Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS
On 10/24/06, Mark Shellenbaum [EMAIL PROTECTED] wrote: Chris Gerhard wrote: I want a file system that is shared by the group. Everything in the file system writable by the group no matter what the umask.The simplest way to do something like that would be: # zfs create pool/fs# chmod A+group:whatever:perms desired:fd:allow pool/fsOK, so I tried this:Create a directory.% mkdir -m 770 aMake everything be group writeable. % chmod A+group@:rwxp:fd:allow aCreate a file.% touch a/fWhat permissions does it have?% /bin/ls -ldV a/f-rw-r--r--+ 1 ptribble 5000 0 Oct 27 22:49 a/f group@:--:--:allow owner@:--x---:--:deny owner@:rw-p---A-W-Co-:--:allow group@:-wxp--:--:deny group@:r-:--:allow everyone@:-wxp---A-W-Co-:--:deny everyone@:r-a-R-c--s:--:allowNo. That doesn't work. For one thing, the file isn't group writable.For another, it's picked up an unnecessary ACL.What is the syntax to create an ACL on a directory so that everything underneath is group-writable?-- -Peter Tribblehttp://www.petertribble.co.uk/ - http://ptribble.blogspot.com/ ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS
Peter Tribble wrote: On 10/24/06, *Mark Shellenbaum* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Chris Gerhard wrote: I want a file system that is shared by the group. Everything in the file system writable by the group no matter what the umask. The simplest way to do something like that would be: # zfs create pool/fs # chmod A+group:whatever:perms desired:fd:allow pool/fs OK, so I tried this: Create a directory. % mkdir -m 770 a Make everything be group writeable. % chmod A+group@:rwxp:fd:allow a You can't use the abstractions owner@,group@, or everyone@ you need to specify an explicit group, such as. $ chmod A+group:staff:rwx:fd:allow a Create a file. % touch a/f What permissions does it have? % /bin/ls -ldV a/f -rw-r--r--+ 1 ptribble 5000 0 Oct 27 22:49 a/f group@:--:--:allow owner@:--x---:--:deny owner@:rw-p---A-W-Co-:--:allow group@:-wxp--:--:deny group@:r-:--:allow everyone@:-wxp---A-W-Co-:--:deny everyone@:r-a-R-c--s:--:allow No. That doesn't work. For one thing, the file isn't group writable. For another, it's picked up an unnecessary ACL. What is the syntax to create an ACL on a directory so that everything underneath is group-writable? -- -Peter Tribble http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/ http://ptribble.blogspot.com/ ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS
On 10/27/06, Mark Shellenbaum [EMAIL PROTECTED] wrote: Peter Tribble wrote: Make everything be group writeable. % chmod A+group@:rwxp:fd:allow aYou can't use the abstractions owner@,group@, or everyone@ you need tospecify an explicit group, such as. $ chmod A+group:staff:rwx:fd:allow aUgh. That's a horrid limitation. What are the chances of this beingchanged?And how does this work with the 'other' permissions? I can't specify an explicit name with 'everyone:'.-- -Peter Tribblehttp://www.petertribble.co.uk/ - http://ptribble.blogspot.com/ ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS
Peter Tribble wrote: On 10/27/06, *Mark Shellenbaum* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Peter Tribble wrote: Make everything be group writeable. % chmod A+group@:rwxp:fd:allow a You can't use the abstractions owner@,group@, or everyone@ you need to specify an explicit group, such as. $ chmod A+group:staff:rwx:fd:allow a Ugh. That's a horrid limitation. What are the chances of this being changed? Its tied in with the reconciliation of the mode. You need to just start thinking about things in a non-ufs way. And how does this work with the 'other' permissions? I can't specify an explicit name with 'everyone:'. No, but you can specify a specific user. chmod A+user:joe:rwxp:fd:allow a ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS
Chris Gerhard wrote: I'm trying to create a directory hierarchy that when ever a file is created it is created mode 664 with directories 775. Now I can do this with chmod to create the ACL on UFS and it behaves as expected howerver on ZFS it does not. So what exactly are you trying to accomplish by doing this? ZFS always honors the umask and mode during file/dir creates. UFS ignores the umask when default ACLs are present. This is actually a POSIX violation in UFS. If your desire is to allow certain users/groups to access/write to various files in the directory tree then you can use the various inheritance flags, such as file_inherit, dir_inherit, inherit_only and no_propagate to control how the permissions flow down the tree. : pearson TS 68 $; mkdir ~/tmp/acl : pearson TS 69 $; df -h ~/tmp/acl Filesystem size used avail capacity Mounted on tank/users/cjg 100G22G75G23%/tank/users/cjg : pearson TS 70 $; mkdir /var/tmp/acl : pearson TS 71 $; df -h /var/tmp/acl Filesystem size used avail capacity Mounted on /dev/md/dsk/d4 9.6G 4.7G 4.8G50%/ : pearson TS 72 $; chmod A=user::rwx,group::rwx,other:r-x,default:user::rwx,default:group::rwx,default:other:r-x,default:mask:rwx /var/tmp/acl /home/cjg/tmp/acl : pearson TS 73 $; Why are you trying to set a POSIX draft ACL on ZFS? What you end up with is an ACL that was translated from POSIX Draft - ZFS/NFSv4. So at this point should both have funtionally identical ACLs? If I now create a file in each directory I end up with different results: : pearson TS 73 $; touch /var/tmp/acl/file ~/tmp/acl/file : pearson TS 74 $; ls -l /var/tmp/acl/file ~/tmp/acl/file -rw-r-+ 1 cjg staff 0 Oct 24 17:25 /home/cjg/tmp/acl/file -rw-rw-r-- 1 cjg staff 0 Oct 24 17:25 /var/tmp/acl/file : pearson TS 75 $; : pearson TS 75 $; ls -lV ~/tmp/acl/file -rw-r-+ 1 cjg staff 0 Oct 24 17:25 /home/cjg/tmp/acl/file owner@:-DaA--c--s:--:allow owner@:--:--:deny group@:---A---C--:--:deny group@:-Da---c--s:--:allow group@:---A---C--:--:deny everyone@:--a---c--s:--:allow everyone@:-D-A---C--:--:deny owner@:--x---:--:deny owner@:rw-p---A-W-Co-:--:allow group@:-wxp--:--:deny group@:r-:--:allow everyone@:rwxp---A-W-Co-:--:deny everyone@:--a-R-c--s:--:allow : pearson TS 76 $; So in the ZFS case I don't have what I wanted or expected. Can you achieve the same results with the new ACLs? This message posted from opensolaris.org ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS
Mark Shellenbaum wrote: Chris Gerhard wrote: I'm trying to create a directory hierarchy that when ever a file is created it is created mode 664 with directories 775. Now I can do this with chmod to create the ACL on UFS and it behaves as expected howerver on ZFS it does not. So what exactly are you trying to accomplish by doing this? I want a file system that is shared by the group. Everything in the file system writable by the group no matter what the umask. ZFS always honors the umask and mode during file/dir creates. UFS ignores the umask when default ACLs are present. This is actually a POSIX violation in UFS. Does this apply to mkdir as well? It does not seem to: rwxrws---+ 3 cg13442 users 4 Oct 24 21:09 . owner@:---A-W-Co-:--:allow group@:rwxp--a---c---:-di---:allow group@:--a---c---:--:allow owner@:--:--:deny owner@:rwxp---A-W-Co-:--:allow group@:--:--:deny group@:rwxp--:--:allow everyone@:rwxp---A-W-Co-:--:deny everyone@:--a-R-c--s:--:allow : principia IA 39 $; umask 026 : principia IA 40 $; mkdir spam : principia IA 41 $; ls -lVd spam drwxrws--x+ 2 cg13442 users 2 Oct 24 21:12 spam group@:rwxp--a---c---:-di---:allow group@:--a---c---:--:allow owner@:--:--:deny owner@:rwxp---A-W-Co-:--:allow group@:-w-p--:--:deny group@:r-x---:--:allow everyone@:rw-p---A-W-Co-:--:deny everyone@:--x---a-R-c--s:--:allow : principia IA 42 $; If your desire is to allow certain users/groups to access/write to various files in the directory tree then you can use the various inheritance flags, such as file_inherit, dir_inherit, inherit_only and no_propagate to control how the permissions flow down the tree. It is however with the umask taking effect it prevents this, at least for files. : pearson TS 68 $; mkdir ~/tmp/acl : pearson TS 69 $; df -h ~/tmp/acl Filesystem size used avail capacity Mounted on tank/users/cjg 100G22G75G23%/tank/users/cjg : pearson TS 70 $; mkdir /var/tmp/acl : pearson TS 71 $; df -h /var/tmp/acl Filesystem size used avail capacity Mounted on /dev/md/dsk/d4 9.6G 4.7G 4.8G50%/ : pearson TS 72 $; chmod A=user::rwx,group::rwx,other:r-x,default:user::rwx,default:group::rwx,default:other:r-x,default:mask:rwx /var/tmp/acl /home/cjg/tmp/acl : pearson TS 73 $; Why are you trying to set a POSIX draft ACL on ZFS? What you end up with is an ACL that was translated from POSIX Draft - ZFS/NFSv4. Because I know how to create the ACL with the old style ACLs and so was letting the system do the conversion for me. -- Chris Gerhard. __o __o __o Principal Engineer _`\,`\,`\,_ Sun Microsystems Limited (*)/---/---/ (*) Phone: +44 (0) 1252 426033 (ext 26033) http://blogs.sun.com/chrisg --- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. smime.p7s Description: S/MIME Cryptographic Signature ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS
Chris Gerhard wrote: Mark Shellenbaum wrote: Chris Gerhard wrote: I'm trying to create a directory hierarchy that when ever a file is created it is created mode 664 with directories 775. Now I can do this with chmod to create the ACL on UFS and it behaves as expected howerver on ZFS it does not. So what exactly are you trying to accomplish by doing this? I want a file system that is shared by the group. Everything in the file system writable by the group no matter what the umask. The simplest way to do something like that would be: # zfs create pool/fs # chmod A+group:whatever:perms desired:fd:allow pool/fs Now every file/dir that is created under pool/fs will have an ACE prepended for the specific group. To get more power out of this you may want to toggle the aclmode property to passthrough to prevent future chmod's from disabling various permissions. -Mark ___ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss