From owner-freebsd-fs@FreeBSD.ORG Mon Aug 20 14:01:41 2012 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1AE0E10656F3 for ; Mon, 20 Aug 2012 14:01:41 +0000 (UTC) (envelope-from etnapierala@gmail.com) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 9090F8FC1B for ; Mon, 20 Aug 2012 14:01:40 +0000 (UTC) Received: by eeke52 with SMTP id e52so1905833eek.13 for ; Mon, 20 Aug 2012 07:01:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=tt7/JzZopIVLIrzpMfG1pypPvn4iPUMhNObopMG7fRw=; b=Ea0h5TuHGQCb2xxThbbQyic3lda9PlfflVZoObuVeVniHrr+ZSlXYE4wQREueWMtkG 6bxjhpsWwshAvL3PKGz1IxkK+LRKDhPBZZ1NSlYy3+BgI2APUCbUUJHC2BRknUCjCxd4 bVwHg9wzGxIY322pfU0NWgNMblRJMfG8NTHxIur2l6uDO6lPtUF0ujcSP/Zkt9Uk6Fp1 CmQHsJbLOfKv0NV3CQRkUKpNimy6+0GnqlrtHipGdT2K574TF41+DOwT2hiLQ1RZtmg3 foyAf+Y5B17o02ULlh+tga1LpRPMGKQqWiog4DsoPZsi6TvmsppODIcxDAlLsurYrhcX B28Q== Received: by 10.14.175.7 with SMTP id y7mr8811915eel.29.1345471299272; Mon, 20 Aug 2012 07:01:39 -0700 (PDT) Received: from [192.168.1.110] (45.81.datacomsa.pl. [195.34.81.45]) by mx.google.com with ESMTPS id l42sm42229529eep.1.2012.08.20.07.01.38 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 20 Aug 2012 07:01:38 -0700 (PDT) Sender: =?UTF-8?Q?Edward_Tomasz_Napiera=C5=82a?= Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=utf-8 From: =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= In-Reply-To: <503226C6.3040201@karlov.mff.cuni.cz> Date: Mon, 20 Aug 2012 16:01:36 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <502FD583.9070105@hte.vl.net.ua> <06453437-D034-41C2-8B7F-15B228AD2532@FreeBSD.org> <503128BB.6040801@hte.vl.net.ua> <788B90E6-B36B-40D3-8C89-BD1A2902D4D5@FreeBSD.org> <503226C6.3040201@karlov.mff.cuni.cz> To: =?iso-8859-2?Q?Tom=E1=B9_Drbohlav?= X-Mailer: Apple Mail (2.1278) Cc: freebsd-fs@freebsd.org Subject: Re: Some of ZFS ACLs doesn't work as expected X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Aug 2012 14:01:41 -0000 Wiadomo=C5=9B=C4=87 napisana przez Tom=C3=A1=C5=A1 Drbohlav w dniu 20 = sie 2012, o godz. 14:00: > On 20.8.2012 13:53, Edward Tomasz Napiera=C5=82a wrote: >> Wiadomo=C5=9B=C4=87 napisana przez Pavel Bychykhin w dniu 19 sie = 2012, o godz. 19:56: >>> 19.08.2012 19:40, Edward Tomasz Napiera=C5=82a =D0=BF=D0=B8=D1=88=D0=B5= =D1=82: >>>> Wiadomo=C5=9B=C4=87 napisana przez Pavel Bychykhin w dniu 18 sie = 2012, o godz. 19:48: >>>>> Dear community! >>>>>=20 >>>>> After my experiments with ZFS, I concluded, that permissions = "delete_child" and "delete" are ignored. >>>>> For the create/update/delete operation a list of "rwxp" = (read_data/write_data/execute/append_data) is fully sufficient. >>>>=20 >>>> They are not ignored, but yes, write access on a directory is = enough to delete a file. >>>>=20 >>>>> No need to specify the "delete_child" and "delete" permissions at = all, or I don't understand something? >>>>=20 >>>> Unless you need them - no, you don't. That's why these bits are = not set in a default >>>> case (so called 'trivial ACL', i.e. no ACL set on a file). >>>>=20 >>>=20 >>> Could you please provide an example of at least one practical = situation, where the "delete_child" and "delete" permissions would be = useful? >>=20 >> You could allow for file creation, but deny file removal. Still, as = someone >> already mentioned, main reason for these to exist is compatibility = with Windows >> and NFSv4 spec. It's just that they are not _completely_ ignored, = like SYNCHRONIZE >> or READ_XATTR/WRITE_XATTR are. >=20 > Please beware, that based on my experience, SYNCHRONIZE bit is not as = ignored as you would probably expect. For example Samba configured to = save NT rights in NFSv4 ACLs need 's' for seamless opertion of File = Explorer on the other side of Smb... It appeared after some upgrade I = made about a year ago or so. By ignored, I mean ignored by FreeBSD (or Solaris, for that matter) - = FreeBSD stores this permission, but doesn't do anything more about it. Windows = obviously _does_ use it. --=20 If you cut off my head, what would I say? Me and my head, or me and my = body?