Hi,
S10U3: It seems, that ufs POSIX-ACLs are not properly translated to zfs
ACL4 entries, when one xfers a directory tree from UFS to ZFS.
Test case:
Assuming one has an user A and B, both belonging to group G and having
their
umask set to 022:
1) On UFS
- as user A do:
mkdir /dir
chmod 0775 /dir
setfacl -m d:u::rwx,d:g::rwx,d:o:r-x,d:m:rwx /dir
# samba would say: force create mask = 0664; directory mode = 0775
- as user B do:
cd /dir
touch x
ls -alv
- as user A do:
cd /dir
echo "bla" >x
- results in:
drwxrwxr-x+ 3 A G 512 Mar 22 01:20 .
0:user::rwx
1:group::rwx #effective:rwx
2:mask:rwx
3:other:r-x
4:default:user::rwx
5:default:group::rwx
6:default:mask:rwx
7:default:other:r-x
...
-rw-rw-r-- 1 B G 4 Mar 22 01:22 x
0:user::rw-
1:group::rw- #effective:rw-
2:mask:rw-
3:other:r--
2) On zfs
- e.g. as root do:
cp -P -r -p /dir /pool1/zfsdir
# cp: Insufficient memory to save acl entry
cp -r -p /dir /pool1/zfsdir
# cp: Insufficient memory to save acl entry
find dir | cpio -puvmdP /pool1/docs/
- as user B do:
cd /pool1/zfsdir/dir
touch y
- as user A do:
cd /pool1/zfsdir/dir
echo "bla" >y
# y: Permission denied.
- result:
drwxrwxr-x+ 2 A G 4 Mar 22 01:36 .
owner@:--------------:fdi---:deny
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:fdi---:allow
owner@:-------A-W-Co-:------:allow
group@:--------------:fdi---:deny
group@:--------------:------:deny
group@:rwxp---A-W-Co-:fdi---:allow
group@:-------A-W-Co-:------:allow
everyone@:-w-p---A-W-Co-:fdi---:deny
everyone@:-------A-W-Co-:------:deny
everyone@:r-x---a-R-c--s:fdi---:allow
everyone@:------a-R-c--s:------:allow
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:------:allow
group@:--------------:------:deny
group@:rwxp----------:------:allow
everyone@:-w-p---A-W-Co-:------:deny
everyone@:r-x---a-R-c--s:------:allow
...
-rw-r--r--+ 1 B G 0 Mar 22 01:36 y
owner@:--------------:------:deny
owner@:-------A-W-Co-:------:allow
group@:--------------:------:deny
group@:-------A-W-Co-:------:allow
everyone@:-------A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
owner@:--x-----------:------:deny
owner@:rw-p---A-W-Co-:------:allow
group@:-wxp----------:------:deny
So, has anybody a clue, how one is able to migrate directories from
ufs to zfs without loosing functionality?
I've read, that it is always possible to translate POSIX_ACLs to ACL4,
but it doesn't seem to work. So I've a big migration problem ... :(((
Also I haven't found anything, which explain, how ACL4 really works on
Solaris, i.e. how the rules are applied. Yes, in order and only "who"
matches. But what means '"who" matches', what purpose have the
'owner@:--------------:------:deny' entries, what takes precendence
(allow | deny | first match | last match), also I remember, that
sometimes I heard, that if allow once matched, everything else is
ignored - but than I' askling, why the order of the ACLEs are important.
Last but not least, what purpose have the standard perms e.g. 0644 -
completely ignored if ACLEs are present ? Or used as fallback, if no
ACLE matches or ACLE match, but have not set anywhere e.g. the r bit ?
Any hints?
Regards,
jel.
--
Otto-von-Guericke University http://www.cs.uni-magdeburg.de/
Department of Computer Science Geb. 29 R 027, Universitaetsplatz 2
39106 Magdeburg, Germany Tel: +49 391 67 12768
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
