zfs discuss - Jul 2010 - ZFS acl and chmod

Hi ,
while playing with ZFS acls I have noticed chmod strange behavior, it
duplicates some acls , is it a bug or a feature :) ?
For example scenario:
#ls -dv ./2

drwxr-xr-x   2 root     root           2 Jul 29 11:22 2
     0:owner@::deny
     1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/write_xattr/execute/write_attributes/write_acl
         /write_owner:allow
     2:group@:add_file/write_data/add_subdirectory/append_data:deny
     3:group@:list_directory/read_data/execute:allow
     4:everyone@
:add_file/write_data/add_subdirectory/append_data/write_xattr
         /write_attributes/write_acl/write_owner:deny
     5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow


chmod  A3=group@:list_directory/read_data/write_data/execute:allow 2

bash-3.00# ls -dv 2
drwxr-xr-x   2 root     root           2 Jul 29 11:22 2
     0:owner@::deny
     1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/write_xattr/execute/write_attributes/write_acl
         /write_owner:allow
     2:group@:add_file/write_data/add_subdirectory/append_data:deny
     3:group@:list_directory/read_data/add_file/write_data/execute:allow
     4:everyone@
:add_file/write_data/add_subdirectory/append_data/write_xattr
         /write_attributes/write_acl/write_owner:deny
     5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow

bash-3.00#chmod 755 2
bash-3.00#ls -dv
drwxr-xr-x+  2 root     root           2 Jul 29 11:22 2
     0:owner@::deny
     1:owner@:write_xattr/write_attributes/write_acl/write_owner:allow
     2:group@::deny
     3:group@::allow
     4:group@::allow
     5:everyone@:write_xattr/write_attributes/write_acl/write_owner:deny
     6:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow
     7:owner@::deny
     8:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/write_xattr/execute/write_attributes/write_acl
         /write_owner:allow
     9:group@:add_file/write_data/add_subdirectory/append_data:deny
     10:group@:list_directory/read_data/execute:allow
     11:everyone@
:add_file/write_data/add_subdirectory/append_data/write_xattr
         /write_attributes/write_acl/write_owner:deny
     12:everyone@
:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow





-- 
---------------------------------------------
http://unixinmind.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/zfs-discuss/attachments/20100729/173b960a/attachment.html>

Which Solaris release is this and are you using /usr/bin/ls and 
/usr/bin/chmod?

Thanks,

Cindy
On 07/29/10 02:44, . . wrote:
> Hi ,
> while playing with ZFS acls I have noticed chmod strange behavior, it 
> duplicates some acls , is it a bug or a feature :) ?
> For example scenario:
> #ls -dv ./2
> 
> drwxr-xr-x   2 root     root           2 Jul 29 11:22 2
>      0:owner@::deny
>      1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
>          /append_data/write_xattr/execute/write_attributes/write_acl
>          /write_owner:allow
>      2:group@:add_file/write_data/add_subdirectory/append_data:deny
>      3:group@:list_directory/read_data/execute:allow
>      
> 4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
>          /write_attributes/write_acl/write_owner:deny
>     
5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
>          /read_acl/synchronize:allow
> 
> 
> chmod  A3=group@:list_directory/read_data/write_data/execute:allow 2
> 
> bash-3.00# ls -dv 2
> drwxr-xr-x   2 root     root           2 Jul 29 11:22 2
>      0:owner@::deny
>      1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
>          /append_data/write_xattr/execute/write_attributes/write_acl
>          /write_owner:allow
>      2:group@:add_file/write_data/add_subdirectory/append_data:deny
>      3:group@:list_directory/read_data/add_file/write_data/execute:allow
>      
> 4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
>          /write_attributes/write_acl/write_owner:deny
>     
5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
>          /read_acl/synchronize:allow
> 
> bash-3.00#chmod 755 2
> bash-3.00#ls -dv
> drwxr-xr-x+  2 root     root           2 Jul 29 11:22 2
>      0:owner@::deny
>      1:owner@:write_xattr/write_attributes/write_acl/write_owner:allow
>      2:group@::deny
>      3:group@::allow
>      4:group@::allow
>      5:everyone@:write_xattr/write_attributes/write_acl/write_owner:deny
>      6:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow
>      7:owner@::deny
>      8:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
>          /append_data/write_xattr/execute/write_attributes/write_acl
>          /write_owner:allow
>      9:group@:add_file/write_data/add_subdirectory/append_data:deny
>      10:group@:list_directory/read_data/execute:allow
>      
> 11:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
>          /write_attributes/write_acl/write_owner:deny
>      
> 12:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
>          /read_acl/synchronize:allow
> 
> 
> 
> 
> 
> -- 
> ---------------------------------------------
> http://unixinmind.blogspot.com
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> zfs-discuss mailing list
> zfs-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Hey Nix,

