Does setuid=on work on ZFS datasets, or is the man page for zfs misleading?

Stilez Stilezy stilezy at gmail.com
Thu Apr 5 15:53:41 UTC 2018


I'm trying to use the setuid property in ZFS.

The man pages are a bit conflicted but overall man zfs seems most specific
and implies the property is valid (man zfs says use setuid=on and it'll
work, man mount says use -o suiddir but won't work except on UFS).  It
seems that man zfs is more specific/authoritative but I can't be sure. I'm
starting to wonder if the page is wrong/misleading, and setuid isn't
working/not implemented on datasets, despite the apparent meaning of man zfs.


Here's an easily reproduced test case:

# zfs create Test_pool/test
# zfs list | grep test
Test_pool/test      88K   446G    88K  /mnt/Test_pool/test
# zfs set setuid=on Test_pool/test
# zfs get all Test_pool/test | grep setuid
Test_pool/test  setuid      on      local
# mount | grep test
Test_pool/test on /mnt/Test_pool/test (zfs, local, noatime, nfsv4acls)
# umount Test_pool/test
# mount -t zfs -o local,noatime,nfsv4acls,suiddir Test_pool/test
/mnt/Test_pool/test
# mount | grep test
Test_pool/test on /mnt/Test_pool/test (zfs, local, noatime, suiddir,
nfsv4acls)
# chown www /mnt/Test_pool/test
# chmod 4770 /mnt/Test_pool/test/
# ls -lt /mnt/Test_pool | grep test
drwsrwx---  2 www   wheel  2   2018-04-05  16:11:48   test/
# ls -lt /mnt/Test_pool/test
total 0
# mkdir /mnt/Test_pool/test/dir_created_as_root
# touch /mnt/Test_pool/test/file_created_as_root
# ls -al /mnt/Test_pool/test
total 2
drwsrwx---  3 www   wheel  4   2018-04-05  16:19:17   ./
drwxrwxr-x+ 5 root  wheel  6   2018-04-05  16:11:49   ../
drwxr-xr-x  2 root  wheel  2   2018-04-05  16:18:33   dir_created_as_root/
-rw-r--r--  1 root  wheel  0   2018-04-05  16:19:17   file_created_as_root


As far as I can see, everything's done that's needed.

   - Clean newly created dataset
   - setuid property set and checked
   - dataset mounted with suiddir option on
   - dataset given a different owner than my current invoked account, and
   setuid bit set
   - dataset properties, mount options, setuid bit, owner, etc all checked
   and seem correct
   - as root, created a new dir and file immediately within the dir
   - ..... but neither of them pick up the containing dir's actual owner
   and the dir doesn't pick up the setuid bit.

Unless man zfs is misleading,  setuid=on should work.  (The exception is if
it should say that it does work - but only for ZVOLs not datasets, which
isn't what's said)

What's going on? Or is this not implemented in ZFS and the man page not as
clear as needed?

If it *can't* be done within a normal ZFS dataset and the man page needs
updating to be clearer, is there any "second best" workaround/fix to
automatically get the right owner for that dataset's newly created
files/dirs?   For info, the platform is 11.1-REL on amd64. The files in the
dataset could be created/modified/deleted by a number of users, hence why I
want to mandate a fixed owner.  I also don't want to create this directory
as UFS-within-ZVOL, but to use a normal ZFS dataset.


Thanks for any technical insight into this


Stilez


More information about the freebsd-fs mailing list