Date: Fri, 8 Aug 2008 16:00:47 +0300 From: Boris Kotzev <boris.kotzev@gmail.com> To: Jeremy Chadwick <koitsu@freebsd.org> Cc: freebsd-fs@freebsd.org Subject: Re: zfs - no access to a Mac OS X zfs pool without root privileges Message-ID: <200808081600.47603.boris.kotzev@gmail.com> In-Reply-To: <20080808033902.GA72860@eos.sc1.parodius.com> References: <200808071925.45786.boris.kotzev@gmail.com> <200808072040.55571.boris.kotzev@gmail.com> <20080808033902.GA72860@eos.sc1.parodius.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Íà Friday 08 August 2008 06:39:02 íàïèñàõòå: > On Thu, Aug 07, 2008 at 08:40:55PM +0300, Boris Kotzev wrote: > > ?? Thursday 07 August 2008 19:55:02 Jeremy Chadwick ??????: > > > On Thu, Aug 07, 2008 at 07:25:45PM +0300, Boris Kotzev wrote: > > > > Hello, > > > > > > > > I used the zfs port to Mac OS X (http://zfs.macosforge.org) > > > > to create a storage pool under Mac OS X. The pool can be > > > > imported successfully under FreeBSD: > > > > > > > > root:~-114# zpool import macpool > > > > root:~-115# zpool list macpool > > > > NAME SIZE USED AVAIL CAP HEALTH ALTROOT > > > > macpool 6,94G 510K 6,94G 0% ONLINE - > > > > root:~-116# zfs list macpool > > > > NAME USED AVAIL REFER MOUNTPOINT > > > > macpool 474K 6,83G 308K /macpool > > > > > > > > and is fully accessible to the root user: > > > > > > > > root:~-118# id > > > > uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) > > > > root:~-119# ls -ld /macpool > > > > drwxr-xr-x 7 root wheel 8 7 ??? 16:59 /macpool > > > > root:~-120# ls -l /macpool > > > > total 43 > > > > drwx------ 3 root wheel 3 7 ??? 16:31 .Spotlight-V100 > > > > -rw-r--r-- 1 root wheel 35014 7 ??? 16:31 > > > > .VolumeIcon.icns drwx------ 2 root wheel 4 7 ??? > > > > 16:32 .fseventsd drwxr-xr-x 2 root wheel 2 7 ??? > > > > 16:59 backup drwxr-xr-x 2 root wheel 2 7 ??? 16:59 > > > > downloads drwxr-xr-x 2 root wheel 2 7 ??? 16:58 music > > > > > > > > According to the file permissions on /macpool (drwxr-xr-x), > > > > anyone should have read access to it. This is not the case > > > > though: > > > > > > > > root:~-121# su user > > > > % id > > > > uid=1003(user) gid=1003(user) > > > > groups=1003(user),0(wheel),5(operator) % ls -l /macpool > > > > ls: /macpool: Permission denied > > > > % cd /macpool > > > > /macpool: Permission denied. > > > > > > > > Is this a bug, or is there some way to get access to /macpool > > > > as an ordinary user? > > > > > > > > The pool was created under version zfs-119 of the Mac OS X > > > > port; the FreeBSD version is: > > > > > > > > root:~-122# uname -a > > > > FreeBSD xxxx 8.0-CURRENT FreeBSD 8.0-CURRENT #0: Sat Aug 2 > > > > 14:19:33 EEST 2008 root@xxxx:/usr/obj/usr/src/sys/MACBOOK > > > > amd64 > > > > > > > > with the latest zfs patch, but the problem was also present > > > > before applying the patch. > > > > > > As root, what does "zfs get all macpool" return on FreeBSD? > > > > root@:~-116# zfs get all macpool > > NAME PROPERTY VALUE SOURCE > > macpool type filesystem - > > macpool creation ?? ??? 7 16:31 2008 - > > macpool used 474K - > > macpool available 6,83G - > > macpool referenced 308K - > > macpool compressratio 1.00x - > > macpool mounted yes - > > macpool quota none default > > macpool reservation none default > > macpool recordsize 128K default > > macpool mountpoint /macpool default > > macpool sharenfs off default > > macpool checksum on default > > macpool compression off default > > macpool atime on default > > macpool devices on default > > macpool exec on default > > macpool setuid on default > > macpool readonly off default > > macpool jailed off default > > macpool snapdir hidden default > > macpool aclmode groupmask default > > macpool aclinherit restricted default > > macpool canmount on default > > macpool shareiscsi off default > > macpool xattr off temporary > > macpool copies 1 default > > macpool version 1 - > > macpool utf8only off - > > macpool normalization none - > > macpool casesensitivity sensitive - > > macpool vscan off default > > macpool nbmand off default > > macpool sharesmb off default > > macpool refquota none default > > macpool refreservation none default > > It's