Date: Mon, 20 Aug 2012 16:01:36 +0200 From: =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= <trasz@FreeBSD.org> To: =?iso-8859-2?Q?Tom=E1=B9_Drbohlav?= <drb@karlov.mff.cuni.cz> Cc: freebsd-fs@freebsd.org Subject: Re: Some of ZFS ACLs doesn't work as expected Message-ID: <F80BF5E0-E402-4466-A836-5481F9A4DF81@FreeBSD.org> In-Reply-To: <503226C6.3040201@karlov.mff.cuni.cz> References: <502FD583.9070105@hte.vl.net.ua> <06453437-D034-41C2-8B7F-15B228AD2532@FreeBSD.org> <503128BB.6040801@hte.vl.net.ua> <788B90E6-B36B-40D3-8C89-BD1A2902D4D5@FreeBSD.org> <503226C6.3040201@karlov.mff.cuni.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Wiadomo=C5=9B=C4=87 napisana przez Tom=C3=A1=C5=A1 Drbohlav w dniu 20 = sie 2012, o godz. 14:00: > On 20.8.2012 13:53, Edward Tomasz Napiera=C5=82a wrote: >> Wiadomo=C5=9B=C4=87 napisana przez Pavel Bychykhin w dniu 19 sie = 2012, o godz. 19:56: >>> 19.08.2012 19:40, Edward Tomasz Napiera=C5=82a =D0=BF=D0=B8=D1=88=D0=B5= =D1=82: >>>> Wiadomo=C5=9B=C4=87 napisana przez Pavel Bychykhin w dniu 18 sie = 2012, o godz. 19:48: >>>>> Dear community! >>>>>=20 >>>>> After my experiments with ZFS, I concluded, that permissions = "delete_child" and "delete" are ignored. >>>>> For the create/update/delete operation a list of "rwxp" = (read_data/write_data/execute/append_data) is fully sufficient. >>>>=20 >>>> They are not ignored, but yes, write access on a directory is = enough to delete a file. >>>>=20 >>>>> No need to specify the "delete_child" and "delete" permissions at = all, or I don't understand something? >>>>=20 >>>> Unless you need them - no, you don't. That's why these bits are = not set in a default >>>> case (so called 'trivial ACL', i.e. no ACL set on a file). >>>>=20 >>>=20 >>> Could you please provide an example of at least one practical = situation, where the "delete_child" and "delete" permissions would be = useful? >>=20 >> You could allow for file creation, but deny file removal. Still, as = someone >> already mentioned, main reason for these to exist is compatibility = with Windows >> and NFSv4 spec. It's just that they are not _completely_ ignored, = like SYNCHRONIZE >> or READ_XATTR/WRITE_XATTR are. >=20 > Please beware, that based on my experience, SYNCHRONIZE bit is not as = ignored as you would probably expect. For example Samba configured to = save NT rights in NFSv4 ACLs need 's' for seamless opertion of File = Explorer on the other side of Smb... It appeared after some upgrade I = made about a year ago or so. By ignored, I mean ignored by FreeBSD (or Solaris, for that matter) - = FreeBSD stores this permission, but doesn't do anything more about it. Windows = obviously _does_ use it. --=20 If you cut off my head, what would I say? Me and my head, or me and my = body?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F80BF5E0-E402-4466-A836-5481F9A4DF81>