Hello All,
I'm in the process of migrating a file server from Solaris 9, where
we're making extensive use of POSIX-ACLs, to ZFS and I have a question
that I'm hoping someone can clear up for me. I'm using ufsrestore to
restore the data to the ZFS file system so the ACLs are converted to
NFSv4 style ACLs and everything looks good. But when I inspect the
converted ZFS-ACLs it looks to me like there are additional and
redundant ACLs, specifically those converted from the POSIX-ACL mask value.
In the case I'm looking at the POSIX-ACL being converted on the
directory is as follows:
# file: test_dir1
# owner: root
# group: group_1
user::rwx
group::r-x #effective:r-x
group:group_2:r-x #effective:r-x
mask:rwx
other:---
Once the directory is restored to the ZFS file system the ACLs have been
converted to the following:
drwxr-x---+ 2 root group_1 2 Feb 20 15:00 test_dir1
owner@:rwxp-DaA--cC-s:------:allow
owner@:--------------:------:deny
group@:-------A---C--:------:deny
group@:r-x---a---c--s:------:allow
group:group_2:-------A---C--:------:deny
group:group_2:r-x---a---c--s:------:allow
group@:-w-p-D-A---C--:------:deny
group:group_2:-w-p-D-A---C--:------:deny
everyone@:------a---c--s:------:allow
everyone@:rwxp-D-A---C--:------:deny
The ACLs that I'm questioning the need for are:
group@:-------A---C--:------:deny
group:group_2:-------A---C--:------:deny
Wouldn't these 2 ACLs be covered by the other group deny ACLs?
group@:-------A---C--:------:deny
group@:-w-p-D-A---C--:------:deny
and
group:group_2:-------A---C--:------:deny
group:group_2:-w-p-D-A---C--:------:deny
It would seem to me that the converted POSIX-ACL mask are unnecessary.
Regards,
--
Darin Perusich
Unix Systems Administrator
Cognigen Corporation
395 Youngs Rd.
Williamsville, NY 14221
Phone: 716-633-3463
Email: darin...@cognigencorp.com
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