interesting to note that your filesystem has a significantly > larger number of properties returned than mine. I wonder if the > ZFS code has support for those properties on FreeBSD, but they > simply aren't listed. Or maybe the patch you're using adds all of > them? I don't know. > The extra properties appeared after applying the ZFS patches. The newer versions of zfs and zpool exhibit more poperties than zpool version 6 and zfs version 1: % zpool upgrade -v This system is currently running ZFS pool version 11. The following versions are supported: VER DESCRIPTION --- -------------------------------------------------------- 1 Initial ZFS version 2 Ditto blocks (replicated metadata) 3 Hot spares and double parity RAID-Z 4 zpool history 5 Compression using the gzip algorithm 6 bootfs pool property 7 Separate intent log devices 8 Delegated administration 9 refquota and refreservation properties 10 Cache devices 11 Improved scrub performance For more information on a particular version, including supported releases, see: http://www.opensolaris.org/os/community/zfs/version/N Where 'N' is the version number. % zfs upgrade -v The following filesystem versions are supported: VER DESCRIPTION --- -------------------------------------------------------- 1 Initial ZFS filesystem version 2 Enhanced directory entries 3 Case insensitive and File system unique identifer (FUID) For more information on a particular version, including supported releases, see: http://www.opensolaris.org/os/community/zfs/version/zpl/N Where 'N' is the version number. > Anyway, the property that may be relevant is aclinherit. The > zfs(1) manpage on FreeBSD makes no mention of what "restricted" > means for property "aclinherit". I believe it may be the source of > the problem. This property has different values under FreeBSD and Mac OS X. It is shown as "secure" in Mac OS X: sh-3.2# zfs get aclinherit macpool NAME PROPERTY VALUE SOURCE macpool aclinherit secure default It is not possible to change the value inder FreeBSD: root@:/-112# zfs set aclinherit=discard macpool property 'aclinherit' not supported on FreeBSD: permission denied I set the value under Mac OS X to "discard" but the change did not seem to make any difference. > > A ZFS filesystem made on FreeBSD has a different value for that > property. I explicitly enabled compression on the below fs, BTW, > which is why that value is not the default value: > > NAME PROPERTY VALUE SOURCE > storage type filesystem - > storage creation Sun May 25 19:33 2008 - > storage used 183G - > storage available 730G - > storage referenced 183G - > storage compressratio 1.02x - > storage mounted yes - > storage quota none default > storage reservation none default > storage recordsize 128K default > storage mountpoint /storage default > storage sharenfs off default > storage checksum on default > storage compression on local > storage atime off local > storage devices on default > storage exec on default > storage setuid on default > storage readonly off default > storage jailed off default > storage snapdir hidden default > storage aclmode groupmask default > storage aclinherit secure default > storage canmount on default > storage shareiscsi off default > storage xattr off temporary > storage copies 1 default It is also possible to import a pool created under FreeBSD to Mac OS X but whenever I write to the pool in Mac OS X and then try to read the entries in FreeBSD, I encounter the same problem: the entries created under Mac OS X are accessible by the root user only. I also noticed that all entries in a FreeBSD pool acquired ACL's in Mac OS X. For example the etc directory of FreeBSD has the following ACL in MAC OS X: sh-3.2# ls -lde etc drwxr-xr-x+ 19 root wheel 122 7 Àâã 18:39 etc 0: group:nogroup deny This ACL looks suspicious to me though when I compare it to the ACL's on the Mac OS X hfs+ volume: sh-3.2# ls -lde /Applications drwxrwxr-x+ 49 root admin 1666 6 Àâã 21:27 /Applications 0: group:everyone deny delete Can the problem be related to the fact that I run the AMD 64 version of FreeBSD? Thanks, Boris Kotzev
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808081600.47603.boris.kotzev>