On 2/17/2013 8:52 AM, Richard PALO wrote:
Anybody have similar problems as the following
(https://www.illumos.org/issues/3571)?
cp chmod's the directory when it copies it:
$ mkdir testdir
$ chmod A=everyone@:rwxpdDaARWcCos:fd:allow testdir
$ mkdir testdir/two
$ truss cp -r testdir/two testdir/three 2>/tmp/truss.out
$ ls -Vd testdir/two testdir/three
drwxrwsrwx+ 2 henson csupomona 2 Feb 19 13:11 testdir/three
everyone@:rwxpdDaARWcCos:fdi---:allow
owner@:rwxp-DaARWcCos:------:allow
group@:rwxp-DaARWc--s:------:allow
everyone@:rwxp-DaARWc--s:------:allow
drwxrwsrwx+ 2 henson csupomona 2 Feb 19 12:56 testdir/two
everyone@:rwxpdDaARWcCos:fd----:allow
$ grep chmod /tmp/truss.out
chmod("testdir/three", 02777) = 0
chmod("testdir/three", 02777) = 0
chmod breaks the ACL. If you do "cp -rp", it still chmod's it, but
then restores the original ACL:
$ truss cp -rp testdir/two testdir/three 2>/tmp/truss2.out
$ ls -Vd testdir/three
drwxrwsrwx+ 2 henson csupomona 2 Feb 19 12:56 testdir/three
everyone@:rwxpdDaARWcCos:fd----:allow
$ egrep 'chmod|acl' /tmp/truss2.out
acl("testdir/two", ACE_GETACLCNT, 0, 0x00000000) = 1
acl("testdir/two", ACE_GETACL, 1, 0x08067100) = 1
chmod("testdir/three", 02777) = 0
chmod("testdir/three", 042777) = 0
acl("testdir/three", ACE_SETACL, 1, 0x08067118) = 0
I don't use nautilus or explorer, but I assume they do the same thing.
There's nothing wrong with zfs or the inherited ACL's, it's just
userland commands doing stupid stuff (or at least out of date stuff
that's really no longer a good thing to do in a world of ACL's).
You can see the calls to chmod in lib/libcmd/common/cp.c in the source
code. The code is a little, well, let's just call it convoluted, so I
didn't take the time to try to understand why it is calling chmod or see
if there was an easy way to make it not. You could open a new issue such
as "cp shouldn't call chmod" or "cp should be ACL-aware", I might take a
look at it someday if I have the time. That still wouldn't fix nautilus
or explorer though.
If you have a recent enough illumos, you could try setting
aclmode=restricted, which will prevent chmod from breaking the ACL, at
the cost of chmod returning an error code, which may or may not work out
for you. Someday I'm going to try to push through aclmode=ignore, which
will also prevent chmod from breaking an ACL, but just turn it into an
ignored no-op rather than returning an error, which might be useful in
this situation.
-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription:
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com
