\\ike.unx.csupomona.edu\henson\tmp\test.txt WIN\henson:(special access:)
DELETE
READ_CONTROL
WRITE_DAC
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_DELETE_CHILD
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
I traced this down to the syncronize permission not being set. If I add the
syncronize permission on the zfs side, the windows acl turns into:
\\ike.unx.csupomona.edu\henson\tmp\test.txt WIN\henson:(special access:)
DELETE
READ_CONTROL
WRITE_DAC
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_DELETE_CHILD
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
In addition to "SYNCHRONIZE", "FILE_GENERIC_READ" and "FILE_GENERIC_WRITE"
seem to have materialized. With this ACL, renaming works fine.
I also noticed that whenever an acl is set from the windows side, it also
includes the SYNCHRONIZE permission for all entries. That permission isn't
listed in the GUI, although the command line icacs program allows you to
control it. It seems SYNCHRONIZE more or less should always be on?