Date: Sun, 4 May 2014 18:29:38 +0200 From: =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= <trasz@FreeBSD.org> To: Andrey Russev <andrey.russev@gmail.com> Cc: freebsd-fs@freebsd.org Subject: Re: ZFS ACL inheritance with aclmode=passthrough Message-ID: <586DA3CC-58F1-45B9-9775-17D879C7FE5B@FreeBSD.org> In-Reply-To: <52125FF9.4080005@gmail.com> References: <52125FF9.4080005@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Wiadomo=B6=E6 napisana przez Andrey Russev w dniu 19 sie 2013, o godz. = 20:12: > Hello, > it looks like ZFS ACL inheritance implementation in 8.4-RELEASE does = not match the manual page. In case aclinherit=3Drestricted and = aclmode=3Dpassthrough all permissions inherited from allow ACEs are = masked(?) by group permissions. For example, ACEs of parent directory = are >=20 > group:wheel:rwxp----------:-d----:allow > owner@:rwxp--aARWcCos:------:allow > group@:r-x---a-R-c--s:------:allow > everyone@:r-x---a-R-c--s:------:allow >=20 > but ACEs of child directory are >=20 > group:wheel:r-x-----------:-d----:allow > owner@:rwxp--aARWcCos:------:allow > group@:r-x---a-R-c--s:------:allow > everyone@:r-x---a-R-c--s:------:allow >=20 > I think that first entry must be copied without modification. It works = this way in 8.1-RELEASE. >=20 > I believe that this difference was introduced by r224174 in lines: >=20 > 1732 zfs_acl_chmod(vap->va_type, acl_ids->z_mode, > 1733 (zfsvfs->z_acl_inherit =3D=3D = ZFS_ACL_RESTRICTED), > 1734 acl_ids->z_aclp); >=20 > because function zfs_acl_chmod applies group mask to all allow ACEs if = third argument is non zero and everything works as expected when = aclinherit=3Dpassthrough. Am I right? First of all, sorry for delay. No idea where that time went. I think your analysis is correct. However, I think it's not something = we should touch. It's either a documentation bug - in which case the manual page = should be updated - or a semantics issue that should be dealt with by upstream = (which probably means OpenZFS) and then imported; it would be bad for FreeBSD to diverge from other ZFS implementations in file permission semantics.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?586DA3CC-58F1-45B9-9775-17D879C7FE5B>