ZFS ACL Inheritance: umask and canonical ACEs

Chris Stankevitz chris-freebsd-fs at stankevitz.com
Wed Apr 12 18:12:46 UTC 2017


Questions (detail appears later):

1. Why wasn't my "inherited" ACE faithfully inherited?  Namely, the 
so-called inherited ACE does not have "rwxp--aARWcCos".  Clearly the way 
inheritance works is a function of the shell's umask (or in my real 
scenario -- Samba's umask).  I would like for inherited ACEs to not be a 
function of umask.

2. How do I tell ZFS/ACL that I do not want owner@, group@, or 
everything@ ACEs created unless explicitly requested by setfacl?  I do 
not want "extra" ACEs to appear on files I create within a particular 
directory -- even these "canonical" ACEs.

3. Bonus question: why does 'man setfacl' reference six canonical ACEs 
but there are only 3 (owner@, group@, everyone@)?

Thank you,


PS: I am using aclmode=passthrough and aclinherit=passthrough


I have a directory with this ACL:

# file .
# owner: cstankevitz
# group: cstankevitz

Note that I have removed owner@, group@, and everyone@ ACEs.  Also 
notice that the single ACE allows rwxp--aARWcCos access to cstankevitz 
and that it is supposed to be inherited.

Inside this directory, I do this:

umask 000
touch bar.txt
getfacl bar.txt

# file: bar.txt
# owner: cstankevitz
# group: cstankevitz

umask 777
touch foo.txt
getfacl foo.txt

# file: foo.txt
# owner: cstankevitz
# group: cstankevitz

More information about the freebsd-fs mailing list