About the getfacl command

QnapUser20250328 · March 28, 2025, 3:03am

Hello everyone, thank you for your support. When I asked QNAP support, they replied that commands via SSH are not covered by their support and advised me to ask the community, so I am posting my question here.

On QTS 5.1.7.2770, I have created multiple shared folders, and for each shared folder, I have assigned access permissions both by user group and by individual user. Permissions are set only at the top-level shared folder, and no settings are configured for subfolders or files below. I would like to regularly record who has access permissions. Although permissions can be viewed on the QTS web interface, I don’t think it’s possible to download all of them at once as text, so instead of using the web interface, I logged into QTS via SSH on Linux and tried to display the access permissions of the shared folders using the getfacl command. However, even though I only want the permissions for the top-level shared folder, the command displays permissions recursively all the way down to the files at the lowest level. Here is an example of the command execution:

[administrator@VDRIVE-3G-BK share]$ getfacl /share/ZZ_UPLOAD_TEST

The result is as follows:
getfacl: Removing leading ‘/’ from absolute path names

file: share/ZZ_UPLOAD_TEST

owner: admin

group: administrators

user::rwx
user:admin:rwx
user:administrator:rwx
user:admin-h:rwx
user:admin-b:rwx
user:admin-m:rwx
user:admin-f:rwx
user:guest:—
group::rwx
group:administrators:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:admin:rwx
default:user:administrator:rwx
default:user:admin-h:rwx
default:user:admin-b:rwx
default:user:admin-m:rwx
default:user:admin-f:rwx
default:user:guest:—
default:group::rwx
default:group:administrators:rwx
default:mask::rwx
default:other::rwx

(omitted)

file: share/ZZ_UPLOAD_TEST/xx_Quotation 0908B_uplad_test_xx.pdf

owner: admin-b

group: everyone

user::rwx
user:admin:rwx
user:administrator:rwx
user:admin-h:rwx
user:admin-b:rwx
user:admin-m:rwx
user:admin-f:rwx
user:guest:—
group::rwx
group:administrators:rwx
mask::rwx
other::rwx

As shown above, the results are displayed recursively, and permissions for files at the lowest level are also shown. What arguments should I specify to display only the access permissions for the specified shared folder? Or is there another command I should use? I searched online and with Copilot, but couldn’t find an answer. If anyone knows, I would appreciate your response. Also, please note that some text in my question appears larger than intended; this was not intentional and happened automatically when I posted.

Harinezumi · March 28, 2025, 5:14am

@QnapUser20250328

Thank you for your question.

You’re asking about the behavior of getfacl in the QTS environment, correct?
I tried it on my end, and it seems that the behavior changes depending on whether you add a “/” at the end of the folder name.

When you do NOT add a “/” at the end of the folder name

# getfacl -p  /share/Public
# file: /share/Public
# owner: admin
# group: administrators
user::rwx
user:admin:rwx
user:qnapadmin:r-x
user:guest:rwx
group::rwx
group:administrators:rwx
group:everyone:r-x
mask::rwx
other::rwx
default:user::rwx
default:user:admin:rwx
default:user:qnapadmin:r-x
default:user:guest:rwx
default:group::---
default:group:administrators:rwx
default:group:everyone:r-x
default:mask::rwx
default:other::rwx

# file: /share/Public/.streams
# owner: admin
# group: administrators
user::rwx
user:admin:rwx
user:qnapadmin:r-x
user:guest:rwx
group::rwx
group:administrators:rwx
group:everyone:r-x
mask::rwx
other::rwx
default:user::rwx
default:user:admin:rwx
default:user:qnapadmin:r-x
default:user:guest:rwx
default:group::---
default:group:administrators:rwx
default:group:everyone:r-x
default:mask::rwx
default:other::rwx

# file: /share/Public/RtspTestSrv_0.1_x86_64_20230530.qpkg
# owner: qnapuser
# group: everyone
....
default:group:everyone:r-x
default:mask::rwx
default:other::rwx

When you DO add a “/” at the end of the folder name

# getfacl -p  /share/Public/
# file: /share/Public/
# owner: admin
# group: administrators
user::rwx
user:admin:rwx
user:qnapadmin:r-x
user:guest:rwx
group::rwx
group:administrators:rwx
group:everyone:r-x
mask::rwx
other::rwx
default:user::rwx
default:user:admin:rwx
default:user:qnapadmin:r-x
default:user:guest:rwx
default:group::---
default:group:administrators:rwx
default:group:everyone:r-x
default:mask::rwx
default:other::rwx

Please check on your end as well.

Since the behavior was different between QuTS Hero and QTS, I thought it might be due to differences in the “env” environment variable, but there didn’t seem to be any differences in the environment variables, so it might be due to differences in the EXT4 vs ZFS file systems. (I haven’t investigated further, so I’m not sure…)

I hope this is helpful.

QnapUser20250328 · March 28, 2025, 6:07am

Harinezumi, as you mentioned, by adding a / at the end of the directory, only the access permissions for that directory are displayed. I was thinking of redirecting and using head -n 100 to show just the first 100 lines, but it turns out that’s no longer necessary. Thank you very much!

Harinezumi · March 28, 2025, 6:24am

@QnapUser20250328

I’m glad to hear that your issue has been resolved!

If you have any further questions, please feel free to consult the community!