Thank you @Frank1940and @JorgeB for your thoughtful comments. I was already on the right path yesterday and found the source of my issue, which was actually exactly what you two had guessed.
Previously, I had set up my UnRaid server to use active directory, though I recently switched off of it due to poor implementation. To my understanding, what that would have added in are more granular ACLs, controlled by the active directory administrator, rather than by UnRaid. After I learned what the "+" meant, and how to check ACLs with getfacl, I found my solution, which you may read below.
---------------------------------------------------------
As mentioned in my initial post, the permissions were set to "-rw-rw----+", with "+" indicating that there is an access control list for the directory. To me, this means that the "users" group could potentially have "---" permissions within this ACL, which, once I checked, there was.
Command used at terminal;
> getfacl New\ folder <-- created "new folder" as "brad" user in windows
Summarized response from terminal;
> "group:users:---" <-- Previous assumption that the ACL was blocking was correct
So, to fix my problem, I need to properly set the ACL. I first tested this within a test share, set to "secure" with all users given read and write perms, as follows.
> cat /etc/group <--- Used to find what the GID is of the "users" group
> users:x:100: <--- GID is "100", which will be used in setfacl
Map test share as "brad" on device. Create folder named "folder" via windows file explorer. Check ACL via terminal on server
> cd /mnt/user/testshare
> getfacl folder
Response below:
---------------------------------------------------------
user::rwx
user:nobody:rwx
user:1590166004:rwx
group::---
group:users:---
mask::rwx
other::---
default:user::rwx
default:user:nobody:rwx
default:user:1590166004:rwx
default:group::---
default:group:users:---
default:mask::rwx
default:other::---
---------------------------------------------------------
Note how there is a user with a bunch of numbers. this is the active directory administrator. I'm simply going to ignore that user for now, as the admin should have perms anyways. The problem currently lies with "group:users:---", disallowing the users group from accessing the folder. Also, "default:group:users:---", which will make this non-access ACL propogate whenever new folders are created. I then changed the default ACLs and the ACL for the folder to allow the "users" group access with the two following commands:
> setfacl -m g:100:rwx folder <--- Sets the users group on the folder to be allowed read, write, and execute
> setfacl -d -m g:100:rwx folder <--- Sets the users group to be allowed by default on this folder, and any content created within the folders.
Now we check the ACL of the folder to see if everything is alright.
> getfacl folder
Response below:
---------------------------------------------------------
user::rwx
user:nobody:rwx
user:1590166004:rwx
group::---
group:users:rwx
mask::rwx
other::---
default:user::rwx
default:user:nobody:rwx
default:user:1590166004:rwx
default:group::---
default:group:users:rwx
default:mask::rwx
default:other::---
---------------------------------------------------------
Everything seems good, so I mapped the test share as user "John" and was able to read and write from the folder that Brad had created, and when I went on my other system previously set up for Brad, he was able to read and write anything John had created. All works well. So, now I just have to recursively write ACL changes to any of the shares experiencing the problem, aka all of them. Before I do that, I want to make sure I know how to do this recursively correctly, so I went into the test share again, and made a new file called "testfolder", and within that, a folder called "recursivefolder", and a file within that called "recursivefolderfile.txt". Then, I went back to my terminal and tried the following commands;
---------------------------------------------------------
>setfacl -d -Rm g:100:rwx testfolder <--- I had previously messed up putting the "R" elsewhere. It must be BEFORE the modifier "m", or it won't work. Not sure why.
>setfacl -Rm g:100:rwx testfolder <--- Must also set the non-default, or the current. This will apply to the files within the folder, as those don't have defaults, they simply inherit them.
>getfacl testfolder <--- All good, as my previous fix above.
>getfacl testfolder/recursivefolder <--- All good, recrusive functionality is working for folders
>getfacl testfolder/recursivefolder/recursivefolderfile.txt <--- All good, recursive functionality worked for files too.
---------------------------------------------------------
Now I recursively set this on my actual use folders, using the setfacl commands "setfacl -d -Rm g:100:rwx [foldername]" and "setfacl -RM g:100:rwx" after cd /mnt/user. This solved my problem.
---------------------------------------------------------
Another potential problem that I realized is that /mnt/user was causing any new shares created to inherit these incorrect ACLs, so I changed that as well. I don't want any non-authenticated users to be able to access data on my unraid server, so other will be set to --- for my setup.
> cd /mnt <-- Places us in the easiest spot to write the next command
> setfacl -d -m g:100:rwx user <-- Fixes the "user" shares area of UnRaid for future use. Essentially will be "Secure" for any shares created.