From owner-freebsd-fs@freebsd.org Fri Apr 6 13:12:42 2018 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DA385F84B98 for ; Fri, 6 Apr 2018 13:12:41 +0000 (UTC) (envelope-from stilezy@gmail.com) Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7CF727AF29; Fri, 6 Apr 2018 13:12:41 +0000 (UTC) (envelope-from stilezy@gmail.com) Received: by mail-vk0-x233.google.com with SMTP id m72so617112vkh.9; Fri, 06 Apr 2018 06:12:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GUpeJioIGIAy2MTFOxCyxweSXnsveOy6+a9eCr5o+p8=; b=CNgGkxfMFwgtY79ctw0vIg+NDyRZj8RiJ0TSLgOPnleaqHETG92GvVDBM+NULBRg2K oGaaKQPeTAumc13rjGqG3Ab0ZSzQh4yooWVNwq6185CDaXPFWtZ71X+cdF2EhxLNOq7A L9tFx0ejZ7Ybroc4DkSLegAQNXBjDIBR9WCbK/OVjyi416zwhxrzGkuzCdQLxl+ZIfTy QM7zZMs5oWG03cdc+I+LT2G7n5/RZ+7x6DkmMdYL0pt5Y8gCtyP6ETbDnIWQlOFIKqaY sn7j4fnXjpZi2uIWir62wNviH9aI+ws6Y2vri+a9q2kpPzsK6AlgiBP7Kl+kG0KwChDS QO1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GUpeJioIGIAy2MTFOxCyxweSXnsveOy6+a9eCr5o+p8=; b=lBPmBBUJ0UxDPe37faI+WpvS/DWolsg6kFqoyxhegOETFLv0GFbZgi4p0Y/aI8EAZW o4Ps2N7v7Ml44WNSpDzL+CLXiJ894mohI6UxTlMDtye0BNSloJZgt34Jrpu8TTwswAG6 8vjEDiUdHo7Jtdv01HVx23nUCIil/Eg9hFOXpKzVviIg779KunMW4YWmKrlxO8wilxQ1 FZiZiT80OSnojdIKUOVSnBf3mo1fy2ZcwvLnpHAUbAxgRyU2mTo4Tk0s49d/EAUL2Vi2 n8yDB695NMDFrxtawKHHLZsa8/LPHIDOCcYn+VcLnCi5Ubu0zWn3Ff76YyV2GDn4/A02 iA8w== X-Gm-Message-State: ALQs6tAvnDBVF/XEvhFytXOhGZb3GtKj1iu3Ao1IJB7qsC/kswW797rh +WLe++P8M1wIIb16ZiN4Oig8CY6t9sF7XmeSFoRYLw== X-Google-Smtp-Source: AIpwx48fDMulWqYot4IDd0M0ya1KdPPoeQMIz/cEdz46BILS0uhwPMl1h46gn9/qUlP3dkw24hN6wUghp75519f9prY= X-Received: by 10.31.197.197 with SMTP id v188mr16441956vkf.18.1523020360825; Fri, 06 Apr 2018 06:12:40 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.219.148 with HTTP; Fri, 6 Apr 2018 06:12:10 -0700 (PDT) In-Reply-To: <7eba73db-3097-5c8a-eb2c-e3880fb5b501@FreeBSD.org> References: <7eba73db-3097-5c8a-eb2c-e3880fb5b501@FreeBSD.org> From: Stilez Stilezy Date: Fri, 6 Apr 2018 14:12:10 +0100 Message-ID: Subject: Re: Does setuid=on work on ZFS datasets, or is the man page for zfs misleading? To: Andriy Gapon Cc: freebsd-fs Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Apr 2018 13:12:42 -0000 Thanks Andriy, Please read in the manual what ZFS setuid property means. By the way, it's on by default, so you would typically turn it off if you don't want suid binaries. And, of course, suiddir != setuid and ZFS does not support it, afaict. TLDR: yes, setuid works; no, it's not suiddir. I did look up the ZFS setuid property in the man pages. If there are there pages I missed, can you point me to them (and sorry for not finding them!) *[man zfs]:* setuid=on | off Controls whether the set-UID bit is respected for the file system. [Does not say anything else, seems perfectly clear] *[man chmod]* - where it's documented what the set-UID bit does when set on a file system: 4000 (the setuid bit). Directories with this bit set will force all files and sub- directories created in them to be owned by the directory owner and not by the uid of the creating process, if the underlying file system supports this feature... [Does **not** say that mount -o suiddir is/isn't required, or is/isn't a "blocker". Just says "see suiddir mounting option". But zfs man page has already said the bit **will** be respected. It's a bit conflicting.] Like I said, the man pages seem a bit conflicted. *[man zfs]* definitely says it provides an option for the setuid bit to be respected for the file system - it doesn't say "for files only" or any other limitation. It just says that setuid will be "respected for the file system" if the flag is enabled on the dataset. *[man chmod]* describes what happens if setuid is "respected on a file system". It's clear that this will force+inherit directory ownership "if the underlying file system supports this feature". As [man zfs] already says set_UID will be "respected", set-UID is clearly supported by ZFS. As you can see, I did read the man pages carefully. That's why I asked help to understand if it was documentation, implementation, or invocation, which was the issue. If the zfs setuid property *doesn't* mean the same as normal enabling of the setuid bit functionality, then the [man zfs] page is misleading. If it works only for files but not for directories, it's also misleading. So I hope you can see, I'm not asking because of failure to read the man pages. I really did read, and followed them carefully, before asking. So your answer was helpful (thank you!), even if I don't understand what info I didn't read in the man pages. I have 2 quick points arising: 1. I gather from your reply that even with this flag set, set-UID for ZFS based directories' ownership/inheritance is not "respected for the file system" - or not fully respected in the sense normally understood as in [man chmod]? If that's the case then [man zfs] is incorrect - please can you confirm exactly what is this flag's functionality, since it's unclear? 2. Returning to the original issue, is there any way one can automatically force owner+owner inheritance, for data in a zfs dataset? Thank you for your help, even if not the ideal answer. I hope these last couple of points are easy to clear up, and not annoying :) Stilez On 6 April 2018 at 13:31, Andriy Gapon wrote: > On 05/04/2018 18:53, Stilez Stilezy wrote: > > I'm trying to use the setuid property in ZFS. > > > > The man pages are a bit conflicted but overall man zfs seems most > specific > > and implies the property is valid (man zfs says use setuid=on and it'll > > work, man mount says use -o suiddir but won't work except on UFS). > > Please read in the manual what ZFS setuid property means. > By the way, it's on by default, so you would typically turn it off if you > don't > want suid binaries. And, of course, suiddir != setuid and ZFS does not > support > it, afaict. > > TLDR: yes, setuid works; no, it's not suiddir. > > -- > Andriy Gapon > >