Date: Mon, 20 Aug 2012 14:00:06 +0200 From: =?UTF-8?B?VG9tw6HFoSBEcmJvaGxhdg==?= <drb@karlov.mff.cuni.cz> To: Pavel Bychykhin <pavel.priv@hte.vl.net.ua> Cc: freebsd-fs@freebsd.org, =?UTF-8?B?RWR3YXJkIFRvbWFzeiBOYXBpZXJhxYJh?= <trasz@FreeBSD.org> Subject: Re: Some of ZFS ACLs doesn't work as expected Message-ID: <503226C6.3040201@karlov.mff.cuni.cz> In-Reply-To: <788B90E6-B36B-40D3-8C89-BD1A2902D4D5@FreeBSD.org> References: <502FD583.9070105@hte.vl.net.ua> <06453437-D034-41C2-8B7F-15B228AD2532@FreeBSD.org> <503128BB.6040801@hte.vl.net.ua> <788B90E6-B36B-40D3-8C89-BD1A2902D4D5@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20.8.2012 13:53, Edward Tomasz Napierała wrote: > Wiadomość napisana przez Pavel Bychykhin w dniu 19 sie 2012, o godz. 19:56: >> 19.08.2012 19:40, Edward Tomasz Napierała пишет: >>> Wiadomość napisana przez Pavel Bychykhin w dniu 18 sie 2012, o godz. 19:48: >>>> Dear community! >>>> >>>> After my experiments with ZFS, I concluded, that permissions "delete_child" and "delete" are ignored. >>>> For the create/update/delete operation a list of "rwxp" (read_data/write_data/execute/append_data) is fully sufficient. >>> >>> They are not ignored, but yes, write access on a directory is enough to delete a file. >>> >>>> No need to specify the "delete_child" and "delete" permissions at all, or I don't understand something? >>> >>> Unless you need them - no, you don't. That's why these bits are not set in a default >>> case (so called 'trivial ACL', i.e. no ACL set on a file). >>> >> >> Could you please provide an example of at least one practical situation, where the "delete_child" and "delete" permissions would be useful? > > You could allow for file creation, but deny file removal. Still, as someone > already mentioned, main reason for these to exist is compatibility with Windows > and NFSv4 spec. It's just that they are not _completely_ ignored, like SYNCHRONIZE > or READ_XATTR/WRITE_XATTR are. Please beware, that based on my experience, SYNCHRONIZE bit is not as ignored as you would probably expect. For example Samba configured to save NT rights in NFSv4 ACLs need 's' for seamless opertion of File Explorer on the other side of Smb... It appeared after some upgrade I made about a year ago or so. T:D
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?503226C6.3040201>