Re: [zfs-discuss] Can someone explain this acl behavior?

Sun, 07 Jan 2007 12:41:19 -0800 

Eric Hill wrote:

Here's a little test.  I add an allow ACL to a new directory that should 
propogate to sub-folders and files.  When I create a new file, the file 
inherits the ACL, but also gets a deny ACL in front of the allowed ACL.  What's 
going on here?
The deny is inserted to maintain POSIX semantics. This behavior can be changed via the "aclmode" property. The default property value of "groupmask" reduces the effective permissions of user/group entries to be no greater than the permissions of the owning group. If you set the aclmode mode property to passthrough, then the deny entries won't be inserted. This is discussed in the zfs(1m). Look at the description for aclmode. There is a companion property aclinherit which controls inheritance behavior. 

  -Mark


vault:/pool/home/wcerich/sample#ls -al
total 12
drwxr-xr-x   2 root     root           2 Jan  7 13:07 .
drwx------   5 wcerich  sys           11 Jan  7 13:07 ..
vault:/pool/home/wcerich/sample#mkdir dir
vault:/pool/home/wcerich/sample#chmod A+group:sys:rwxpaD:df:allow dir
vault:/pool/home/wcerich/sample#ls -dV dir
drwxr-xr-x+  2 root     root           2 Jan  7 13:08 dir
         group:sys:rwxp-Da-------:fd----:allow
            owner@:--------------:------:deny
            owner@:rwxp---A-W-Co-:------:allow
            group@:-w-p----------:------:deny
            group@:r-x-----------:------:allow
         everyone@:-w-p---A-W-Co-:------:deny
         everyone@:r-x---a-R-c--s:------:allow
vault:/pool/home/wcerich/sample#touch dir/somefile
vault:/pool/home/wcerich/sample#ls -lV dir/somefile
-rw-r--r--+  1 root     root           0 Jan  7 13:09 dir/somefile
         group:sys:-wxp----------:------:deny
         group:sys:rwxp-Da-------:------:allow
            owner@:--x-----------:------:deny
            owner@:rw-p---A-W-Co-:------:allow
            group@:-wxp----------:------:deny
            group@:r-------------:------:allow
         everyone@:-wxp---A-W-Co-:------:deny
         everyone@:r-----a-R-c--s:------:allow
vault:/pool/home/wcerich/sample#
This message posted from opensolaris.org 
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss


_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Reply via email to