From owner-freebsd-fs@freebsd.org Fri Dec 8 18:12:26 2017 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ACFD0E8A6CF for ; Fri, 8 Dec 2017 18:12:26 +0000 (UTC) (envelope-from freebsd@omnilan.de) Received: from mx0.gentlemail.de (mx0.gentlemail.de [IPv6:2a00:e10:2800::a130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3FC4B7D59A for ; Fri, 8 Dec 2017 18:12:26 +0000 (UTC) (envelope-from freebsd@omnilan.de) Received: from mh0.gentlemail.de (ezra.dcm1.omnilan.net [78.138.80.135]) by mx0.gentlemail.de (8.14.5/8.14.5) with ESMTP id vB8ICOIq047574 for ; Fri, 8 Dec 2017 19:12:24 +0100 (CET) (envelope-from freebsd@omnilan.de) Received: from titan.inop.mo1.omnilan.net (s1.omnilan.de [217.91.127.234]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mh0.gentlemail.de (Postfix) with ESMTPSA id 4BCDBA29; Fri, 8 Dec 2017 19:12:24 +0100 (CET) Message-ID: <5A2AD608.2090001@omnilan.de> Date: Fri, 08 Dec 2017 19:12:24 +0100 From: Harry Schmalzbauer Organization: OmniLAN User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE; rv:1.9.2.8) Gecko/20100906 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: freebsd-fs@freebsd.org Subject: New in 11? ZFS ACL -> aclinherit stacks synthesized mode ACEs Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit X-Greylist: ACL 129 matched, not delayed by milter-greylist-4.2.7 (mx0.gentlemail.de [78.138.80.130]); Fri, 08 Dec 2017 19:12:24 +0100 (CET) X-Milter: Spamilter (Reciever: mx0.gentlemail.de; Sender-ip: 78.138.80.135; Sender-helo: mh0.gentlemail.de; ) X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Dec 2017 18:12:26 -0000 Hello, quick question, haven't had time to investigate yet, but accidentally noticed that something between FreeBSD 10 and 11 has changed regarding ZFS ACL inheritance. Example: If a parent directory has the file-inherit flag is set in a mode synthesized ACE, the ACL of a file in that directory get the mode ACEs stacked: getfacl DIR # file: DIR/ # owner: toor # group: wheel owner@:rwxp-daARWcCos:fd-----:allow group@:rwxp--a-R-c--s:fd-----:allow everyone@:----D---------:-d-----:deny everyone@:------a-R-c--s:fd-----:allow touch DIR/testfile getfact DIR/testfile # file: DIR/testfile # owner: toor # group: wheel owner@:rw-p-daARWcCos:------I:allow group@:rw-p--a-R-c--s:------I:allow everyone@:------a-R-c--s:------I:allow owner@:rw-p--aARWcCos:-------:allow group@:rw-p--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow The (my) ACL of the parent hasn't change for some years (and aclinherit is set to "passthrough-x" and aclmode is "passthrough", also unchanged for several years). I never saw the resulting ACL before FreeBSD 11.1 Anyone out there who knows what changed why? Thanks, -harry