New in 11? ZFS ACL -> aclinherit stacks synthesized mode ACEs

Harry Schmalzbauer freebsd at omnilan.de
Fri Dec 8 18:12:26 UTC 2017


 Hello,

quick question, haven't had time to investigate yet, but accidentally
noticed that something between FreeBSD 10 and 11 has changed regarding
ZFS ACL inheritance.
Example:
If a parent directory has the file-inherit flag is set in a mode
synthesized ACE, the ACL of a file in that directory get the mode ACEs
stacked:

getfacl DIR
# file: DIR/                                                           #
owner: toor                                   # group: wheel
                                  owner@:rwxp-daARWcCos:fd-----:allow
            group@:rwxp--a-R-c--s:fd-----:allow
    everyone@:----D---------:-d-----:deny
     everyone@:------a-R-c--s:fd-----:allow

touch DIR/testfile
getfact DIR/testfile

# file: DIR/testfile      # owner: toor                                #
group: wheel
owner@:rw-p-daARWcCos:------I:allow
group@:rw-p--a-R-c--s:------I:allow
everyone@:------a-R-c--s:------I:allow
            owner@:rw-p--aARWcCos:-------:allow
            group@:rw-p--a-R-c--s:-------:allow
         everyone@:------a-R-c--s:-------:allow

The (my) ACL of the parent hasn't change for some years (and aclinherit
is set to "passthrough-x" and aclmode is "passthrough", also unchanged
for several years).
I never saw the resulting ACL before FreeBSD 11.1

Anyone out there who knows what changed why?

Thanks,

-harry


More information about the freebsd-fs mailing list