How do I make sure any new file inherit the group permission from its
directory in ZFS?
I tried to add a non-trivial acl (index id 3), but the files
permissions are still following the users umask
# ls -dv folder/
drwxrwxr-x+ 2 root other 3 Mar 6 02:09 folder/
0:owner@::deny
1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/write_xattr/execute/write_attributes/write_acl
/write_owner:allow
2:group@::deny
3:group:other:list_directory/read_data/add_file/write_data
/add_subdirectory/append_data/write_xattr/write_attributes
/write_acl/write_owner:file_inherit/dir_inherit:allow
4:group@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/execute:allow
5:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
/write_attributes/write_acl/write_owner:deny
6:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
/read_acl/synchronize:allow
I made sure the zfs aclmode is set to passthrough
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
On Fri, Mar 6, 2009 at 7:32 AM, Asif Iqbal <vadud3 at gmail.com> wrote:> How do I make sure any new file inherit the group permission from its > directory in ZFS? > > I tried to add a non-trivial acl (index id 3), but the files > permissions are still following the users umask > > # ls -dv folder/ > drwxrwxr-x+ ?2 root ? ? other ? ? ? ? ?3 Mar ?6 02:09 folder/ > ? ? 0:owner@::deny > ? ? 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory > ? ? ? ? /append_data/write_xattr/execute/write_attributes/write_acl > ? ? ? ? /write_owner:allow > ? ? 2:group@::deny > ? ? 3:group:other:list_directory/read_data/add_file/write_data > ? ? ? ? /add_subdirectory/append_data/write_xattr/write_attributes > ? ? ? ? /write_acl/write_owner:file_inherit/dir_inherit:allow > ? ? 4:group@:list_directory/read_data/add_file/write_data/add_subdirectory > ? ? ? ? /append_data/execute:allow > ? ? 5:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr > ? ? ? ? /write_attributes/write_acl/write_owner:deny > ? ? 6:everyone@:list_directory/read_data/read_xattr/execute/read_attributes > ? ? ? ? /read_acl/synchronize:allow > > I made sure the zfs aclmode is set to passthroughI was misunderstanding the inherit. Once I chmoded the parent dir of folder it is now behaving just the way it suppose to be inherited.> > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? >-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Asif Iqbal wrote:> How do I make sure any new file inherit the group permission from its > directory in ZFS? > > I tried to add a non-trivial acl (index id 3), but the files > permissions are still following the users umask > > # ls -dv folder/ > drwxrwxr-x+ 2 root other 3 Mar 6 02:09 folder/ > 0:owner@::deny > 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory > /append_data/write_xattr/execute/write_attributes/write_acl > /write_owner:allow > 2:group@::deny > 3:group:other:list_directory/read_data/add_file/write_data > /add_subdirectory/append_data/write_xattr/write_attributes > /write_acl/write_owner:file_inherit/dir_inherit:allow > 4:group@:list_directory/read_data/add_file/write_data/add_subdirectory > /append_data/execute:allow > 5:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr > /write_attributes/write_acl/write_owner:deny > 6:everyone@:list_directory/read_data/read_xattr/execute/read_attributes > /read_acl/synchronize:allow > > I made sure the zfs aclmode is set to passthrough >You will need aclinherit=passthrough for this to work. Also, in order to bypass the creation mode you will need to inherit at least one of the abstract ACEs (owner@, group@ or everyone@). Those are the ACEs that affect the mode of the file. -Mark