Date: Tue, 12 Jun 2012 12:15:10 -0700 From: Andrew Leonard <lists@hurricane-ridge.com> To: Marc Peters <marc@mpeters.org> Cc: freebsd-fs@freebsd.org Subject: Re: ZFS deletes ACLs when root edits a file Message-ID: <CADUQDp--h_JxVRu7XtkghLUfsqV167a6SjWsyogg0JaMekQwXQ@mail.gmail.com> In-Reply-To: <20120612164206.6a573136@fabiankeil.de> References: <4FD74858.6070705@mpeters.org> <20120612164206.6a573136@fabiankeil.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 12, 2012 at 7:42 AM, Fabian Keil <freebsd-listen@fabiankeil.de> wrote: > Marc Peters <marc@mpeters.org> wrote: > >> i observed a strange behaviour when using ACLs on a ZFS filesystem. >> When a file has ACLs set and is edited by a user, the ACLs get lost >> when the file is edited and saved. >> >> How to repeat: >> >> > mount >> /dev/aacd0s1a on / (ufs, local) >> devfs on /dev (devfs, local, multilabel) >> /dev/aacd0s1d on /var (ufs, local, soft-updates) >> appdata on /appdata (zfs, local, nfsv4acls) >> /dev/md0 on /appdata/www/cache (ufs, local, soft-updates) >> >> > ls -al >> total 3 >> drwxr-xr-x =A02 mpeters =A0wheel =A02 Jun 12 15:31 . >> drwxr-xr-x =A05 root =A0 =A0 wheel =A05 Jun 12 15:29 .. >> > touch test.file ls -al >> total 4 >> drwxr-xr-x =A02 mpeters =A0wheel =A03 Jun 12 15:32 . >> drwxr-xr-x =A05 root =A0 =A0 wheel =A05 Jun 12 15:29 .. >> - -rw-r--r-- =A01 mpeters =A0wheel =A00 Jun 12 15:32 test.file >> > getfacl test.file >> # file: test.file >> # owner: mpeters >> # group: wheel >> =A0 =A0 =A0 =A0 =A0 =A0 owner@:rw-p--aARWcCos:------:allow >> =A0 =A0 =A0 =A0 =A0 =A0 group@:r-----a-R-c--s:------:allow >> =A0 =A0 =A0 =A0 =A0everyone@:r-----a-R-c--s:------:allow >> > setfacl -m user:nobody:rwx::allow test.file ls -al >> total 4 >> drwxr-xr-x =A02 mpeters =A0wheel =A03 Jun 12 15:32 . >> drwxr-xr-x =A05 root =A0 =A0 wheel =A05 Jun 12 15:29 .. >> - -rw-r--r--+ 1 mpeters =A0wheel =A00 Jun 12 15:32 test.file >> > getfacl test.file >> # file: test.file >> # owner: mpeters >> # group: wheel >> =A0 =A0 =A0 =A0user:nobody:rwx-----------:------:allow >> =A0 =A0 =A0 =A0 =A0 =A0 owner@:rw-p--aARWcCos:------:allow >> =A0 =A0 =A0 =A0 =A0 =A0 group@:r-----a-R-c--s:------:allow >> =A0 =A0 =A0 =A0 =A0everyone@:r-----a-R-c--s:------:allow >> > vim test.file >> (do some editing here) >> "test.file" 2 lines, 12 characters written >> > ls -al >> total 4 >> drwxr-xr-x =A02 mpeters =A0wheel =A0 3 Jun 12 15:35 . >> drwxr-xr-x =A05 root =A0 =A0 wheel =A0 5 Jun 12 15:29 .. >> - -rw-r--r-- =A01 mpeters =A0wheel =A012 Jun 12 15:35 test.file >> > getfacl test.file >> # file: test.file >> # owner: mpeters >> # group: wheel >> =A0 =A0 =A0 =A0 =A0 =A0 owner@:rw-p--aARWcCos:------:allow >> =A0 =A0 =A0 =A0 =A0 =A0 group@:r-----a-R-c--s:------:allow >> =A0 =A0 =A0 =A0 =A0everyone@:r-----a-R-c--s:------:allow >> >> As you can see, the ACL for user nobody is gone. >> >> Is this behaviour intended? > > It is expected if vim replaced the original test.file > with a modified file with the same name, instead of > actually editing the original file directly. > > To confirm that this is happening you could truss > vim or run "ls -i test.file" before and after using > vim (this is probably less reliable, though). > > The ACLs shouldn't get lost if you really modify the > original, for example with: > > echo blafasel >> test.file Also, take a look at what you have the aclmode property set to on the ZFS file system. If you have it set to "discard" and if vim makes a chmod(2) call on the original file, then the ACL entries that do not represent the mode of the file will be discarded. -Andy > Fabian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADUQDp--h_JxVRu7XtkghLUfsqV167a6SjWsyogg0JaMekQwXQ>