Setting default NFSv4 ACLs on FreeBSD
On FreeBSD with ZFS, only NFSv4 ACLs are supported. At the time of this writing, the FreeBSD documentation regarding ACLs is a bit vague. Specifically, it doesn’t talk about inheritable attributes.
-d argument, used to define default POSIX ACLs is not supported. Instead, there are some flags one can set in order to define how ACLs are inherited. For an explanation, look in the manual for
setfacl, section ACL inheritance flags.
Let’s say you want all the files and directories inside
somedir to be readable by the users in the group
somegroup. You would do the following:
somedir to be readable and executable by
somegroup and those properties will be inherited by all new files (the
f flag) and directories (
Note, however, that this only applies to newly created files. In the FreeBSD implementation of
setfacl there is no recursive option. One way of applying the changes to the subtree is:
The first line sets the previous ACLs on all the subdirectories, while the second sets the ACL on all the files.
In order for this to work, some ZFS attributes must be set:
See here for the ZFS properties documentation.