ZFS ACL usage question
Andriy Gapon
avg at icyb.net.ua
Tue Mar 9 15:28:40 UTC 2010
I have a usage question on ZFS ACL.
Perhaps it's something trivial that should have been asked on questions@,
apologies in that case.
Let's say for simplicity that I want some directory to be equally shared by two
users. Both should have full access and new files created by one user should
still be fully accessible by the other.
I can't seem to be able to configure AСLs to get that.
Let's say the users are user1 and user2.
The original directory is owned by user1:
$ ls -ld ~/testdir
drwxrwxr-x+ 22 user1 group0 26 9 Mar 13:01 /home/user1/testdir
I then issue the following commands:
$ setfacl -b -m user:user1:rwxAWCo:fd:allow ~/testdir
$ setfacl -m user:user1::fd:deny ~/testdir
$ setfacl -m user:user2:rwxAWCo:fd:allow ~/testdir
$ setfacl -m user:user2::fd:deny ~/testdir
$ getfacl ~/testdir
# file: /home/user1/testdir
# owner: user1
# group: group0
user:user2:--------------:fd----:deny
user:user2:rwx----A-W-Co-:fd----:allow
user:user1:--------------:fd----:deny
user:user1:rwx----A-W-Co-:fd----:allow
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:------:allow
group@:--------------:------:deny
group@:rwxp----------:------:allow
everyone@:-w-p---A-W-Co-:------:deny
everyone@:r-x---a-R-c--s:------:allow
Then I create a new file as user1 like this (umask is set to 022):
$ touch ~/testdir/test
$ ls -ld ~/testdir/test
-rw-r--r--+ 1 user1 group0 0 9 Mar 13:01 /home/user1/testdir/test
$ getfacl ~/testdir/test
# file: /home/user1/testdir/test
# owner: user1
# group: group0
user:user2:--------------:------:deny
user:user2:-wx-----------:------:deny
user:user2:rwx----A-W----:------:allow
user:user1:--------------:------:deny
user:user1:--x-----------:------:deny
user:user1:rwx----A-W----:------:allow
owner@:--x-----------:------:deny
owner@:rw-p---A-W-Co-:------:allow
group@:-wxp----------:------:deny
group@:r-------------:------:allow
everyone@:-wxp---A-W-Co-:------:deny
everyone@:r-----a-R-c--s:------:allow
So now there two deny entries for both users and one of them makes sure that user2
can not modify the file.
What am I doing wrong? :-)
--
Andriy Gapon
More information about the freebsd-fs
mailing list