From owner-freebsd-hackers@FreeBSD.ORG Tue Sep 15 21:11:32 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A94C6106568B for ; Tue, 15 Sep 2009 21:11:32 +0000 (UTC) (envelope-from auryn@zirakzigil.org) Received: from mail.zirakzigil.org (mail.zirakzigil.org [82.63.178.63]) by mx1.freebsd.org (Postfix) with ESMTP id F23E58FC1C for ; Tue, 15 Sep 2009 21:11:31 +0000 (UTC) Received: from localhost (unknown [192.168.1.2]) by ext.zirakzigil.org (Postfix) with ESMTP id 77ECF70CC1 for ; Tue, 15 Sep 2009 20:53:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at zirakzigil.org Received: from ext.zirakzigil.org ([192.168.1.2]) by localhost (ext.zirakzigil.org [192.168.1.2]) (amavisd-new, port 10024) with ESMTP id n8YUOf0-F2vs for ; Tue, 15 Sep 2009 20:53:20 +0000 (UTC) Received: from [192.168.229.16] (unknown [192.168.1.2]) (Authenticated sender: auryn@zirakzigil.org) by ext.zirakzigil.org (Postfix) with ESMTPA id 204FA70CB4 for ; Tue, 15 Sep 2009 20:53:20 +0000 (UTC) Message-ID: <4AAFFEBB.4030907@zirakzigil.org> Date: Tue, 15 Sep 2009 22:53:15 +0200 From: Giulio Ferro User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ZFS group ownership X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2009 21:11:32 -0000 I don't know if this is the correct list to discuss this matter, if not I apologize in advance. I've always understood group ownership as a way to allow members of the same group to operate on files / folders which belong to that group, while leaving out others. Let's suppose to have a directory /root/test (UFS file system) I do this: cd /root chmod -R 770 test chown -R www:www test (I use group www as an example, since it's already present on a base system) My user "gferro" also belongs to group www and has umask 007 su - gferro touch qweq mkdir asda If I watch now the file and directory I've just created: --------------------------------------------------------------- %ls -la total 6 drwxrwx--- 3 www www 512 Sep 12 13:39 . drwxr-xr-x 4 root wheel 512 Sep 12 13:02 .. drwxrwx--- 2 gferro www 512 Sep 12 13:39 asda -rw-rw---- 1 gferro www 0 Sep 12 13:38 qweq --------------------------------------------------------------- I see that both belongs to group www, even though gferro's base group is "gferro": --------------------------------------------------------------- id gferro uid=1001(gferro) gid=1001(gferro) groups=1001(gferro),80(www) --------------------------------------------------------------- This means that all those user's who belong to group "www" will be able to work with the files and directories I've created. Now I try to do the same on a zfs partition on the same machine This is what I see with ls --------------------------------------------------------------- ls -la total 4 drwxrwx--- 3 www www 4 Sep 12 13:43 . drwxr-xr-x 4 root wheel 4 Sep 12 13:43 .. drwxrwx--- 2 gferro gferro 2 Sep 12 13:43 asda -rw-rw---- 1 gferro gferro 0 Sep 12 13:43 qweq --------------------------------------------------------------- As you can see, both file and directory belongs now to "gferro" and not "www". This means that other users won't even be able to read my files / dir, let alone modify them. What I ask now is: is this a bug or a feature? How can I achieve my goal in ZFS, that is allowing members of the same group to operate with the files / dirs they create? Thanks in advance.