I think I see the problem now.

If you want to review the interaction of setting an explicit ACL and
using the chmod 755 command on 2, you need this command:

# ls -dv 2

What you have is this command:

# ls -dv

(I have no idea what''s going on with the parent dir ACL.)

I tested your syntax, which says replace ACL #3 and then reset the
permissions by using the chmod command. Its working as expected.
See below.

Thanks

Cindy


# zpool create tank c0t1d0
# zfs create tank/test
# cd /tank/test
# mkdir 2
# ls -dv 2
drwxr-xr-x   2 root     root           2 Jul 29 12:45 2
0:owner@::deny
1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
          /append_data/write_xattr/execute/write_attributes/write_acl
          /write_owner:allow
2:group@:add_file/write_data/add_subdirectory/append_data:deny
3:group@:list_directory/read_data/execute:allow
4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
          /write_attributes/write_acl/write_owner:deny
5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
          /read_acl/synchronize:allow

# chmod  A3=group@:list_directory/read_data/write_data/execute:allow 2
# ls -dv 2
drwxr-xr-x   2 root     root           2 Jul 29 12:45 2
0:owner@::deny
1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
          /append_data/write_xattr/execute/write_attributes/write_acl
          /write_owner:allow
2:group@:add_file/write_data/add_subdirectory/append_data:deny
3:group@:list_directory/read_data/add_file/write_data/execute:allow
4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
          /write_attributes/write_acl/write_owner:deny
5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
          /read_acl/synchronize:allow
# chmod 755 2
# ls -dv 2
drwxr-xr-x   2 root     root           2 Jul 29 12:45 2
0:owner@::deny
1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
          /append_data/write_xattr/execute/write_attributes/write_acl
          /write_owner:allow
2:group@:add_file/write_data/add_subdirectory/append_data:deny
3:group@:list_directory/read_data/execute:allow
4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
          /write_attributes/write_acl/write_owner:deny
5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
          /read_acl/synchronize:allow

