Date: Mon, 19 Aug 2013 21:12:09 +0300 From: Andrey Russev <andrey.russev@gmail.com> To: freebsd-fs@freebsd.org Subject: ZFS ACL inheritance with aclmode=passthrough Message-ID: <52125FF9.4080005@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello,
it looks like ZFS ACL inheritance implementation in 8.4-RELEASE does not
match the manual page. In case aclinherit=restricted and
aclmode=passthrough all permissions inherited from allow ACEs are
masked(?) by group permissions. For example, ACEs of parent directory are
group:wheel:rwxp----------:-d----:allow
owner@:rwxp--aARWcCos:------:allow
group@:r-x---a-R-c--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
but ACEs of child directory are
group:wheel:r-x-----------:-d----:allow
owner@:rwxp--aARWcCos:------:allow
group@:r-x---a-R-c--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
I think that first entry must be copied without modification. It works
this way in 8.1-RELEASE.
I believe that this difference was introduced by r224174 in lines:
1732 zfs_acl_chmod(vap->va_type, acl_ids->z_mode,
1733 (zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED),
1734 acl_ids->z_aclp);
because function zfs_acl_chmod applies group mask to all allow ACEs if
third argument is non zero and everything works as expected when
aclinherit=passthrough. Am I right?
Thanks,
Andrey.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52125FF9.4080005>