[zfs-code] Permission/ACL issues

2007-01-22 Thread Ricardo Correia 
On Sunday 21 January 2007 21:17, Mark Shellenbaum wrote:
> ftruncate/truncate on Solaris are implemented via the F_FREESP command
> in fcntl(2). This ultimately calls VOP_SPACE() which doesn't need to do
> any access checks since the file was already opened with the necessary
> "write" permission.

Hi Mark :)

That would explain it. For some reason, I was convinced ftruncate() in 
userspace would lead to a VOP_SETATTR() in the kernel.

That also explains why I wasn't getting DTrace to trace zfs_setattr(), which 
was starting to get a little frustrating :)

Thanks!

[zfs-code] Permission/ACL issues

2007-01-21 Thread Ricardo Correia 
Hi,

I'm having a problem with a simple sanity check performed by 'iozone -a'.

Basically, iozone create a file with a permission value of 0 and then it tries 
to truncate it:

1) fd = open("file", O_WRONLY|O_CREAT, 0)
2) ftruncate(fd, 0)

In zfs-fuse, the ftruncate() call ends up calling zfs_setattr() with AT_SIZE 
set in the attribute mask.

The problem is that one of the first things zfs_setattr() does is validate the 
permissions (by calling zfs_zaccess()), which fails since the file owner 
doesn't have write permission.

What am I doing wrong here? iozone seems to work in Solaris.

Thanks.

[zfs-code] Permission/ACL issues

2007-01-21 Thread Mark Shellenbaum 
Ricardo Correia wrote:
> Hi,
> 
> I'm having a problem with a simple sanity check performed by 'iozone -a'.
> 
> Basically, iozone create a file with a permission value of 0 and then it 
> tries 
> to truncate it:
> 
> 1) fd = open("file", O_WRONLY|O_CREAT, 0)
> 2) ftruncate(fd, 0)
> 
> In zfs-fuse, the ftruncate() call ends up calling zfs_setattr() with AT_SIZE 
> set in the attribute mask.
> 
> The problem is that one of the first things zfs_setattr() does is validate 
> the 
> permissions (by calling zfs_zaccess()), which fails since the file owner 
> doesn't have write permission.
> 
> What am I doing wrong here? iozone seems to work in Solaris.

ftruncate/truncate on Solaris are implemented via the F_FREESP command 
in fcntl(2). This ultimately calls VOP_SPACE() which doesn't need to do 
any access checks since the file was already opened with the necessary 
"write" permission.

http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/syscall/fcntl.c#546

Do any ACL check in this situation is not going to work, unless the user 
has appropriate privileges to override the permissions on the ACL.

  -Mark