I've got a real brain teaser here. . .
Current Proxmox 9.0.11.
This host originally came from a bare metal samba setup with native ZFS/Samba. Since then, it has been virtualized to run within Proxmox and the zfs data pool was imported into the Proxmox Host. All seemed to be fine until I tried to modify ACL file permissions through a Windows host. "Failed to Enumerate Objects in the Container Permission Denied"
##Creation of a new folder works, but throws an error in smb logs:
[2025/10/13 17:14:32.496792, 1] ../../source3/smbd/open.c:4406(apply_new_nt_acl)
apply_new_nt_acl: inherit_new_acl failed for .::TMPNAME
:22302%2787496803312336710:New folder with NT_STATUS_ACCESS_DENIED
Getfacl and setfacl work both within the Proxmox host and the Samba host. I can even sudo to a user and setfacl in user context. ACL permissions appear correct in both Linux and through Samba security; however, NO ACLs can be modified through the Windows security tab:
To ensure no permissions issues, the user who is going to alter permissions is given ownership with full 777. Still can make NO modifications to the ACL
##Data file directories on the original ZFS pool are set up with direct-io=1,expose-acl=1 virtiofs is mounted within the virtualized host.
##zfs settings are:
aclmode passthrough
aclinherit passthrough
acltype posix
xattr on
##smb.conf :
vfs objects = acl_xattr aio_pthread
acl group control = yes
acl map full control = yes
inherit acls = yes
inherit owner = yes
map acl inherit = yes
store dos attributes = Yes
Here's the reason I'm looking at the virtiofs as a potential issue. I can, using a different OS drive boot, in bare metal, boot that same virtualized Samba server, import the ZFS pool and Samba ACL's modification works!
I recognize that converting all those shares to zvols to that host would be 'straightforward'. There are a number of complicating factors, and as I understand virtioFS, this is a great case for this use if the ACL's would work.
Current Proxmox 9.0.11.
This host originally came from a bare metal samba setup with native ZFS/Samba. Since then, it has been virtualized to run within Proxmox and the zfs data pool was imported into the Proxmox Host. All seemed to be fine until I tried to modify ACL file permissions through a Windows host. "Failed to Enumerate Objects in the Container Permission Denied"
##Creation of a new folder works, but throws an error in smb logs:
[2025/10/13 17:14:32.496792, 1] ../../source3/smbd/open.c:4406(apply_new_nt_acl)
apply_new_nt_acl: inherit_new_acl failed for .::TMPNAME
:22302%2787496803312336710:New folder with NT_STATUS_ACCESS_DENIEDGetfacl and setfacl work both within the Proxmox host and the Samba host. I can even sudo to a user and setfacl in user context. ACL permissions appear correct in both Linux and through Samba security; however, NO ACLs can be modified through the Windows security tab:
To ensure no permissions issues, the user who is going to alter permissions is given ownership with full 777. Still can make NO modifications to the ACL
##Data file directories on the original ZFS pool are set up with direct-io=1,expose-acl=1 virtiofs is mounted within the virtualized host.
##zfs settings are:
aclmode passthrough
aclinherit passthrough
acltype posix
xattr on
##smb.conf :
vfs objects = acl_xattr aio_pthread
acl group control = yes
acl map full control = yes
inherit acls = yes
inherit owner = yes
map acl inherit = yes
store dos attributes = Yes
Here's the reason I'm looking at the virtiofs as a potential issue. I can, using a different OS drive boot, in bare metal, boot that same virtualized Samba server, import the ZFS pool and Samba ACL's modification works!
I recognize that converting all those shares to zvols to that host would be 'straightforward'. There are a number of complicating factors, and as I understand virtioFS, this is a great case for this use if the ACL's would work.