Some of ZFS ACLs doesn't work as expected
Edward Tomasz Napierała
trasz at FreeBSD.org
Mon Aug 20 14:01:41 UTC 2012
Wiadomość napisana przez Tomáš Drbohlav w dniu 20 sie 2012, o godz. 14:00:
> On 20.8.2012 13:53, Edward Tomasz Napierała wrote:
>> Wiadomość napisana przez Pavel Bychykhin w dniu 19 sie 2012, o godz. 19:56:
>>> 19.08.2012 19:40, Edward Tomasz Napierała пишет:
>>>> Wiadomość napisana przez Pavel Bychykhin w dniu 18 sie 2012, o godz. 19:48:
>>>>> Dear community!
>>>>>
>>>>> After my experiments with ZFS, I concluded, that permissions "delete_child" and "delete" are ignored.
>>>>> For the create/update/delete operation a list of "rwxp" (read_data/write_data/execute/append_data) is fully sufficient.
>>>>
>>>> They are not ignored, but yes, write access on a directory is enough to delete a file.
>>>>
>>>>> No need to specify the "delete_child" and "delete" permissions at all, or I don't understand something?
>>>>
>>>> Unless you need them - no, you don't. That's why these bits are not set in a default
>>>> case (so called 'trivial ACL', i.e. no ACL set on a file).
>>>>
>>>
>>> Could you please provide an example of at least one practical situation, where the "delete_child" and "delete" permissions would be useful?
>>
>> You could allow for file creation, but deny file removal. Still, as someone
>> already mentioned, main reason for these to exist is compatibility with Windows
>> and NFSv4 spec. It's just that they are not _completely_ ignored, like SYNCHRONIZE
>> or READ_XATTR/WRITE_XATTR are.
>
> Please beware, that based on my experience, SYNCHRONIZE bit is not as ignored as you would probably expect. For example Samba configured to save NT rights in NFSv4 ACLs need 's' for seamless opertion of File Explorer on the other side of Smb... It appeared after some upgrade I made about a year ago or so.
By ignored, I mean ignored by FreeBSD (or Solaris, for that matter) - FreeBSD stores
this permission, but doesn't do anything more about it. Windows obviously _does_
use it.
--
If you cut off my head, what would I say? Me and my head, or me and my body?
More information about the freebsd-fs
mailing list