Marking files as Read-Only or Immutable in ZFS. (QNAP)

I have been playing around with my QNAP with ZFS file system and have not been able to set individual file attributes.

I had built a NAS running Xubuntu using Ext4 on RAID6 and accessed via NFS. One of the things I do is any file that I don’t want changed I mark as “read-only” or “immutable”. This stops me from accidentally altering a file or deleting it.

It seems that ZFS doesn’t support these features. I have only been able to set full folders as “read-only” (not individual files) and “immutable” doesn’t seem to be an option at all. Have been attempting this on Xubuntu with ZFS, TrueNAS Scale and QNAP running QuTS Hero.

Is setting “read-only” and “immutable” attributes doable in ZFS?

Thanks.

ZFS supports all the standard Unix permission (rwx) and also ACLs. And that also works just fine over NFS.

ZFS is 20 years old, if it didn’t do this it wouldn’t have made it this far.

If it’s not working for your that sounds more like an issue with QNAP or the way you’re changing the permissions.

edit:

  pwd
/mnt/tank/media/test
  mount | grep "/mnt/tank/media"
athenas.local:/mnt/tank/media on /mnt/tank/media type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=192.168.0.157,mountvers=3,mountport=55973,mountproto=udp,local_lock=none,addr=192.168.0.157,_netdev)
  touch test
  ls -l
total 1
-rw-rw-r--+ 1 3000 3001 0 Sep  3 02:09 test
  chmod 444 test
  ls -l
total 1
-r--r--r--+ 1 3000 3001 0 Sep  3 02:09 test
  touch test
touch: cannot touch 'test': Permission denied

Hi mihawk90,
Thanks for the reply.

When I recreate the example you posted, most everything follows suite until the last “touch” command which still updates the file. The file attributes are marked “-r–r–r–+” but it can still be edited.

The “mount” results look very similar to your example except for path and IP address and the fact I do not have “_netdev” at the end of mine. (I think “_netdev” just has to do with when the mount occurs, correct?)

Maybe my issue has nothing to do with ZFS and is a problem on my client machine, but I’m thinking not. I have the same results with every ZFS server I have tried (QNAP, TrueNAS Scale and Xubuntu with ZFS). Using a Xubuntu server running RAID6 with Ext4, file attributes work as expected.

The + indicates extended permissions (i.e. ACLs).

You can check them using getfacl <file> and check what it spits out.

More or less, it just makes sure it has network access before attempting the mount.

This NFS mount is located on a TrueNAS Scale NAS, so it’s not the NAS.

Even though I set files as read-only from my desktop client, I can edit and delete files from my desktop client over NFS. However, I cannot delete or edit files directly on the QNAP NAS. I believe you are correct that this has got to be a ACL problem.

1 Like