Date: Thu, 5 Apr 2018 16:53:09 +0100 From: Stilez Stilezy <stilezy@gmail.com> To: freebsd-fs <freebsd-fs@freebsd.org> Subject: Does setuid=on work on ZFS datasets, or is the man page for zfs misleading? Message-ID: <CAFwhr76YOacX7kS87M-xRhcnkQGYGcmpYz%2BKU6rok2b-Wt_GHA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I'm trying to use the setuid property in ZFS. The man pages are a bit conflicted but overall man zfs seems most specific and implies the property is valid (man zfs says use setuid=on and it'll work, man mount says use -o suiddir but won't work except on UFS). It seems that man zfs is more specific/authoritative but I can't be sure. I'm starting to wonder if the page is wrong/misleading, and setuid isn't working/not implemented on datasets, despite the apparent meaning of man zfs. Here's an easily reproduced test case: # zfs create Test_pool/test # zfs list | grep test Test_pool/test 88K 446G 88K /mnt/Test_pool/test # zfs set setuid=on Test_pool/test # zfs get all Test_pool/test | grep setuid Test_pool/test setuid on local # mount | grep test Test_pool/test on /mnt/Test_pool/test (zfs, local, noatime, nfsv4acls) # umount Test_pool/test # mount -t zfs -o local,noatime,nfsv4acls,suiddir Test_pool/test /mnt/Test_pool/test # mount | grep test Test_pool/test on /mnt/Test_pool/test (zfs, local, noatime, suiddir, nfsv4acls) # chown www /mnt/Test_pool/test # chmod 4770 /mnt/Test_pool/test/ # ls -lt /mnt/Test_pool | grep test drwsrwx--- 2 www wheel 2 2018-04-05 16:11:48 test/ # ls -lt /mnt/Test_pool/test total 0 # mkdir /mnt/Test_pool/test/dir_created_as_root # touch /mnt/Test_pool/test/file_created_as_root # ls -al /mnt/Test_pool/test total 2 drwsrwx--- 3 www wheel 4 2018-04-05 16:19:17 ./ drwxrwxr-x+ 5 root wheel 6 2018-04-05 16:11:49 ../ drwxr-xr-x 2 root wheel 2 2018-04-05 16:18:33 dir_created_as_root/ -rw-r--r-- 1 root wheel 0 2018-04-05 16:19:17 file_created_as_root As far as I can see, everything's done that's needed. - Clean newly created dataset - setuid property set and checked - dataset mounted with suiddir option on - dataset given a different owner than my current invoked account, and setuid bit set - dataset properties, mount options, setuid bit, owner, etc all checked and seem correct - as root, created a new dir and file immediately within the dir - ..... but neither of them pick up the containing dir's actual owner and the dir doesn't pick up the setuid bit. Unless man zfs is misleading, setuid=on should work. (The exception is if it should say that it does work - but only for ZVOLs not datasets, which isn't what's said) What's going on? Or is this not implemented in ZFS and the man page not as clear as needed? If it *can't* be done within a normal ZFS dataset and the man page needs updating to be clearer, is there any "second best" workaround/fix to automatically get the right owner for that dataset's newly created files/dirs? For info, the platform is 11.1-REL on amd64. The files in the dataset could be created/modified/deleted by a number of users, hence why I want to mandate a fixed owner. I also don't want to create this directory as UFS-within-ZVOL, but to use a normal ZFS dataset. Thanks for any technical insight into this Stilez
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFwhr76YOacX7kS87M-xRhcnkQGYGcmpYz%2BKU6rok2b-Wt_GHA>