New in 11? ZFS ACL -> aclinherit stacks synthesized mode ACEs
Harry Schmalzbauer
freebsd at omnilan.de
Fri Dec 8 17:00:29 UTC 2017
Hello,
quick question, haven't had time to investigate yet, but accidentally
noticed that something between FreeBSD 10 and 11 has changed regarding
ZFS ACL inheritance.
Example:
If a parent directory has the file-inherit flag is set in a mode
synthesized ACE, the ACL of a file in that directory get the mode ACEs
stacked:
getfacl DIR
# file: DIR/
# owner: toor
# group: wheel
owner@:rwxp-daARWcCos:fd-----:allow
group@:rwxp--a-R-c--s:fd-----:allow
everyone@:----D---------:-d-----:deny
everyone@:------a-R-c--s:fd-----:allow
touch DIR/testfile
getfact DIR/testfile
# file: DIR/testfile
# owner: toor
# group: wheel
owner@:rw-p-daARWcCos:------I:allow
group@:rw-p--a-R-c--s:------I:allow
everyone@:------a-R-c--s:------I:allow
owner@:rw-p--aARWcCos:-------:allow
group@:rw-p--a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
The (my) ACL of the parent hasn't change for some years (and aclinherit
is set to "passthrough-x" and aclmode is "passthrough", also unchanged
for several years).
I never saw the resulting ACL before FreeBSD 11.1
Anyone out there who knows what changed why?
Thanks,
-harry
More information about the freebsd-stable
mailing list