Date: Tue, 12 Jun 2012 16:42:06 +0200 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: Marc Peters <marc@mpeters.org> Cc: freebsd-fs@freebsd.org Subject: Re: ZFS deletes ACLs when root edits a file Message-ID: <20120612164206.6a573136@fabiankeil.de> In-Reply-To: <4FD74858.6070705@mpeters.org> References: <4FD74858.6070705@mpeters.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/2MyX2GgjDq8WTdUpEUgk2Im Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Marc Peters <marc@mpeters.org> wrote: > i observed a strange behaviour when using ACLs on a ZFS filesystem. > When a file has ACLs set and is edited by a user, the ACLs get lost > when the file is edited and saved. >=20 > How to repeat: >=20 > > mount > /dev/aacd0s1a on / (ufs, local) > devfs on /dev (devfs, local, multilabel) > /dev/aacd0s1d on /var (ufs, local, soft-updates) > appdata on /appdata (zfs, local, nfsv4acls) > /dev/md0 on /appdata/www/cache (ufs, local, soft-updates) >=20 > > ls -al > total 3 > drwxr-xr-x 2 mpeters wheel 2 Jun 12 15:31 . > drwxr-xr-x 5 root wheel 5 Jun 12 15:29 .. > > touch test.file ls -al > total 4 > drwxr-xr-x 2 mpeters wheel 3 Jun 12 15:32 . > drwxr-xr-x 5 root wheel 5 Jun 12 15:29 .. > - -rw-r--r-- 1 mpeters wheel 0 Jun 12 15:32 test.file > > getfacl test.file > # file: test.file > # owner: mpeters > # group: wheel > owner@:rw-p--aARWcCos:------:allow > group@:r-----a-R-c--s:------:allow > everyone@:r-----a-R-c--s:------:allow > > setfacl -m user:nobody:rwx::allow test.file ls -al > total 4 > drwxr-xr-x 2 mpeters wheel 3 Jun 12 15:32 . > drwxr-xr-x 5 root wheel 5 Jun 12 15:29 .. > - -rw-r--r--+ 1 mpeters wheel 0 Jun 12 15:32 test.file > > getfacl test.file > # file: test.file > # owner: mpeters > # group: wheel > user:nobody:rwx-----------:------:allow > owner@:rw-p--aARWcCos:------:allow > group@:r-----a-R-c--s:------:allow > everyone@:r-----a-R-c--s:------:allow > > vim test.file > (do some editing here) > "test.file" 2 lines, 12 characters written > > ls -al > total 4 > drwxr-xr-x 2 mpeters wheel 3 Jun 12 15:35 . > drwxr-xr-x 5 root wheel 5 Jun 12 15:29 .. > - -rw-r--r-- 1 mpeters wheel 12 Jun 12 15:35 test.file > > getfacl test.file > # file: test.file > # owner: mpeters > # group: wheel > owner@:rw-p--aARWcCos:------:allow > group@:r-----a-R-c--s:------:allow > everyone@:r-----a-R-c--s:------:allow >=20 > As you can see, the ACL for user nobody is gone. >=20 > Is this behaviour intended? It is expected if vim replaced the original test.file with a modified file with the same name, instead of actually editing the original file directly. To confirm that this is happening you could truss vim or run "ls -i test.file" before and after using vim (this is probably less reliable, though). The ACLs shouldn't get lost if you really modify the original, for example with: echo blafasel >> test.file Fabian --Sig_/2MyX2GgjDq8WTdUpEUgk2Im Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/XVUEACgkQBYqIVf93VJ1VHgCgyQv+qeZYwWMb0EpoSGO6aa4v 2gQAn0zygoZMZnTxQjjUBdJJhbi0JS8O =HouI -----END PGP SIGNATURE----- --Sig_/2MyX2GgjDq8WTdUpEUgk2Im--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120612164206.6a573136>