[zfs-code] Permission/ACL issues
On Sunday 21 January 2007 21:17, Mark Shellenbaum wrote: > ftruncate/truncate on Solaris are implemented via the F_FREESP command > in fcntl(2). This ultimately calls VOP_SPACE() which doesn't need to do > any access checks since the file was already opened with the necessary > "write" permission. Hi Mark :) That would explain it. For some reason, I was convinced ftruncate() in userspace would lead to a VOP_SETATTR() in the kernel. That also explains why I wasn't getting DTrace to trace zfs_setattr(), which was starting to get a little frustrating :) Thanks!
[zfs-code] Permission/ACL issues
Hi, I'm having a problem with a simple sanity check performed by 'iozone -a'. Basically, iozone create a file with a permission value of 0 and then it tries to truncate it: 1) fd = open("file", O_WRONLY|O_CREAT, 0) 2) ftruncate(fd, 0) In zfs-fuse, the ftruncate() call ends up calling zfs_setattr() with AT_SIZE set in the attribute mask. The problem is that one of the first things zfs_setattr() does is validate the permissions (by calling zfs_zaccess()), which fails since the file owner doesn't have write permission. What am I doing wrong here? iozone seems to work in Solaris. Thanks.
[zfs-code] Permission/ACL issues
Ricardo Correia wrote: > Hi, > > I'm having a problem with a simple sanity check performed by 'iozone -a'. > > Basically, iozone create a file with a permission value of 0 and then it > tries > to truncate it: > > 1) fd = open("file", O_WRONLY|O_CREAT, 0) > 2) ftruncate(fd, 0) > > In zfs-fuse, the ftruncate() call ends up calling zfs_setattr() with AT_SIZE > set in the attribute mask. > > The problem is that one of the first things zfs_setattr() does is validate > the > permissions (by calling zfs_zaccess()), which fails since the file owner > doesn't have write permission. > > What am I doing wrong here? iozone seems to work in Solaris. ftruncate/truncate on Solaris are implemented via the F_FREESP command in fcntl(2). This ultimately calls VOP_SPACE() which doesn't need to do any access checks since the file was already opened with the necessary "write" permission. http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/syscall/fcntl.c#546 Do any ACL check in this situation is not going to work, unless the user has appropriate privileges to override the permissions on the ACL. -Mark