Frank Lahm
2010-Oct-23 11:33 UTC
[zfs-discuss] No ACL inheritance with aclmode=passthrough in onnv-134
Hi list,
while preparing for the changed ACL/mode_t mapping semantics coming
with onnv-147 [1], I discovered that in onnv-134 on my system ACLs are
not inherited when aclmode is set to passthrough for the filesystem.
This very much puzzles me. Example:
$ uname -a
SunOS os 5.11 snv_134 i86pc i386 i86pc
$ pwd
/Volumes/ACLs/dir1
$ zfs list | grep /Volumes
rpool/Volumes 7,00G 39,7G 6,84G /Volumes
$ zfs get aclmode,aclinherit rpool/Volumes
NAME PROPERTY VALUE SOURCE
rpool/Volumes aclmode passthrough local
rpool/Volumes aclinherit passthrough local
$ ls -dlV .
drwxr-xr-x+ 3 ldapadmin ldapgroup2 3 Okt 23 13:19 .
group:ldapgroup1:rwxp--aARWc---:fdi----:allow
group:ldapgroup1:rwxp--aARWc---:-------:allow
owner@:--------------:-------:deny
owner@:rwxp---A-W-Co-:-------:allow
group@:-w-p----------:-------:deny
group@:r-x-----------:-------:allow
everyone@:-w-p---A-W-Co-:-------:deny
everyone@:r-x---a-R-c--s:-------:allow
$ id
uid=5001(ldapuser1) gid=5001(ldapgroup1)
$ touch file
$ ls -lV file
-rw-r--r--+ 1 ldapuser1 ldapgroup1 0 Okt 23 13:21 file
group:ldapgroup1:rwxp--aARWc---:------I:allow
owner@:--x-----------:-------:deny
owner@:rw-p---A-W-Co-:-------:allow
group@:-wxp----------:-------:deny
group@:r-------------:-------:allow
everyone@:-wxp---A-W-Co-:-------:deny
everyone@:r-----a-R-c--s:-------:allow
$ exit
# zfs set aclmode=discard rpool/Volumes
# su ldapuser1
ldapuser1 at os:/Volumes/ACLs/dir1$ export PS1="$ "
$ zfs get aclmode,aclinherit rpool/Volumes
NAME PROPERTY VALUE SOURCE
rpool/Volumes aclmode discard local
rpool/Volumes aclinherit passthrough local
$ touch file2
$ ls -lV file2
-rw-r--r-- 1 ldapuser1 ldapgroup1 0 Okt 23 13:22 file2
owner@:--x-----------:-------:deny
owner@:rw-p---A-W-Co-:-------:allow
group@:-wxp----------:-------:deny
group@:r-------------:-------:allow
everyone@:-wxp---A-W-Co-:-------:deny
everyone@:r-----a-R-c--s:-------:allow
$ truss -v all touch file3
...
stat64("file3", 0x08047BF0) Err#2 ENOENT
creat64("file3", 0666) = 3
futimens(3, 0x00000000) = 0
close(3) = 0
_exit(0)
touch is not calling chmod(), also the same happens with mkdir.1
(which also doesn''t call chmod()).
To summarize:
ACLs are not inherited when aclmode = discard.
Why is this? Afaik this should not be the case.
Thanks!
-f
[1] http://arc.opensolaris.org/caselog/PSARC/2010/029/20100126_mark.shellenbaum
Cindy Swearingen
2010-Oct-25 16:41 UTC
[zfs-discuss] No ACL inheritance with aclmode=passthrough in onnv-134
Hi Frank, You can''t simulate the aclmode-less world in the upcoming release by setting aclmode to discard in b134. The reason you see your aclmode discarded because aclmode applies to both chmod operations and file/dir create operations. This is why you are seeing the ACL being discarded. It does not do this in build 147. Thanks, Cindy On 10/23/10 05:33, Frank Lahm wrote:> Hi list, > > while preparing for the changed ACL/mode_t mapping semantics coming > with onnv-147 [1], I discovered that in onnv-134 on my system ACLs are > not inherited when aclmode is set to passthrough for the filesystem. > This very much puzzles me. Example: > > $ uname -a > SunOS os 5.11 snv_134 i86pc i386 i86pc > $ pwd > /Volumes/ACLs/dir1 > $ zfs list | grep /Volumes > rpool/Volumes 7,00G 39,7G 6,84G /Volumes > $ zfs get aclmode,aclinherit rpool/Volumes > NAME PROPERTY VALUE SOURCE > rpool/Volumes aclmode passthrough local > rpool/Volumes aclinherit passthrough local > $ ls -dlV . > drwxr-xr-x+ 3 ldapadmin ldapgroup2 3 Okt 23 13:19 . > group:ldapgroup1:rwxp--aARWc---:fdi----:allow > group:ldapgroup1:rwxp--aARWc---:-------:allow > owner@:--------------:-------:deny > owner@:rwxp---A-W-Co-:-------:allow > group@:-w-p----------:-------:deny > group@:r-x-----------:-------:allow > everyone@:-w-p---A-W-Co-:-------:deny > everyone@:r-x---a-R-c--s:-------:allow > $ id > uid=5001(ldapuser1) gid=5001(ldapgroup1) > $ touch file > $ ls -lV file > -rw-r--r--+ 1 ldapuser1 ldapgroup1 0 Okt 23 13:21 file > group:ldapgroup1:rwxp--aARWc---:------I:allow > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow > $ exit > # zfs set aclmode=discard rpool/Volumes > # su ldapuser1 > ldapuser1 at os:/Volumes/ACLs/dir1$ export PS1="$ " > $ zfs get aclmode,aclinherit rpool/Volumes > NAME PROPERTY VALUE SOURCE > rpool/Volumes aclmode discard local > rpool/Volumes aclinherit passthrough local > $ touch file2 > $ ls -lV file2 > -rw-r--r-- 1 ldapuser1 ldapgroup1 0 Okt 23 13:22 file2 > owner@:--x-----------:-------:deny > owner@:rw-p---A-W-Co-:-------:allow > group@:-wxp----------:-------:deny > group@:r-------------:-------:allow > everyone@:-wxp---A-W-Co-:-------:deny > everyone@:r-----a-R-c--s:-------:allow > $ truss -v all touch file3 > ... > stat64("file3", 0x08047BF0) Err#2 ENOENT > creat64("file3", 0666) = 3 > futimens(3, 0x00000000) = 0 > close(3) = 0 > _exit(0) > > touch is not calling chmod(), also the same happens with mkdir.1 > (which also doesn''t call chmod()). > > To summarize: > ACLs are not inherited when aclmode = discard. > > Why is this? Afaik this should not be the case. > > Thanks! > -f > > [1] http://arc.opensolaris.org/caselog/PSARC/2010/029/20100126_mark.shellenbaum > _______________________________________________ > zfs-discuss mailing list > zfs-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Frank Lahm
2010-Oct-26 08:54 UTC
[zfs-discuss] No ACL inheritance with aclmode=passthrough in onnv-134
2010/10/25 Cindy Swearingen <cindy.swearingen at oracle.com>:> You can''t simulate the aclmode-less world in the upcoming release > by setting aclmode to discard in b134. > > The reason you see your aclmode discarded because aclmode applies > to both chmod operations and file/dir create operations.Yes, after re-reading the docs I''d seen that. Must have missed that part before.> This is why you are seeing the ACL being discarded. It does not > do this in build 147.Looking forward! ;) Thanks! -f