thr3ads.net - zfs discuss - [zfs-discuss] ZFS: Re-Propragate inheritable ACL permissions [Jun 2009]

If this information is useful, please help other people find it:
Share via:

Christo Kutrovsky

2009-Jun-10 02:15 UTC

[zfs-discuss] ZFS: Re-Propragate inheritable ACL permissions

Hello,

Any hints on how to re-propagate all ACL entries from a given parent directory
down?

For example, you set your inheritable ACLs the way you want by running multiple:

chmod A+....:dir_inherit/file_inherit PARRENT_DIR

Then what command you would run to "add" these to all already created
files *and* directories?
-- 
This message posted from opensolaris.org

Cindy.Swearingen at Sun.COM

2009-Jun-10 22:17 UTC

head link

[zfs-discuss] ZFS: Re-Propragate inheritable ACL permissions

Christo,

We don''t have an easy way to re-propagate ACL entries on existing files
and directories.

You might try using a combination of find and chmod, similar to the
syntax below.

Which Solaris release is this? We might be able to provide better
hints if you can identify the release and the ACLs you are trying to 
propagate.

Cindy

For files:

$ find . -type f -exec chmod A=...:...file_inherit:allow {} \;

For directories:

$ find . -type d -exec chmod A=...:...dir_inherit:allow {} \;

If you create a snapshot and clone of the target dataset, you could
experiment with the correct syntax.

Christo Kutrovsky wrote:> Hello,
> 
> Any hints on how to re-propagate all ACL entries from a given parent
directory down?
> 
> For example, you set your inheritable ACLs the way you want by running
multiple:
> 
> chmod A+....:dir_inherit/file_inherit PARRENT_DIR
> 
> Then what command you would run to "add" these to all already
created files *and* directories?

Andreas Kuechler

2009-Jun-18 13:58 UTC

head link

[zfs-discuss] ZFS: Re-Propragate inheritable ACL permissions

Hi Cindy and Christo,

this is a good example of how useless ZFS ACLs are. Nobody understands how to
use them!

Please note in Cindy''s examples above:

You can not use file_inherit on files. Inheritance can only be set on
directories. Depending on the zfs aclinherit mode, the result may not be what
you want. When you have set an ACL inheritance on a directory and use chmod in
the old way, e.g. chmod g-w dir1, the ACL inheritance of dir1 is modified!

Be extremely careful with chmod A=... since this replaces any ACL set on
file/dir, including trivial ACLs for owner@, group@ and everyone at .

My experience: Avoid ACLs wherever you can. They are simply not manageable.

Andreas
-- 
This message posted from opensolaris.org

zfs discuss - Jun 2009 - ZFS: Re-Propragate inheritable ACL permissions

[zfs-discuss] ZFS: Re-Propragate inheritable ACL permissions

[zfs-discuss] ZFS: Re-Propragate inheritable ACL permissions

[zfs-discuss] ZFS: Re-Propragate inheritable ACL permissions