zfs - no access to a Mac OS X zfs pool without root privileges
Jeremy Chadwick
koitsu at FreeBSD.org
Fri Aug 8 03:39:02 UTC 2008
On Thu, Aug 07, 2008 at 08:40:55PM +0300, Boris Kotzev wrote:
> ?? Thursday 07 August 2008 19:55:02 Jeremy Chadwick ??????:
> > On Thu, Aug 07, 2008 at 07:25:45PM +0300, Boris Kotzev wrote:
> > > Hello,
> > >
> > > I used the zfs port to Mac OS X (http://zfs.macosforge.org) to
> > > create a storage pool under Mac OS X. The pool can be imported
> > > successfully under FreeBSD:
> > >
> > > root:~-114# zpool import macpool
> > > root:~-115# zpool list macpool
> > > NAME SIZE USED AVAIL CAP HEALTH ALTROOT
> > > macpool 6,94G 510K 6,94G 0% ONLINE -
> > > root:~-116# zfs list macpool
> > > NAME USED AVAIL REFER MOUNTPOINT
> > > macpool 474K 6,83G 308K /macpool
> > >
> > > and is fully accessible to the root user:
> > >
> > > root:~-118# id
> > > uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
> > > root:~-119# ls -ld /macpool
> > > drwxr-xr-x 7 root wheel 8 7 ??? 16:59 /macpool
> > > root:~-120# ls -l /macpool
> > > total 43
> > > drwx------ 3 root wheel 3 7 ??? 16:31 .Spotlight-V100
> > > -rw-r--r-- 1 root wheel 35014 7 ??? 16:31 .VolumeIcon.icns
> > > drwx------ 2 root wheel 4 7 ??? 16:32 .fseventsd
> > > drwxr-xr-x 2 root wheel 2 7 ??? 16:59 backup
> > > drwxr-xr-x 2 root wheel 2 7 ??? 16:59 downloads
> > > drwxr-xr-x 2 root wheel 2 7 ??? 16:58 music
> > >
> > > According to the file permissions on /macpool (drwxr-xr-x),
> > > anyone should have read access to it. This is not the case
> > > though:
> > >
> > > root:~-121# su user
> > > % id
> > > uid=1003(user) gid=1003(user)
> > > groups=1003(user),0(wheel),5(operator) % ls -l /macpool
> > > ls: /macpool: Permission denied
> > > % cd /macpool
> > > /macpool: Permission denied.
> > >
> > > Is this a bug, or is there some way to get access to /macpool as
> > > an ordinary user?
> > >
> > > The pool was created under version zfs-119 of the Mac OS X port;
> > > the FreeBSD version is:
> > >
> > > root:~-122# uname -a
> > > FreeBSD xxxx 8.0-CURRENT FreeBSD 8.0-CURRENT #0: Sat Aug 2
> > > 14:19:33 EEST 2008 root at xxxx:/usr/obj/usr/src/sys/MACBOOK amd64
> > >
> > > with the latest zfs patch, but the problem was also present
> > > before applying the patch.
> >
> > As root, what does "zfs get all macpool" return on FreeBSD?
>
> root@:~-116# zfs get all macpool
> NAME PROPERTY VALUE SOURCE
> macpool type filesystem -
> macpool creation ?? ??? 7 16:31 2008 -
> macpool used 474K -
> macpool available 6,83G -
> macpool referenced 308K -
> macpool compressratio 1.00x -
> macpool mounted yes -
> macpool quota none default
> macpool reservation none default
> macpool recordsize 128K default
> macpool mountpoint /macpool default
> macpool sharenfs off default
> macpool checksum on default
> macpool compression off default
> macpool atime on default
> macpool devices on default
> macpool exec on default
> macpool setuid on default
> macpool readonly off default
> macpool jailed off default
> macpool snapdir hidden default
> macpool aclmode groupmask default
> macpool aclinherit restricted default
> macpool canmount on default
> macpool shareiscsi off default
> macpool xattr off temporary
> macpool copies 1 default
> macpool version 1 -
> macpool utf8only off -
> macpool normalization none -
> macpool casesensitivity sensitive -
> macpool vscan off default
> macpool nbmand off default
> macpool sharesmb off default
> macpool refquota none default
> macpool refreservation none default
It's interesting to note that your filesystem has a significantly larger
number of properties returned than mine. I wonder if the ZFS code has
support for those properties on FreeBSD, but they simply aren't listed.
Or maybe the patch you're using adds all of them? I don't know.
Anyway, the property that may be relevant is aclinherit. The zfs(1)
manpage on FreeBSD makes no mention of what "restricted" means for
property "aclinherit". I believe it may be the source of the problem.
A ZFS filesystem made on FreeBSD has a different value for that
property. I explicitly enabled compression on the below fs, BTW, which
is why that value is not the default value:
NAME PROPERTY VALUE SOURCE
storage type filesystem -
storage creation Sun May 25 19:33 2008 -
storage used 183G -
storage available 730G -
storage referenced 183G -
storage compressratio 1.02x -
storage mounted yes -
storage quota none default
storage reservation none default
storage recordsize 128K default
storage mountpoint /storage default
storage sharenfs off default
storage checksum on default
storage compression on local
storage atime off local
storage devices on default
storage exec on default
storage setuid on default
storage readonly off default
storage jailed off default
storage snapdir hidden default
storage aclmode groupmask default
storage aclinherit secure default
storage canmount on default
storage shareiscsi off default
storage xattr off temporary
storage copies 1 default
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-fs
mailing list