On Wed, May 15, 2013 at 11:47 PM, Paul B. Henson <hen...@acm.org> wrote:
> On 5/12/2013 1:21 PM, Natxo Asenjo wrote: > > mm, when using scp it bypasses the acl as well ..., grrr. >> > > Even with aclmode=restricted? > strangely enough, on one share yes, the other no. The difference is the share root dir permissions # /bin/ls -vd /tank/testshare/ drwxrwxrwx+ 10 root root 10 May 16 07:31 /tank/testshare/ 0:everyone@:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/read_xattr/write_xattr/execute /delete_child/read_attributes/write_attributes/delete/read_acl /write_acl/write_owner/synchronize:file_inherit/dir_inherit:allow # bin/ls -vd /tank/fotos/ d---------+289 root root 290 May 16 07:32 /tank/fotos/ 0:user:username:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/read_xattr/write_xattr/execute /delete_child/read_attributes/write_attributes/delete/read_acl /write_acl/write_owner/synchronize:file_inherit/dir_inherit:allow on the /tank/fotos, when I scp as root the root umask sets extra aces, on the /tank/testshare dir when I scp as root the ace is respected root@zfstank:~# zfs get all tank/testshare | grep acl tank/testshare aclmode restricted local tank/testshare aclinherit passthrough local root@zfstank:~# zfs get all tank/fotos | grep acl tank/fotos aclmode restricted local tank/fotos aclinherit passthrough local $ scp -r dosbox/ root@zfstank:/tank/testshare/testdir # /bin/ls -vd /tank/testshare/testdir/ drwxrwxrwx+ 4 root root 5 May 16 22:03 /tank/testshare/testdir/ 0:everyone@:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/read_xattr/write_xattr/execute /delete_child/read_attributes/write_attributes/delete/read_acl /write_acl/write_owner/synchronize:file_inherit/dir_inherit /inherited:allow $ scp -r dosbox/ root@zfstank:/tank/fotos/testdir # /bin/ls -vd /tank/fotos/testdir drwxr-xr-x+ 4 root root 5 May 16 22:03 /tank/fotos/testdir/ 0:user:username:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/read_xattr/write_xattr/execute /delete_child/read_attributes/write_attributes/delete/read_acl /write_acl/write_owner/synchronize:file_inherit/dir_inherit /inherited:allow 1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/read_xattr/write_xattr/execute/read_attributes /write_attributes/read_acl/write_acl/write_owner/synchronize:allow 2:group@:list_directory/read_data/read_xattr/execute/read_attributes /read_acl/synchronize:allow 3:everyone@:list_directory/read_data/read_xattr/execute/read_attributes /read_acl/synchronize:allow strange. I am going to open a bug with redhat to see if they can get to fix coreutils and the ssh client to respect nfsv4 aces instead of bypassing the stuff. We'll see. -- groet, natxo
_______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss