Paul B. Henson wrote: > On Mon, 17 Mar 2008, Bill Sommerfeld wrote: > >> I suspect at least some of the membership would be interested in this >> sort of extension and it shouldn't be that hard to "sell" if it's not the >> default behavior and it's clearly documented that turning it on (probably >> on a fs-by-fs basis like every other zfs tunable) takes you out of POSIX >> land. > > I was actually rereading the "Solaris ZFS Administration Guide"; based on > it the behavior I want should already be available: > > ---- > The ZFS file system includes two property modes related to ACLs: > > aclinherit - This property determines the behavior of ACL inheritance. > > Values include the following: > > passthrough - For new objects, the inheritable ACL entries are > inherited with no changes made to them. This mode, in effect, > disables secure mode. > > > aclmode - This property modifies ACL behavior whenever a file or > directory's mode is modified by the chmod command or when a file is > initially created. > > Values include the following: > > passthrough - For new objects, the inheritable ACL entries are > inherited with no changes made to them. > ---- > > This documentation would seem to indicate that if both "aclinherit" and > "aclmode" are set to "passthrough", then "the inheritable ACL entries are > inherited with no changes made to them". > > However, as I originally posted, the inheritable ACL entries I configured > are being munged. Based on the documentation, this behavior is broken. > >
The documentation in the admin guide isn't quite correct. I will go ahead and do a fastrack to get the behavior that many people want. Basically, if inheritable ACEs are present for owner@, group@, everyone@ then the inherited ACE permissions will override the requested mode of the application. If no inheritable ACEs are present for owner@, group, or everyone@ then the mode will be used. -Mark _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
