Due to a bug in the NFSv4 ACL handling, a chown is always attempted, even when the owner is not requested to be changed. After the chown call, the ACL is set as root in the file system, potentially circumventing additional restrictions the file system might put in place for setting an ACL.
This bug was referenced in samba master: a6ccceb97ebd43d453ae4f835927cbacde0fdcef
Created attachment 17418 [details] patch for 4.16
Created attachment 17419 [details] patch for 4.15
Pushed to autobuild-v4-{16,15}-test.
This bug was referenced in samba v4-16-test: 52ac4ce23268cd0975da55adb090248096b1cfc5
This bug was referenced in samba v4-15-test: 206c4f0094e11239903bf183ebd817443608a235
Closing out bug report. Thanks!
This bug was referenced in samba v4-16-stable (Release samba-4.16.3): 52ac4ce23268cd0975da55adb090248096b1cfc5
This bug was referenced in samba v4-15-stable (Release samba-4.15.10): 206c4f0094e11239903bf183ebd817443608a235