On 07/14/11 03:43, Chris Ridd wrote:
On 13 Jul 2011, at 20:55, Jordan Brown wrote:
They certainly aren't fake. I agree that something looks wrong in the
handling of d and D. I've passed that on to the ZFS team.
If it makes a difference, my pool is at version 22 and I'm using
OpenIndiana build 147. The odd behaviour with d and D may have been
fixed internally since the public onnv gate stopped getting updates.
It turns out that there's an interaction with the "w" bit on the directory;
if neither d nor D is specified in the ACL then the "w" bit controls. You
have to use a Deny entry if you want to block delete but allow create.
This is as specified in the NFSv4 RFC (which is where ZFS ACLs come from):
http://tools.ietf.org/html/rfc5661#section-6.2.1.3.2
Personally, I think that it's a mistake and the RFC ought to be changed,
but right now it's working as intended in that particular case.
It does look like d (delete permission on the file itself) is broken in
that even a Deny entry isn't effective. I'm talking to the ZFS team about it.
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
