Just moved from CentOS7 to RL 8.8. We have a central server with NFSv4.0 shares, the extended ACLs work perfectly well via terminal and desktop apps under CentOS7.9. RL 8.8 is very different though, ACLs are respected correctly from the terminal but I’m unable to write to any directory. User authentication is via SSSD bound to an 2012 AD domain.

1. I’ve tried Gnome, KDE and XFCE, all have the same issue with their file managers and desktop apps.
2. I’ve tried switching the users primary group to one of the additional security groups.
3. selinux has been disabled while I tried and get to the bottom of this.

Here’s an example for you:

[simon@ws29test ~/Desktop] $ nfs4_getfacl ‘/mnt/datastore/PROJECTS/test-project/vfx/sandbox/’

file: /mnt/datastore/PROJECTS/test-project/vfx/sandbox/

A:fdg:743201457:rwadxtTnNcy
A:fd:EVERYONE@:tncy
A:fdg:743201458:rwaDdxtTnNcCoy
A:fdg:743201459:rxtncy
A:fdg:743200500:rwaDxtTnNcCoy
A:fdg:GROUP@:tncy

[simon@ws29test ~/Desktop] $ id
uid=743201428(simon) gid=743200513(domain users) groups=743200513(domain users),743201457(sgldn_c),743201517(sgpipelinedev)

As mentioned, access works perfectly from the terminal. Any ideas greatly appreciated as I’m flat out of ideas? Unfortunately I can’t go to 9 as certain software I depend on is tied to RL 8 at the moment.

just an idea here and can only comment on KDE as i just simply dont use any other desktop, but kde uses /usr/libexec/kf5/kioslave5 for Dolphin access to any shares, sometimes bypassing underlying shares.
try using a different file manager under kde for example thunar file manager and see if you get the same results.
I know you have tried alternative file managers under different desktops, so this may just be another repeat of what you have already tried.
but googling about seems to suggest kioslaves does not support xattribs
regards peter