Commit 5d4f7bfda579cecb123cfb1d7130688f1d1c98b7 broke the case where a group owns a file or directory and an ACL entry grants permissions to that group. As this is only possible with IDMAP_TYPE_BOTH and in that case every NFSv4 ACL entry needs to be a group entry, mapping to a user entry is wrong. A related issue with GPFS found in the same test is that the file system does not allow denying ACL or attribute access to the owner. Samba can get around this by not mapping to the "special owner" in this case. Patches to follow this will also include a unit test for the mapping between Security Descriptor and the NFSv4 ACL to avoid further breakage in this area.
Created attachment 15320 [details] patches for 4.11
Created attachment 15321 [details] patches for 4.10
Created attachment 15322 [details] patches for 4.9
Ralph, could you review the backports?
Reassigning for inclusion in 4.9, 4.10 and 4.11.
(In reply to Ralph Böhme from comment #5) Pushed to autobuild-v4-{11,10,9}-test.
(In reply to Karolin Seeger from comment #6) Pushed to all branches. Closing out bug report. Thanks!