ZFS deletes ACLs when root edits a file

Marc Peters marc at mpeters.org
Tue Jun 12 13:54:28 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list,

i observed a strange behaviour when using ACLs on a ZFS filesystem.
When a file has ACLs set and is edited by a user, the ACLs get lost
when the file is edited and saved.

How to repeat:

> mount
/dev/aacd0s1a on / (ufs, local)
devfs on /dev (devfs, local, multilabel)
/dev/aacd0s1d on /var (ufs, local, soft-updates)
appdata on /appdata (zfs, local, nfsv4acls)
/dev/md0 on /appdata/www/cache (ufs, local, soft-updates)

> ls -al
total 3
drwxr-xr-x  2 mpeters  wheel  2 Jun 12 15:31 .
drwxr-xr-x  5 root     wheel  5 Jun 12 15:29 ..
> touch test.file ls -al
total 4
drwxr-xr-x  2 mpeters  wheel  3 Jun 12 15:32 .
drwxr-xr-x  5 root     wheel  5 Jun 12 15:29 ..
- -rw-r--r--  1 mpeters  wheel  0 Jun 12 15:32 test.file
> getfacl test.file
# file: test.file
# owner: mpeters
# group: wheel
            owner@:rw-p--aARWcCos:------:allow
            group@:r-----a-R-c--s:------:allow
         everyone@:r-----a-R-c--s:------:allow
> setfacl -m user:nobody:rwx::allow test.file ls -al
total 4
drwxr-xr-x  2 mpeters  wheel  3 Jun 12 15:32 .
drwxr-xr-x  5 root     wheel  5 Jun 12 15:29 ..
- -rw-r--r--+ 1 mpeters  wheel  0 Jun 12 15:32 test.file
> getfacl test.file
# file: test.file
# owner: mpeters
# group: wheel
       user:nobody:rwx-----------:------:allow
            owner@:rw-p--aARWcCos:------:allow
            group@:r-----a-R-c--s:------:allow
         everyone@:r-----a-R-c--s:------:allow
> vim test.file
(do some editing here)
"test.file" 2 lines, 12 characters written
> ls -al
total 4
drwxr-xr-x  2 mpeters  wheel   3 Jun 12 15:35 .
drwxr-xr-x  5 root     wheel   5 Jun 12 15:29 ..
- -rw-r--r--  1 mpeters  wheel  12 Jun 12 15:35 test.file
> getfacl test.file
# file: test.file
# owner: mpeters
# group: wheel
            owner@:rw-p--aARWcCos:------:allow
            group@:r-----a-R-c--s:------:allow
         everyone@:r-----a-R-c--s:------:allow

As you can see, the ACL for user nobody is gone.

Is this behaviour intended?

Regards,
marc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/XSFgACgkQCnBgS+kUGEvTGwCfSmSE31TK4cHAcs3eXdiHLwDR
ofIAoJqO2A+LyIhA17YsNnWz2Z3lTogo
=UcvA
-----END PGP SIGNATURE-----

More information about the freebsd-fs mailing list