# New install -- write-permissions not working / being updated with setfacl



## Wannabe_Seasteader (Oct 3, 2021)

Hi, I'm a BSD newbie and have been trying to tinker around with a few-month-old FreeBSD 13.0 release.  The system is setup with zfs and all of the mount points (except /dev and /boot/efi) have nfsv4acls active.

I don't seem to have write or file-creation privilege in my home directory.  For instance:
`$ touch yo`
`$ mkdir somedir`
and 
	
	



```
$ cat > writesomething << "EOF"
? blah to the writesomething file
? "EOF"
```
all return `Operation not permitted.`

The output of `getfacl /home/<username>` is:

```
# file: /home/<username>
# owner: <username>
# group: <username>
      owner@rwxp--aARWcCos:-------:allow
      group@r-x---a-R-c--s:-------:allow
everyone@r-x---a-R-c--s:-------:allow
```
From the setfacl manpage I've been trying permutations of:
`setfacl -a 0 owner@rwxpDdaARWcCos:fd----I:allow /home/<username>`
and
`setfacl -a 0 group@rwxpDdaARWcCos:fd----I:allow /home/<username>`

But both the user and even root account are getting `Operation not permitted.` errors when attempting the setfacl command.

Is there something that I ineptly misconfigured at some stage of the install?  I've been using the -a option for setfacl because the manpage recommends to use it instead of -m and -d for NFSv4 ACLs.
I've been using these forum posts as guidelines but haven't found a solution yet:








						ZFS - trouble with ACLs (setfacl)
					

Hello,  I'm trying to give a user (splunk) read access to everything inside /var/log. I've set some ACLs but it's not enough:  # getfacl /var/log # file: /var/log # owner: root # group: wheel       group:splunk:r-----a-R-c---:fd-----:allow             owner@:rwxp--aARWcCos:-------:allow...




					forums.freebsd.org
				











						NFSv4 ACL's not being respected by BSD
					

I have posted this as part of the thread found at http://forums.freebsd.org/showthread.php?p=227701#post227701  also.  I am using a FreeBSD (9.0 - or possibly 9.1) system derived from the ZFSguru distribution. I have a ZFS (pool v15 fs v4) pool set up.  aclinherit and aclmode are both set to...




					forums.freebsd.org
				




I want to figure out how to get write / file-creation permission and extend it to subdirectories that my user account should be able to access.  Thanks in advance for any help.  (I think I stumbled into this problem a few months ago, got sort of discouraged and went back to linux-related stuff -- but I'd like to get past this stumbling at this point.)


----------



## T-Daemon (Oct 3, 2021)

I can't reproduce the error. Do you have maybe restricted write and operation permissions experimenting with ACL's?

Testing on a default Root-on-ZFS 13.0-RELEASE installation, user write permission in users home directory is allowed, setfacl(1) operations as root and user is permitted ( when executing commands: # = root, % = user ):

To inherit ACL's for files and directories in users home's on ZFS:

```
# zfs set aclinherit=passthrough zroot/usr/home
```
Default is "restricted", see zfsprops(8).

Use `setfacl -m`, using `-a` produces double ACL's.

```
% setfacl -m owner@:full_set:fdI:allow /usr/home/<user>
% setfacl -m group@:full_set:fdI:allow /usr/home/<user>

% getfacl /usr/home/<user>
# file: /usr/home/<user>
# owner: <user>
# group: <user>
                      owner@:rwxpDdaARWcCos:fd----I:allow
                      group@:rwxpDdaARWcCos:fd----I:allow
                  everyone@:r-x---a-R-c--s:-------:allow

% touch file0
% getfacl file0
# file:  file0
# owner: <user>
# group: <user>
                      owner@:rwxpDdaARWcCos:fd----I:allow
                      group@:rwxpDdaARWcCos:fd----I:allow

% mkdir dir0
% getfacl dir0
# file: dir0
# owner: <user>
# group: <user>
                      owner@:rwxpDdaARWcCos:fd----I:allow
                      group@:rwxpDdaARWcCos:fd----I:allow
```


----------



## T-Daemon (Oct 3, 2021)

> T-Daemon
> Do you have maybe restricted write and operation permissions experimenting with ACL's?





> Wannabe_Seasteader
> New install -- write-permissions not working */ being updated* with setfacl


I didn't took account the threads subject, sorry. If you don't know what ACL's you have modified on the root directory ( / ), I suggest to install the system fresh. It would be easier and faster than finding and reverting them.

After a fresh install apply instructions from post #2.


----------



## Wannabe_Seasteader (Oct 3, 2021)

T-Daemon said:


> I didn't took account the threads subject, sorry. If you don't know what ACL's you have modified on the root directory ( / ), I suggest to install the system fresh. It would be easier and faster than finding and reverting them.
> 
> After a fresh install apply instructions from post #2.


I think I'll give a fresh install a go... I had a `acl_set_file() failed: Operation not permitted` message when I attempted the setfacl one-liner after entering the suggested zfs command as root.  It's likely I misconfigured things at install or shortly afterward.  Thanks.


----------

