ACL Tips and FAQs
You cannot view or modify Access Control Lists (ACLs) that have been enabled for an SMB share from a macOS client, even when using Finder or the
chmod / ls command from the client.
The StorNext 5.4.x release did not correctly support ACLs. A binary patch was released to address the issue. See the StorNext 18.104.22.168 Release Notes.
Yes. When an ACL is set, it takes precedence over the POSIX FX permissions.
If a folder has the
777 POSIX FX permission set for it in the StorNext file system and an ACL configured for
readonly, the NAS controller uses the
readonly permission and ignores the
If you remove the ACL, then the NAS controller will use the POSIX FX permissions again.
The StorNext NAS default range for group IDs (GIDs) is 10,000 to 50,000. If you are using Apple Open Directory (OD) as your authentication service, the OD GIDs may be set outside of the StorNext NAS GID range.
To resolve the issue, your system administrator needs to adjust the StorNext NAS GID range to accommodate the OD GID range.
- Log in to the console command line as the StorNext admin user. See Access the Console Command Line.
- At the prompt, enter the following command to reset the low end of the GID range:
reg set cifs.idmap.tdb_range_low <number>
- At the prompt, enter the following command to reset the high end of the GID range:
reg set cifs.idmap.tdb_range_high <number>
> reg set cifs.idmap.tdb_range_low 500
> reg set cifs.idmap.tdb_range_high 60000
If you enable either of the following SMB options to a share, the ACL permissions applied to the share may not work:
To resolve the issue, remove these options from the SMB share.
You can disable SID mapping if you no longer want to use ACLs with your OpenLDAP server. However, when you disable SID mapping under these circumstances, ACLs that have already been applied to folders and subfolders will remain, and in most cases, will be enforced.