ZFS deletes ACLs when root edits a file
Fabian Keil
freebsd-listen at fabiankeil.de
Tue Jun 12 14:45:46 UTC 2012
Marc Peters <marc at mpeters.org> wrote:
> i observed a strange behaviour when using ACLs on a ZFS filesystem.
> When a file has ACLs set and is edited by a user, the ACLs get lost
> when the file is edited and saved.
>
> How to repeat:
>
> > mount
> /dev/aacd0s1a on / (ufs, local)
> devfs on /dev (devfs, local, multilabel)
> /dev/aacd0s1d on /var (ufs, local, soft-updates)
> appdata on /appdata (zfs, local, nfsv4acls)
> /dev/md0 on /appdata/www/cache (ufs, local, soft-updates)
>
> > ls -al
> total 3
> drwxr-xr-x 2 mpeters wheel 2 Jun 12 15:31 .
> drwxr-xr-x 5 root wheel 5 Jun 12 15:29 ..
> > touch test.file ls -al
> total 4
> drwxr-xr-x 2 mpeters wheel 3 Jun 12 15:32 .
> drwxr-xr-x 5 root wheel 5 Jun 12 15:29 ..
> - -rw-r--r-- 1 mpeters wheel 0 Jun 12 15:32 test.file
> > getfacl test.file
> # file: test.file
> # owner: mpeters
> # group: wheel
> owner@:rw-p--aARWcCos:------:allow
> group@:r-----a-R-c--s:------:allow
> everyone@:r-----a-R-c--s:------:allow
> > setfacl -m user:nobody:rwx::allow test.file ls -al
> total 4
> drwxr-xr-x 2 mpeters wheel 3 Jun 12 15:32 .
> drwxr-xr-x 5 root wheel 5 Jun 12 15:29 ..
> - -rw-r--r--+ 1 mpeters wheel 0 Jun 12 15:32 test.file
> > getfacl test.file
> # file: test.file
> # owner: mpeters
> # group: wheel
> user:nobody:rwx-----------:------:allow
> owner@:rw-p--aARWcCos:------:allow
> group@:r-----a-R-c--s:------:allow
> everyone@:r-----a-R-c--s:------:allow
> > vim test.file
> (do some editing here)
> "test.file" 2 lines, 12 characters written
> > ls -al
> total 4
> drwxr-xr-x 2 mpeters wheel 3 Jun 12 15:35 .
> drwxr-xr-x 5 root wheel 5 Jun 12 15:29 ..
> - -rw-r--r-- 1 mpeters wheel 12 Jun 12 15:35 test.file
> > getfacl test.file
> # file: test.file
> # owner: mpeters
> # group: wheel
> owner@:rw-p--aARWcCos:------:allow
> group@:r-----a-R-c--s:------:allow
> everyone@:r-----a-R-c--s:------:allow
>
> As you can see, the ACL for user nobody is gone.
>
> Is this behaviour intended?
It is expected if vim replaced the original test.file
with a modified file with the same name, instead of
actually editing the original file directly.
To confirm that this is happening you could truss
vim or run "ls -i test.file" before and after using
vim (this is probably less reliable, though).
The ACLs shouldn't get lost if you really modify the
original, for example with:
echo blafasel >> test.file
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-fs/attachments/20120612/7acda3ee/signature.pgp
More information about the freebsd-fs
mailing list