On 07/29/10 11:56, Cindy Swearingen wrote:
> Which Solaris release is this and are you using /usr/bin/ls and 
> /usr/bin/chmod?
> 
> Thanks,
> 
> Cindy
> On 07/29/10 02:44, . . wrote:
>> Hi ,
>> while playing with ZFS acls I have noticed chmod strange behavior, it 
>> duplicates some acls , is it a bug or a feature :) ?
>> For example scenario:
>> #ls -dv ./2
>>
>> drwxr-xr-x   2 root     root           2 Jul 29 11:22 2
>>      0:owner@::deny
>>      
>> 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
>>          /append_data/write_xattr/execute/write_attributes/write_acl
>>          /write_owner:allow
>>      2:group@:add_file/write_data/add_subdirectory/append_data:deny
>>      3:group@:list_directory/read_data/execute:allow
>>      
>>
4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
>>          /write_attributes/write_acl/write_owner:deny
>>      
>> 5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
>>          /read_acl/synchronize:allow
>>
>>
>> chmod  A3=group@:list_directory/read_data/write_data/execute:allow 2
>>
>> bash-3.00# ls -dv 2
>> drwxr-xr-x   2 root     root           2 Jul 29 11:22 2
>>      0:owner@::deny
>>      
>> 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
>>          /append_data/write_xattr/execute/write_attributes/write_acl
>>          /write_owner:allow
>>      2:group@:add_file/write_data/add_subdirectory/append_data:deny
>>     
3:group@:list_directory/read_data/add_file/write_data/execute:allow
>>      
>>
4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
>>          /write_attributes/write_acl/write_owner:deny
>>      
>> 5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
>>          /read_acl/synchronize:allow
>>
>> bash-3.00#chmod 755 2
>> bash-3.00#ls -dv
>> drwxr-xr-x+  2 root     root           2 Jul 29 11:22 2
>>      0:owner@::deny
>>      1:owner@:write_xattr/write_attributes/write_acl/write_owner:allow
>>      2:group@::deny
>>      3:group@::allow
>>      4:group@::allow
>>     
5:everyone@:write_xattr/write_attributes/write_acl/write_owner:deny
>>      6:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow
>>      7:owner@::deny
>>      
>> 8:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
>>          /append_data/write_xattr/execute/write_attributes/write_acl
>>          /write_owner:allow
>>      9:group@:add_file/write_data/add_subdirectory/append_data:deny
>>      10:group@:list_directory/read_data/execute:allow
>>      
>>
11:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
>>          /write_attributes/write_acl/write_owner:deny
>>      
>>
12:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
>>          /read_acl/synchronize:allow
>>
>>
>>
>>
>>
>> -- 
>> ---------------------------------------------
>> http://unixinmind.blogspot.com
>>
>>
>>
------------------------------------------------------------------------
>>
>> _______________________________________________
>> zfs-discuss mailing list
>> zfs-discuss at opensolaris.org
>> http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
> _______________________________________________
> zfs-discuss mailing list
> zfs-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

I was mistaken below. I see that the ls -dv was issued from the
2 directory. We have no idea what''s going on here. It works
as expected in my tests.

If you identify steps that lead up to this or can reproduce it
and can provide the Solaris release, please let us know.

