David Dyer-Bennet
2009-Feb-07 22:49 UTC
[zfs-discuss] [cifs-discuss] Permissions / ACL setting for top directory of CIFS export
On Sat, February 7, 2009 14:32, Alan.M.Wright wrote:>>> Also, does this end up taking up extra metadata space compared to not >>> having to have an ACL entry for each file? > > No, ZFS only stores ACLs. It doesn''t have or store a separate > representation of the UNIX permissions bits.So I won''t worry about it. I still worry when I see 11 ACL entries, though; if only that I can''t read through it and accurately tell what it will do!> If you set traditional UNIX-like permissions on a ZFS file/directory, > ZFS sets the ACL to represents those permissions.I''ve certainly seen that happen; a change made in ACL syntax can result in the unix permission bits changing, in ways that represent the resulting ACL permissions. Sometimes I end up with Unix permissions of all dashes, though, when the ACL actually allows quite a lot of access. That''s confusing. But if it allows the access I want, I can probably learn to stop worrying about it. -- David Dyer-Bennet, dd-b at dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info
Afshin Salek
2009-Feb-08 02:00 UTC
[zfs-discuss] [cifs-discuss] Permissions / ACL setting for top directory of CIFS export
David Dyer-Bennet wrote:> On Sat, February 7, 2009 14:32, Alan.M.Wright wrote: >>>> Also, does this end up taking up extra metadata space compared to not >>>> having to have an ACL entry for each file? >> No, ZFS only stores ACLs. It doesn''t have or store a separate >> representation of the UNIX permissions bits. > > So I won''t worry about it. I still worry when I see 11 ACL entries, > though; if only that I can''t read through it and accurately tell what it > will do! >You can play with aclmode and aclinherit properties of your ZFS dataset to get different results if you want. But note that playing with these properties doesn''t affect the result when you''re operating over CIFS. CIFS server always applies Windows inheritance rules when creating new files/folders. When modifying ACLs over CIFS you should always see what you''ve sent over the wire.>> If you set traditional UNIX-like permissions on a ZFS file/directory, >> ZFS sets the ACL to represents those permissions. > > I''ve certainly seen that happen; a change made in ACL syntax can result in > the unix permission bits changing, in ways that represent the resulting > ACL permissions. > > Sometimes I end up with Unix permissions of all dashes, though, when the > ACL actually allows quite a lot of access. That''s confusing. But if it > allows the access I want, I can probably learn to stop worrying about it. >That''s because ZFS only looks at owner@, group@ and everyone@ entries to generate Unix permissions, so for example if you don''t have any owner@ entries you''ll see "---" for the owner part of Unix permissions even if you have an entry for user joe which is also the owner of the file. Afshin