Harry Schmalzbauer
2017-Dec-08 17:00 UTC
New in 11? ZFS ACL -> aclinherit stacks synthesized mode ACEs
Hello,
quick question, haven't had time to investigate yet, but accidentally
noticed that something between FreeBSD 10 and 11 has changed regarding
ZFS ACL inheritance.
Example:
If a parent directory has the file-inherit flag is set in a mode
synthesized ACE, the ACL of a file in that directory get the mode ACEs
stacked:
getfacl DIR
# file: DIR/
# owner: toor
# group: wheel
owner@:rwxp-daARWcCos:fd-----:allow
group@:rwxp--a-R-c--s:fd-----:allow
everyone@:----D---------:-d-----:deny
everyone@:------a-R-c--s:fd-----:allow
touch DIR/testfile
getfact DIR/testfile
# file: DIR/testfile
# owner: toor
# group: wheel
owner@:rw-p-daARWcCos:------I:allow
group@:rw-p--a-R-c--s:------I:allow
everyone@:------a-R-c--s:------I:allow
owner@:rw-p--aARWcCos:-------:allow
group@:rw-p--a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
The (my) ACL of the parent hasn't change for some years (and aclinherit
is set to "passthrough-x" and aclmode is "passthrough", also
unchanged
for several years).
I never saw the resulting ACL before FreeBSD 11.1
Anyone out there who knows what changed why?
Thanks,
-harry