ZFS ACL Inheritance: umask and canonical ACEs
Chris Stankevitz
chris-freebsd-fs at stankevitz.com
Wed Apr 12 18:12:46 UTC 2017
Hi,
Questions (detail appears later):
1. Why wasn't my "inherited" ACE faithfully inherited? Namely, the
so-called inherited ACE does not have "rwxp--aARWcCos". Clearly the way
inheritance works is a function of the shell's umask (or in my real
scenario -- Samba's umask). I would like for inherited ACEs to not be a
function of umask.
2. How do I tell ZFS/ACL that I do not want owner@, group@, or
everything@ ACEs created unless explicitly requested by setfacl? I do
not want "extra" ACEs to appear on files I create within a particular
directory -- even these "canonical" ACEs.
3. Bonus question: why does 'man setfacl' reference six canonical ACEs
but there are only 3 (owner@, group@, everyone@)?
Thank you,
Chris
PS: I am using aclmode=passthrough and aclinherit=passthrough
=====
I have a directory with this ACL:
# file .
# owner: cstankevitz
# group: cstankevitz
group:cstankevitz:rwxp--aARWcCos:fd-----:allow
Note that I have removed owner@, group@, and everyone@ ACEs. Also
notice that the single ACE allows rwxp--aARWcCos access to cstankevitz
and that it is supposed to be inherited.
Inside this directory, I do this:
umask 000
touch bar.txt
getfacl bar.txt
# file: bar.txt
# owner: cstankevitz
# group: cstankevitz
group:cstankevitz:rw-p--a-R-c--s:------I:allow
owner@:rw-p--aARWcCos:-------:allow
group@:rw-p--a-R-c--s:-------:allow
everyone@:rw-p--a-R-c--s:-------:allow
umask 777
touch foo.txt
getfacl foo.txt
# file: foo.txt
# owner: cstankevitz
# group: cstankevitz
group:cstankevitz:------a-R-c--s:------I:allow
owner@:------aARWcCos:-------:allow
group@:------a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
More information about the freebsd-fs
mailing list