ZFS ACL inheritance with aclmode=passthrough

[Edward Tomasz Napierała]

Wiadomość napisana przez Andrey Russev w dniu 19 sie 2013, o godz. 20:12:
> Hello,
> it looks like ZFS ACL inheritance implementation in 8.4-RELEASE does not match the manual page. In case aclinherit=restricted and aclmode=passthrough all permissions inherited from allow ACEs are masked(?) by group permissions. For example, ACEs of parent directory are
> 
> group:wheel:rwxp----------:-d----:allow
>     owner@:rwxp--aARWcCos:------:allow
>     group@:r-x---a-R-c--s:------:allow
>  everyone@:r-x---a-R-c--s:------:allow
> 
> but ACEs of child directory are
> 
> group:wheel:r-x-----------:-d----:allow
>     owner@:rwxp--aARWcCos:------:allow
>     group@:r-x---a-R-c--s:------:allow
>  everyone@:r-x---a-R-c--s:------:allow
> 
> I think that first entry must be copied without modification. It works this way in 8.1-RELEASE.
> 
> I believe that this difference was introduced by r224174 in lines:
> 
> 1732                zfs_acl_chmod(vap->va_type, acl_ids->z_mode,
> 1733 	  	  	(zfsvfs->z_acl_inherit == ZFS_ACL_RESTRICTED),
> 1734 	  	  	acl_ids->z_aclp);
> 
> because function zfs_acl_chmod applies group mask to all allow ACEs if third argument is non zero and everything works as expected when aclinherit=passthrough. Am I right?

First of all, sorry for delay.  No idea where that time went.

I think your analysis is correct.  However, I think it's not something we should
touch. It's either  a documentation bug - in which case the manual page should
be updated - or a semantics issue that should be dealt with by upstream (which
probably means OpenZFS) and then imported; it would be bad for FreeBSD
to diverge from other ZFS implementations in file permission semantics.