Re: [zfs-discuss] ZFS acl and chmod

[Cindy Swearingen]

Hey Nix,

I think I see the problem now.

If you want to review the interaction of setting an explicit ACL and
using the chmod 755 command on 2, you need this command:

# ls -dv 2

What you have is this command:

# ls -dv

(I have no idea what's going on with the parent dir ACL.)

I tested your syntax, which says replace ACL #3 and then reset the
permissions by using the chmod command. Its working as expected.
See below.

Thanks

Cindy


# zpool create tank c0t1d0
# zfs create tank/test
# cd /tank/test
# mkdir 2
# ls -dv 2
drwxr-xr-x   2 root     root           2 Jul 29 12:45 2
0:owner@::deny
1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/write_xattr/execute/write_attributes/write_acl
         /write_owner:allow
2:group@:add_file/write_data/add_subdirectory/append_data:deny
3:group@:list_directory/read_data/execute:allow
4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
         /write_attributes/write_acl/write_owner:deny
5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow

# chmod  A3=group@:list_directory/read_data/write_data/execute:allow 2
# ls -dv 2
drwxr-xr-x   2 root     root           2 Jul 29 12:45 2
0:owner@::deny
1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/write_xattr/execute/write_attributes/write_acl
         /write_owner:allow
2:group@:add_file/write_data/add_subdirectory/append_data:deny
3:group@:list_directory/read_data/add_file/write_data/execute:allow
4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
         /write_attributes/write_acl/write_owner:deny
5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow
# chmod 755 2
# ls -dv 2
drwxr-xr-x   2 root     root           2 Jul 29 12:45 2
0:owner@::deny
1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/write_xattr/execute/write_attributes/write_acl
         /write_owner:allow
2:group@:add_file/write_data/add_subdirectory/append_data:deny
3:group@:list_directory/read_data/execute:allow
4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
         /write_attributes/write_acl/write_owner:deny
5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow

On 07/29/10 11:56, Cindy Swearingen wrote:

Which Solaris release is this and are you using /usr/bin/ls and /usr/bin/chmod?

Thanks,

Cindy
On 07/29/10 02:44, . . wrote:

Hi ,

while playing with ZFS acls I have noticed chmod strange behavior, it duplicates some acls , is it a bug or a feature :) ?

For example scenario:
#ls -dv ./2

drwxr-xr-x   2 root     root           2 Jul 29 11:22 2
     0:owner@::deny

1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory

         /append_data/write_xattr/execute/write_attributes/write_acl
         /write_owner:allow
     2:group@:add_file/write_data/add_subdirectory/append_data:deny
     3:group@:list_directory/read_data/execute:allow

4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr

         /write_attributes/write_acl/write_owner:deny

5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes

         /read_acl/synchronize:allow


chmod  A3=group@:list_directory/read_data/write_data/execute:allow 2

bash-3.00# ls -dv 2
drwxr-xr-x   2 root     root           2 Jul 29 11:22 2
     0:owner@::deny

1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory

         /append_data/write_xattr/execute/write_attributes/write_acl
         /write_owner:allow
     2:group@:add_file/write_data/add_subdirectory/append_data:deny
     3:group@:list_directory/read_data/add_file/write_data/execute:allow

4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr

         /write_attributes/write_acl/write_owner:deny

5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes

         /read_acl/synchronize:allow

bash-3.00#chmod 755 2
bash-3.00#ls -dv
drwxr-xr-x+  2 root     root           2 Jul 29 11:22 2
     0:owner@::deny
     1:owner@:write_xattr/write_attributes/write_acl/write_owner:allow
     2:group@::deny
     3:group@::allow
     4:group@::allow
     5:everyone@:write_xattr/write_attributes/write_acl/write_owner:deny
     6:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow
     7:owner@::deny

8:owner@:list_directory/read_data/add_file/write_data/add_subdirectory

         /append_data/write_xattr/execute/write_attributes/write_acl
         /write_owner:allow
     9:group@:add_file/write_data/add_subdirectory/append_data:deny
     10:group@:list_directory/read_data/execute:allow

11:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr

         /write_attributes/write_acl/write_owner:deny

12:everyone@:list_directory/read_data/read_xattr/execute/read_attributes

         /read_acl/synchronize:allow





--
---------------------------------------------
http://unixinmind.blogspot.com


------------------------------------------------------------------------

_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss