ZFS ACL inheritance with aclmode=passthrough
Andrey Russev
andrey.russev at gmail.com
Mon Aug 19 18:12:16 UTC 2013
Hello,
it looks like ZFS ACL inheritance implementation in 8.4-RELEASE does not
match the manual page. In case aclinherit=restricted and
aclmode=passthrough all permissions inherited from allow ACEs are
masked(?) by group permissions. For example, ACEs of parent directory are
group:wheel:rwxp----------:-d----:allow
owner@:rwxp--aARWcCos:------:allow
group@:r-x---a-R-c--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
but ACEs of child directory are
group:wheel:r-x-----------:-d----:allow
owner@:rwxp--aARWcCos:------:allow
group@:r-x---a-R-c--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
I think that first entry must be copied without modification. It works
this way in 8.1-RELEASE.
I believe that this difference was introduced by r224174 in lines:
1732 zfs_acl_chmod(vap->va_type, acl_ids->z_mode,
1733 (zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED),
1734 acl_ids->z_aclp);
because function zfs_acl_chmod applies group mask to all allow ACEs if
third argument is non zero and everything works as expected when
aclinherit=passthrough. Am I right?
Thanks,
Andrey.
More information about the freebsd-fs
mailing list