Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 4 May 2014 18:29:38 +0200
From:      =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= <trasz@FreeBSD.org>
To:        Andrey Russev <andrey.russev@gmail.com>
Cc:        freebsd-fs@freebsd.org
Subject:   Re: ZFS ACL inheritance with aclmode=passthrough
Message-ID:  <586DA3CC-58F1-45B9-9775-17D879C7FE5B@FreeBSD.org>
In-Reply-To: <52125FF9.4080005@gmail.com>
References:  <52125FF9.4080005@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Wiadomo=B6=E6 napisana przez Andrey Russev w dniu 19 sie 2013, o godz. =
20:12:
> Hello,
> it looks like ZFS ACL inheritance implementation in 8.4-RELEASE does =
not match the manual page. In case aclinherit=3Drestricted and =
aclmode=3Dpassthrough all permissions inherited from allow ACEs are =
masked(?) by group permissions. For example, ACEs of parent directory =
are
>=20
> group:wheel:rwxp----------:-d----:allow
>     owner@:rwxp--aARWcCos:------:allow
>     group@:r-x---a-R-c--s:------:allow
>  everyone@:r-x---a-R-c--s:------:allow
>=20
> but ACEs of child directory are
>=20
> group:wheel:r-x-----------:-d----:allow
>     owner@:rwxp--aARWcCos:------:allow
>     group@:r-x---a-R-c--s:------:allow
>  everyone@:r-x---a-R-c--s:------:allow
>=20
> I think that first entry must be copied without modification. It works =
this way in 8.1-RELEASE.
>=20
> I believe that this difference was introduced by r224174 in lines:
>=20
> 1732                zfs_acl_chmod(vap->va_type, acl_ids->z_mode,
> 1733 	  	  	(zfsvfs->z_acl_inherit =3D=3D =
ZFS_ACL_RESTRICTED),
> 1734 	  	  	acl_ids->z_aclp);
>=20
> because function zfs_acl_chmod applies group mask to all allow ACEs if =
third argument is non zero and everything works as expected when =
aclinherit=3Dpassthrough. Am I right?

First of all, sorry for delay.  No idea where that time went.

I think your analysis is correct.  However, I think it's not something =
we should
touch. It's either  a documentation bug - in which case the manual page =
should
be updated - or a semantics issue that should be dealt with by upstream =
(which
probably means OpenZFS) and then imported; it would be bad for FreeBSD
to diverge from other ZFS implementations in file permission semantics.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?586DA3CC-58F1-45B9-9775-17D879C7FE5B>