Hi, S10U3: It seems, that ufs POSIX-ACLs are not properly translated to zfs ACL4 entries, when one xfers a directory tree from UFS to ZFS.
Test case: Assuming one has an user A and B, both belonging to group G and having their umask set to 022: 1) On UFS - as user A do: mkdir /dir chmod 0775 /dir setfacl -m d:u::rwx,d:g::rwx,d:o:r-x,d:m:rwx /dir # samba would say: force create mask = 0664; directory mode = 0775 - as user B do: cd /dir touch x ls -alv - as user A do: cd /dir echo "bla" >x - results in: drwxrwxr-x+ 3 A G 512 Mar 22 01:20 . 0:user::rwx 1:group::rwx #effective:rwx 2:mask:rwx 3:other:r-x 4:default:user::rwx 5:default:group::rwx 6:default:mask:rwx 7:default:other:r-x ... -rw-rw-r-- 1 B G 4 Mar 22 01:22 x 0:user::rw- 1:group::rw- #effective:rw- 2:mask:rw- 3:other:r-- 2) On zfs - e.g. as root do: cp -P -r -p /dir /pool1/zfsdir # cp: Insufficient memory to save acl entry cp -r -p /dir /pool1/zfsdir # cp: Insufficient memory to save acl entry find dir | cpio -puvmdP /pool1/docs/ - as user B do: cd /pool1/zfsdir/dir touch y - as user A do: cd /pool1/zfsdir/dir echo "bla" >y # y: Permission denied. - result: drwxrwxr-x+ 2 A G 4 Mar 22 01:36 . owner@:--------------:fdi---:deny owner@:--------------:------:deny owner@:rwxp---A-W-Co-:fdi---:allow owner@:-------A-W-Co-:------:allow group@:--------------:fdi---:deny group@:--------------:------:deny group@:rwxp---A-W-Co-:fdi---:allow group@:-------A-W-Co-:------:allow everyone@:-w-p---A-W-Co-:fdi---:deny everyone@:-------A-W-Co-:------:deny everyone@:r-x---a-R-c--s:fdi---:allow everyone@:------a-R-c--s:------:allow owner@:--------------:------:deny owner@:rwxp---A-W-Co-:------:allow group@:--------------:------:deny group@:rwxp----------:------:allow everyone@:-w-p---A-W-Co-:------:deny everyone@:r-x---a-R-c--s:------:allow ... -rw-r--r--+ 1 B G 0 Mar 22 01:36 y owner@:--------------:------:deny owner@:-------A-W-Co-:------:allow group@:--------------:------:deny group@:-------A-W-Co-:------:allow everyone@:-------A-W-Co-:------:deny everyone@:------a-R-c--s:------:allow owner@:--x-----------:------:deny owner@:rw-p---A-W-Co-:------:allow group@:-wxp----------:------:deny So, has anybody a clue, how one is able to migrate directories from ufs to zfs without loosing functionality? I've read, that it is always possible to translate POSIX_ACLs to ACL4, but it doesn't seem to work. So I've a big migration problem ... :((( Also I haven't found anything, which explain, how ACL4 really works on Solaris, i.e. how the rules are applied. Yes, in order and only "who" matches. But what means '"who" matches', what purpose have the 'owner@:--------------:------:deny' entries, what takes precendence (allow | deny | first match | last match), also I remember, that sometimes I heard, that if allow once matched, everything else is ignored - but than I' askling, why the order of the ACLEs are important. Last but not least, what purpose have the standard perms e.g. 0644 - completely ignored if ACLEs are present ? Or used as fallback, if no ACLE matches or ACLE match, but have not set anywhere e.g. the r bit ? Any hints? Regards, jel. -- Otto-von-Guericke University http://www.cs.uni-magdeburg.de/ Department of Computer Science Geb. 29 R 027, Universitaetsplatz 2 39106 Magdeburg, Germany Tel: +49 391 67 12768 _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss