On 2/26/2010 6:26 PM, Paul B. Henson wrote:
On Fri, 26 Feb 2010, Nicolas Williams wrote:
I believe we can do a bit better.
A chmod that adds (see below) or removes one of r, w or x for owner is a
simple ACL edit (the bit may turn into multiple ACE bits, but whatever)
modifying / replacing / adding owner@ ACEs (if there is one). A similar
chmod that affecting group bits should probably apply to group@ ACEs. A
similar chmod that affecting other should apply to any everyone@ ACEs.
I don't necessarily think that's better; and I believe that's approximately
the behavior you can already get with aclmode=passthrough.
If something is trying to change permissions on an object with a
non-trivial ACL using chmod, I think it's safe to assume that's not what
the original user who configured the ACL wants. At least, that would be
safe to assume if the user had explicitly configured the hypothetical
aclmode=deny or aclmode=ignore :).
The problem with that, of course, is that it's equally true in a
pure-permissions world -- if I'm trying to change the permissions with
chmod, it's safe to assume that the new values aren't what the person
who originally configured the protections on that file wanted. THAT'S
WHY I'M CHANGING THEM!
So I don't see how that's a great argument for ignoring what I do.
Take, for example, a problem I'm currently having on Linux clients mounting
ZFS over NFSv4. Linux supports NFSv4, and even has a utility to manipulate
NFSv4 ACL's that works ok (but isn't nearly as nice as the ACL integrated
chmod command in Solaris). However, the default behavior of the linux cp
command is to try and copy the mode bits along with the file. So, I copy
a file into zfs over the NFSv4 mount from some local location. The file is
created and inherits the explicitly configured ACL from the parent
directory; the cp command then does a chmod() on it and the ACL is broken.
That's not what I want, I configured that inheritable ACL for a reason, and
I want it respected regardless of the permissions of the file in its
original location.
Okay, but the argument goes the other way just as well -- when I run
"chmod 6400 foobar", I want the permissions set that specific way, and I
don't want some magic background feature blocking me. Particulary if
"I" am a complex system of scripts that wasn't even written locally.
--
David Dyer-Bennet, d...@dd-b.net; http://dd-b.net/
Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/
Photos: http://dd-b.net/photography/gallery/
Dragaera: http://dragaera.info
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
