On Thu, Jul 21, 2011 at 9:58 PM, Paul B. Henson <hen...@acm.org> wrote: > On 7/19/2011 7:10 PM, Gordon Ross wrote: > >> The idea: A new "aclmode" setting called "discard", meaning that >> the users don't care at all about the traditional mode bits. A >> dataset with aclmode=discard would have the chmod system call and NFS >> setattr do absolutely nothing to the mode bits. > > The caveat to that are the suid/sgid/sticky bits, which have no > corresponding bits in the ACL, and potentially will still need to be > manipulated. The details on that still need to be worked out :).
It seems consistent to me that a "discard" mode would simply never present suid/sgid/sticky. (It discards mode settings.) After all, the suid/sgid/sticky bits don't have any counterpart in Windows security descriptors, and Windows ACL use interited $CREATOR_OWNER ACEs to do the equivalent of the sticky bit. >> The mode bits would be derived from the ACL such that the mode >> represents the greatest possible access that might be allowed by the >> ACL, without any consideration of deny entries or group memberships. > > Is this description different than how the mode bits are currently derived > when a ZFS acl is set on an object? I think it's pretty much the same, though I haven't looked recently at the code that derives the mode from an ACL. Gordon _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
