From owner-freebsd-fs@FreeBSD.ORG  Tue Jun 12 19:15:12 2012
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 24A4610656D5
	for <freebsd-fs@freebsd.org>; Tue, 12 Jun 2012 19:15:12 +0000 (UTC)
	(envelope-from lists@hurricane-ridge.com)
Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com
	[209.85.212.54])
	by mx1.freebsd.org (Postfix) with ESMTP id CD52A8FC1B
	for <freebsd-fs@freebsd.org>; Tue, 12 Jun 2012 19:15:11 +0000 (UTC)
Received: by vbmv11 with SMTP id v11so3827234vbm.13
	for <freebsd-fs@freebsd.org>; Tue, 12 Jun 2012 12:15:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=mime-version:x-originating-ip:in-reply-to:references:date
	:message-id:subject:from:to:cc:content-type
	:content-transfer-encoding:x-gm-message-state;
	bh=5aE0ae4zON0pt9YfHjUf38xjmzCpd4CsdnvtC7YiL0M=;
	b=JWm35AbU6d2E9ey8l4NhcnbPKmGvVptx8LGiatwftGJTPzhVA8+iIQ6TuetyzcITcg
	Fh2xzdFPjeOke5KNN7I3nsmosg4WZcbmQCyAiAR4uMqnLkJ9ueQOpM125YO6upFEIxnu
	r6FH3mZ9dvGNa8Bb0JHjhCuhvQ1a2SGihrtAQXNjCoq0lgyfwWxT7V1bX7r4yRSVXmgY
	riIMZBu1nOT2TZORKRRiPC+vYQSEAwlXrMgBTgd56F459Lj9DIFIvZJ1XqGFo1BRnICt
	J5gbYfVhhpSL2AJFAOK/ksLQUSFMHbs8ry74uYruJ6g9pEiaEVqiaYrKO/dPG1PU/MgE
	3gTg==
MIME-Version: 1.0
Received: by 10.52.33.140 with SMTP id r12mr934581vdi.91.1339528510729; Tue,
	12 Jun 2012 12:15:10 -0700 (PDT)
Received: by 10.52.88.162 with HTTP; Tue, 12 Jun 2012 12:15:10 -0700 (PDT)
X-Originating-IP: [209.124.184.194]
In-Reply-To: <20120612164206.6a573136@fabiankeil.de>
References: <4FD74858.6070705@mpeters.org>
	<20120612164206.6a573136@fabiankeil.de>
Date: Tue, 12 Jun 2012 12:15:10 -0700
Message-ID: <CADUQDp--h_JxVRu7XtkghLUfsqV167a6SjWsyogg0JaMekQwXQ@mail.gmail.com>
From: Andrew Leonard <lists@hurricane-ridge.com>
To: Marc Peters <marc@mpeters.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQlFqm649mlfWTu3wYKcam4Isy+cgB4Sks9Q2KACJhwPcuSsYdIc8jwWH18bERHLBt2CO8tL
Cc: freebsd-fs@freebsd.org
Subject: Re: ZFS deletes ACLs when root edits a file
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2012 19:15:12 -0000

On Tue, Jun 12, 2012 at 7:42 AM, Fabian Keil
<freebsd-listen@fabiankeil.de> wrote:

> Marc Peters <marc@mpeters.org> wrote:
>
>> i observed a strange behaviour when using ACLs on a ZFS filesystem.
>> When a file has ACLs set and is edited by a user, the ACLs get lost
>> when the file is edited and saved.
>>
>> How to repeat:
>>
>> > mount
>> /dev/aacd0s1a on / (ufs, local)
>> devfs on /dev (devfs, local, multilabel)
>> /dev/aacd0s1d on /var (ufs, local, soft-updates)
>> appdata on /appdata (zfs, local, nfsv4acls)
>> /dev/md0 on /appdata/www/cache (ufs, local, soft-updates)
>>
>> > ls -al
>> total 3
>> drwxr-xr-x =A02 mpeters =A0wheel =A02 Jun 12 15:31 .
>> drwxr-xr-x =A05 root =A0 =A0 wheel =A05 Jun 12 15:29 ..
>> > touch test.file ls -al
>> total 4
>> drwxr-xr-x =A02 mpeters =A0wheel =A03 Jun 12 15:32 .
>> drwxr-xr-x =A05 root =A0 =A0 wheel =A05 Jun 12 15:29 ..
>> - -rw-r--r-- =A01 mpeters =A0wheel =A00 Jun 12 15:32 test.file
>> > getfacl test.file
>> # file: test.file
>> # owner: mpeters
>> # group: wheel
>> =A0 =A0 =A0 =A0 =A0 =A0 owner@:rw-p--aARWcCos:------:allow
>> =A0 =A0 =A0 =A0 =A0 =A0 group@:r-----a-R-c--s:------:allow
>> =A0 =A0 =A0 =A0 =A0everyone@:r-----a-R-c--s:------:allow
>> > setfacl -m user:nobody:rwx::allow test.file ls -al
>> total 4
>> drwxr-xr-x =A02 mpeters =A0wheel =A03 Jun 12 15:32 .
>> drwxr-xr-x =A05 root =A0 =A0 wheel =A05 Jun 12 15:29 ..
>> - -rw-r--r--+ 1 mpeters =A0wheel =A00 Jun 12 15:32 test.file
>> > getfacl test.file
>> # file: test.file
>> # owner: mpeters
>> # group: wheel
>> =A0 =A0 =A0 =A0user:nobody:rwx-----------:------:allow
>> =A0 =A0 =A0 =A0 =A0 =A0 owner@:rw-p--aARWcCos:------:allow
>> =A0 =A0 =A0 =A0 =A0 =A0 group@:r-----a-R-c--s:------:allow
>> =A0 =A0 =A0 =A0 =A0everyone@:r-----a-R-c--s:------:allow
>> > vim test.file
>> (do some editing here)
>> "test.file" 2 lines, 12 characters written
>> > ls -al
>> total 4
>> drwxr-xr-x =A02 mpeters =A0wheel =A0 3 Jun 12 15:35 .
>> drwxr-xr-x =A05 root =A0 =A0 wheel =A0 5 Jun 12 15:29 ..
>> - -rw-r--r-- =A01 mpeters =A0wheel =A012 Jun 12 15:35 test.file
>> > getfacl test.file
>> # file: test.file
>> # owner: mpeters
>> # group: wheel
>> =A0 =A0 =A0 =A0 =A0 =A0 owner@:rw-p--aARWcCos:------:allow
>> =A0 =A0 =A0 =A0 =A0 =A0 group@:r-----a-R-c--s:------:allow
>> =A0 =A0 =A0 =A0 =A0everyone@:r-----a-R-c--s:------:allow
>>
>> As you can see, the ACL for user nobody is gone.
>>
>> Is this behaviour intended?
>
> It is expected if vim replaced the original test.file
> with a modified file with the same name, instead of
> actually editing the original file directly.
>
> To confirm that this is happening you could truss
> vim or run "ls -i test.file" before and after using
> vim (this is probably less reliable, though).
>
> The ACLs shouldn't get lost if you really modify the
> original, for example with:
>
> echo blafasel >> test.file

Also, take a look at what you have the aclmode property set to on the
ZFS file system.  If you have it set to "discard" and if vim makes a
chmod(2) call on the original file, then the ACL entries that do not
represent the mode of the file will be discarded.

-Andy

> Fabian