Re: [zfs-discuss] Migrating to an aclmode-less world
On Tue, 5 Oct 2010, Nicolas Williams wrote: Right. That only happens from NFSv3 clients [that don't instead edit the POSIX Draft ACL translated from the ZFS ACL], from non-Windows NFSv4 clients [that don't instead edit the ACL], and from local applications [that don't instead edit the ZFS ACL]. You mean the vast majority of applications in existance ;)? Other than chmod(1) in Solaris, and nfs4_(get|set)_facl in Linux, can you name off the top of your head *any* other applications that grok ZFS/NFSv4 ACLs (as opposed to blindly chmod'ing stuff and breaking your access control sigh)? (and GUI front ends to chmod/(get_set)_facl don't count :) ). I'm still waiting for the bug in Solaris chgrp that breaks ACLs to get fixed; I reported that last year sometime. And *that's* a core component of the Solaris OS itself; what's the chance of a timely response from a 3rd party vendor whose application doesn't play nicely with ACLs? broken record If only there was some way to keep applications from screwing up your ACLs with inappropriate uses of chmod... /broken record -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | hen...@csupomona.edu California State Polytechnic University | Pomona CA 91768 ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] Migrating to an aclmode-less world
Hi Cindy, That sounds very reassuring. Thanks a lot. Simon -- This message posted from opensolaris.org ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] Migrating to an aclmode-less world
On Mon, Oct 04, 2010 at 04:30:05PM -0600, Cindy Swearingen wrote: Hi Simon, I don't think you will see much difference for these reasons: 1. The CIFS server ignores the aclinherit/aclmode properties. Because CIFS/SMB has no chmod operation :) 2. Your aclinherit=passthrough setting overrides the aclmode property anyway. aclinherit=passthrough-x is a better choice. Also, aclinherit doesn't override aclmode. aclinherit applies on create and aclmode used to apply on chmod. 3. The only difference is that if you use chmod on these files to manually change the permissions, you will lose the ACL values. Right. That only happens from NFSv3 clients [that don't instead edit the POSIX Draft ACL translated from the ZFS ACL], from non-Windows NFSv4 clients [that don't instead edit the ACL], and from local applications [that don't instead edit the ZFS ACL]. Nico -- ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] Migrating to an aclmode-less world
Any ideas anyone? -- This message posted from opensolaris.org ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] Migrating to an aclmode-less world
Hi Simon, I don't think you will see much difference for these reasons: 1. The CIFS server ignores the aclinherit/aclmode properties. 2. Your aclinherit=passthrough setting overrides the aclmode property anyway. 3. The only difference is that if you use chmod on these files to manually change the permissions, you will lose the ACL values. Thanks, Cindy On 09/29/10 13:09, Simon Breden wrote: Currently I'm still using OpenSolaris b134 and I had used the 'aclmode' property on my file systems. However, the aclmode property has been dropped now: http://arc.opensolaris.org/caselog/PSARC/2010/029/20100126_mark.shellenbaum I'm wondering what will happen to the ACLs on these files and directories if I upgrade to a newer Solaris version (OpenIndiana b147 perhaps). I'm sharing the file systems using CIFS. I was using very simple ACLs like below for easy inheritance of ACLs, which worked OK for my needs. # zfs set aclinherit=passthrough tank/home/fred/projects # zfs set aclmode=passthrough tank/home/fred/projects # chmod A=\ owner@:rwxpdDaARWcCos:fd-:allow,\ group@:rwxpdDaARWcCos:fd-:allow,\ everyone@:rwxpdDaARWcCos:fd-:deny \ /tank/home/fred/projects # chown fred:fred /tank/home/fred/projects # zfs set sharesmb=name=projects tank/home/fred/projects Cheers, Simon ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
[zfs-discuss] Migrating to an aclmode-less world
Currently I'm still using OpenSolaris b134 and I had used the 'aclmode' property on my file systems. However, the aclmode property has been dropped now: http://arc.opensolaris.org/caselog/PSARC/2010/029/20100126_mark.shellenbaum I'm wondering what will happen to the ACLs on these files and directories if I upgrade to a newer Solaris version (OpenIndiana b147 perhaps). I'm sharing the file systems using CIFS. I was using very simple ACLs like below for easy inheritance of ACLs, which worked OK for my needs. # zfs set aclinherit=passthrough tank/home/fred/projects # zfs set aclmode=passthrough tank/home/fred/projects # chmod A=\ owner@:rwxpdDaARWcCos:fd-:allow,\ group@:rwxpdDaARWcCos:fd-:allow,\ everyone@:rwxpdDaARWcCos:fd-:deny \ /tank/home/fred/projects # chown fred:fred /tank/home/fred/projects # zfs set sharesmb=name=projects tank/home/fred/projects Cheers, Simon -- This message posted from opensolaris.org ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss