Date: Wed, 12 Apr 2017 12:39:44 -0700 From: Chris Stankevitz <chris@stankevitz.com> To: Chris Stankevitz <chris-freebsd-fs@stankevitz.com>, freebsd-fs@freebsd.org Subject: Re: ZFS ACL Inheritance: umask and canonical ACEs Message-ID: <43807c41-d553-04cb-8b41-d7a809ba6403@stankevitz.com> In-Reply-To: <5aaf7f68-d099-c72a-c396-82b6597e7e01@stankevitz.com> References: <5aaf7f68-d099-c72a-c396-82b6597e7e01@stankevitz.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/12/17 11:07 AM, Chris Stankevitz wrote: 2. How do I tell ZFS/ACL that I do not want owner@, group@, or > everything@ ACEs created unless explicitly requested by setfacl? I do > not want "extra" ACEs to appear on files I create within a particular > directory -- even these "canonical" ACEs. https://github.com/freebsd/freebsd/blob/master/sys/kern/subr_acl_nfs4.c From sys/kern/subr_acl_nfsv4.c acl_nfs4_compute_inherited_acl_psarc (which I'm guessing is called when a file is created): _acl_append(aclp, ACL_USER_OBJ, user_allow ... _acl_append(aclp, ACL_GROUP_OBJ, group_allow ... _acl_append(aclp, ACL_EVERYONE, everyone_allow ... So it looks like I must have an @owner, @group, and @everyone at creation. On Windows if you have a directory containing just one to-be-inherited ACE -- when you create a file within that directory, that new file also contains just one ACE. Apparently on FreeBSD/ZFS you get some more "special" ACEs that appear whether you want them or not. My Windows users (via Samba) are not used to these "bonus ACEs" appearing when they create files. Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43807c41-d553-04cb-8b41-d7a809ba6403>