I don't know for sure that this 2017 post from lundman is still the current state of affairs, but I'm pretty certain it is:

https://openzfsonosx.org/forum/viewtopic.php?f=11&t=3047&p=8150&hilit=acl#p8148

It's unusual to actually use ACLs, but ZFS had full ACL capability, what IS missing however is the UI integration of them. So you can not use, say, Finder, to change ACLs. You have to pop open terminal, and use chmod like all the elite hackers.

Thank you very much for mentioning this. I've tried several things, please see below.

CL_Jeremy wrote:I just started a new topic after searching for recent posts on ACL, not realizing someone just posted about this yesterday.

To my understanding, using GUI might not be reliable due to how ACL is handled behind the scenes (potentially out of sync with calculated effective permissions), but should generally work equally well as using chmod. With my testing, however, neither approach had any effect with 2.1.0.

I'd say it's a bug and not by design based on OP's experience.

Guess it is a good thing that I'm not alone on this. I've read your post and my experience is the same.

1) I've created a folder on my desktop and setting permissions via Finder gui then tried to copy it to my dataset using rsync -ar. The folder got copied with correct chown and chmod settings but that extra acl permission didn't get copied.

2) I've tried setting the acl with this command:

Code: Select all

sudo chmod +a "media-user allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity" "/Volumes/tank/Media/test"

It returns without error but Finder and ls -le doesn't show alc for "media-user"

I don't exactly remember how I did it but on Catalina and v1.9.4 I was able to set acls before. Same dataset/folder setup was working before I had to upgrade. So, as you have said in your post, maybe this a regression in the 2.x.x branch?

Any help on clarifying this would be much appreciated.