Thanks,

Cindy

On 07/29/10 13:02, Cindy Swearingen wrote:
> Hey Nix,
> 
> I think I see the problem now.
> 
> If you want to review the interaction of setting an explicit ACL and
> using the chmod 755 command on 2, you need this command:
> 
> # ls -dv 2
> 
> What you have is this command:
> 
> # ls -dv
> 
> (I have no idea what''s going on with the parent dir ACL.)
> 
> I tested your syntax, which says replace ACL #3 and then reset the
> permissions by using the chmod command. Its working as expected.
> See below.
> 
> Thanks
> 
> Cindy
> 
> 
> # zpool create tank c0t1d0
> # zfs create tank/test
> # cd /tank/test
> # mkdir 2
> # ls -dv 2
> drwxr-xr-x   2 root     root           2 Jul 29 12:45 2
> 0:owner@::deny
> 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
>          /append_data/write_xattr/execute/write_attributes/write_acl
>          /write_owner:allow
> 2:group@:add_file/write_data/add_subdirectory/append_data:deny
> 3:group@:list_directory/read_data/execute:allow
> 4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
>          /write_attributes/write_acl/write_owner:deny
> 5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
>          /read_acl/synchronize:allow
> 
> # chmod  A3=group@:list_directory/read_data/write_data/execute:allow 2
> # ls -dv 2
> drwxr-xr-x   2 root     root           2 Jul 29 12:45 2
> 0:owner@::deny
> 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
>          /append_data/write_xattr/execute/write_attributes/write_acl
>          /write_owner:allow
> 2:group@:add_file/write_data/add_subdirectory/append_data:deny
> 3:group@:list_directory/read_data/add_file/write_data/execute:allow
> 4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
>          /write_attributes/write_acl/write_owner:deny
> 5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
>          /read_acl/synchronize:allow
> # chmod 755 2
> # ls -dv 2
> drwxr-xr-x   2 root     root           2 Jul 29 12:45 2
> 0:owner@::deny
> 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
>          /append_data/write_xattr/execute/write_attributes/write_acl
>          /write_owner:allow
> 2:group@:add_file/write_data/add_subdirectory/append_data:deny
> 3:group@:list_directory/read_data/execute:allow
> 4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
>          /write_attributes/write_acl/write_owner:deny
> 5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
>          /read_acl/synchronize:allow
> 
> On 07/29/10 11:56, Cindy Swearingen wrote:
>> Which Solaris release is this and are you using /usr/bin/ls and 
>> /usr/bin/chmod?
>>
>> Thanks,
>>
>> Cindy
>> On 07/29/10 02:44, . . wrote:
>>> Hi ,
>>> while playing with ZFS acls I have noticed chmod strange behavior,
it
>>> duplicates some acls , is it a bug or a feature :) ?
>>> For example scenario:
>>> #ls -dv ./2
>>>
>>> drwxr-xr-x   2 root     root           2 Jul 29 11:22 2
>>>      0:owner@::deny
>>>      
>>>
1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
>>>         
/append_data/write_xattr/execute/write_attributes/write_acl
>>>          /write_owner:allow
>>>      2:group@:add_file/write_data/add_subdirectory/append_data:deny
>>>      3:group@:list_directory/read_data/execute:allow
>>>      
>>>
4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
>>>          /write_attributes/write_acl/write_owner:deny
>>>      
>>>
5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
>>>          /read_acl/synchronize:allow
>>>
>>>
>>> chmod  A3=group@:list_directory/read_data/write_data/execute:allow
2
>>>
>>> bash-3.00# ls -dv 2
>>> drwxr-xr-x   2 root     root           2 Jul 29 11:22 2
>>>      0:owner@::deny
>>>      
>>>
1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
>>>         
/append_data/write_xattr/execute/write_attributes/write_acl
>>>          /write_owner:allow
>>>      2:group@:add_file/write_data/add_subdirectory/append_data:deny
>>>     
3:group@:list_directory/read_data/add_file/write_data/execute:allow
>>>      
>>>
4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
>>>          /write_attributes/write_acl/write_owner:deny
>>>      
>>>
5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
>>>          /read_acl/synchronize:allow
>>>
>>> bash-3.00#chmod 755 2
>>> bash-3.00#ls -dv
>>> drwxr-xr-x+  2 root     root           2 Jul 29 11:22 2
>>>      0:owner@::deny
>>>     
1:owner@:write_xattr/write_attributes/write_acl/write_owner:allow
>>>      2:group@::deny
>>>      3:group@::allow
>>>      4:group@::allow
>>>     
5:everyone@:write_xattr/write_attributes/write_acl/write_owner:deny
>>>     
6:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow
>>>      7:owner@::deny
>>>      
>>>
8:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
>>>         
/append_data/write_xattr/execute/write_attributes/write_acl
>>>          /write_owner:allow
>>>      9:group@:add_file/write_data/add_subdirectory/append_data:deny
>>>      10:group@:list_directory/read_data/execute:allow
>>>      
>>>
11:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
>>>
>>>          /write_attributes/write_acl/write_owner:deny
>>>      
>>>
12:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
>>>          /read_acl/synchronize:allow
>>>
>>>
>>>
>>>
>>>
>>> -- 
>>> ---------------------------------------------
>>> http://unixinmind.blogspot.com
>>>
>>>
>>>
------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> zfs-discuss mailing list
>>> zfs-discuss at opensolaris.org
>>> http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
>> _______________________________________________
>> zfs-discuss mailing list
>> zfs-discuss at opensolaris.org
>> http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
> _______________________________________________
> zfs-discuss mailing list
> zfs-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/zfs-discuss