subject:"Re\: \[zfs\-discuss\] chmod A=.... on ZFS \!= chmod A=... on UFS"

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

2006-10-27 Thread Peter Tribble

On 10/24/06, Mark Shellenbaum [EMAIL PROTECTED] wrote:
Chris Gerhard wrote: I want a file system that is shared by the group. Everything in the file system writable by the group no matter what the umask.The simplest way to do something like that would be:
# zfs create pool/fs# chmod A+group:whatever:perms desired:fd:allow pool/fsOK, so I tried this:Create a directory.% mkdir -m 770 aMake everything be group writeable.
% chmod A+group@:rwxp:fd:allow aCreate a file.% touch a/fWhat permissions does it have?% /bin/ls -ldV a/f-rw-r--r--+ 1 ptribble 5000 0 Oct 27 22:49 a/f group@:--:--:allow
 owner@:--x---:--:deny owner@:rw-p---A-W-Co-:--:allow group@:-wxp--:--:deny group@:r-:--:allow everyone@:-wxp---A-W-Co-:--:deny
 everyone@:r-a-R-c--s:--:allowNo. That doesn't work. For one thing, the file isn't group writable.For another, it's picked up an unnecessary ACL.What is the syntax to create an ACL on a directory so that
everything underneath is group-writable?-- -Peter Tribblehttp://www.petertribble.co.uk/ - http://ptribble.blogspot.com/

___
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

2006-10-27 Thread Mark Shellenbaum


Peter Tribble wrote:
On 10/24/06, *Mark Shellenbaum* [EMAIL PROTECTED] 
mailto:[EMAIL PROTECTED] wrote:


Chris Gerhard wrote:
 
  I want a file system that is shared by the group. Everything in
the file
  system writable by the group no matter what the umask.
 

The simplest way to do something like that would be:

# zfs create pool/fs
# chmod A+group:whatever:perms desired:fd:allow pool/fs


OK, so I tried this:

Create a directory.

% mkdir -m 770 a

Make everything be group writeable.

% chmod A+group@:rwxp:fd:allow a



You can't use the abstractions owner@,group@, or everyone@ you need to 
specify an explicit group, such as.


$ chmod A+group:staff:rwx:fd:allow a


Create a file.

% touch a/f

What permissions does it have?

% /bin/ls -ldV a/f
-rw-r--r--+  1 ptribble 5000   0 Oct 27 22:49 a/f
group@:--:--:allow
owner@:--x---:--:deny
owner@:rw-p---A-W-Co-:--:allow
group@:-wxp--:--:deny
group@:r-:--:allow
 everyone@:-wxp---A-W-Co-:--:deny
 everyone@:r-a-R-c--s:--:allow

No. That doesn't work. For one thing, the file isn't group writable.
For another, it's picked up an unnecessary ACL.

What is the syntax to create an ACL on a directory so that
everything underneath is group-writable?

--
-Peter Tribble
http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/ 
http://ptribble.blogspot.com/





___
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss


___
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

2006-10-27 Thread Peter Tribble

On 10/27/06, Mark Shellenbaum [EMAIL PROTECTED] wrote:
Peter Tribble wrote: Make everything be group writeable. % chmod A+group@:rwxp:fd:allow aYou can't use the abstractions owner@,group@, or everyone@ you need tospecify an explicit group, such as.
$ chmod A+group:staff:rwx:fd:allow aUgh. That's a horrid limitation. What are the chances of this beingchanged?And how does this work with the 'other' permissions? I can't
specify an explicit name with 'everyone:'.-- -Peter Tribblehttp://www.petertribble.co.uk/ - http://ptribble.blogspot.com/

___
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

2006-10-27 Thread Mark Shellenbaum


Peter Tribble wrote:



On 10/27/06, *Mark Shellenbaum* [EMAIL PROTECTED] 
mailto:[EMAIL PROTECTED] wrote:


Peter Tribble wrote:

  Make everything be group writeable.
 
  % chmod A+group@:rwxp:fd:allow a
 

You can't use the abstractions owner@,group@, or everyone@ you need to
specify an explicit group, such as.

$ chmod A+group:staff:rwx:fd:allow a


Ugh. That's a horrid limitation. What are the chances of this being
changed?



Its tied in with the reconciliation of the mode.

You need to just start thinking about things in a non-ufs way.


And how does this work with the 'other' permissions? I can't
specify an explicit name with 'everyone:'.



No, but you can specify a specific user.

chmod A+user:joe:rwxp:fd:allow a

___
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

2006-10-24 Thread Mark Shellenbaum


Chris Gerhard wrote:

I'm trying to create a directory hierarchy that when ever a file is created it 
is created mode 664 with directories 775.

Now I can do this with chmod to create the ACL on UFS and it behaves as 
expected howerver on  ZFS it does not.



So what exactly are you trying to accomplish by doing this?

ZFS always honors the umask and mode during file/dir creates.  UFS 
ignores the umask when default ACLs are present.  This is actually a 
POSIX violation in UFS.


If your desire is to allow certain users/groups to access/write to 
various files in the directory tree then you can use the various 
inheritance flags, such as file_inherit, dir_inherit, inherit_only and 
no_propagate  to control how the permissions flow down the tree.



: pearson TS 68 $; mkdir ~/tmp/acl
: pearson TS 69 $; df -h  ~/tmp/acl
Filesystem size   used  avail capacity  Mounted on
tank/users/cjg 100G22G75G23%/tank/users/cjg
: pearson TS 70 $; mkdir /var/tmp/acl
: pearson TS 71 $; df -h  /var/tmp/acl
Filesystem size   used  avail capacity  Mounted on
/dev/md/dsk/d4 9.6G   4.7G   4.8G50%/
: pearson TS 72 $; chmod 
A=user::rwx,group::rwx,other:r-x,default:user::rwx,default:group::rwx,default:other:r-x,default:mask:rwx
 /var/tmp/acl /home/cjg/tmp/acl
: pearson TS 73 $;



Why are you trying to set a POSIX draft ACL on ZFS?  What you end up 
with is an ACL that was translated from POSIX Draft - ZFS/NFSv4.



So at this point should both have funtionally identical ACLs?  


If I now create a file in each directory I end up with different results:

: pearson TS 73 $; touch  /var/tmp/acl/file ~/tmp/acl/file
: pearson TS 74 $; ls -l  /var/tmp/acl/file ~/tmp/acl/file
-rw-r-+  1 cjg  staff  0 Oct 24 17:25 /home/cjg/tmp/acl/file
-rw-rw-r--   1 cjg  staff  0 Oct 24 17:25 /var/tmp/acl/file
: pearson TS 75 $; 
: pearson TS 75 $; ls -lV ~/tmp/acl/file

-rw-r-+  1 cjg  staff  0 Oct 24 17:25 /home/cjg/tmp/acl/file
owner@:-DaA--c--s:--:allow
owner@:--:--:deny
group@:---A---C--:--:deny
group@:-Da---c--s:--:allow
group@:---A---C--:--:deny
 everyone@:--a---c--s:--:allow
 everyone@:-D-A---C--:--:deny
owner@:--x---:--:deny
owner@:rw-p---A-W-Co-:--:allow
group@:-wxp--:--:deny
group@:r-:--:allow
 everyone@:rwxp---A-W-Co-:--:deny
 everyone@:--a-R-c--s:--:allow
: pearson TS 76 $; 


So in the ZFS case I don't have what I wanted or expected.

Can you achieve the same results with the new ACLs?
 
 
This message posted from opensolaris.org

___
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss


___
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

2006-10-24 Thread Chris Gerhard

Mark Shellenbaum wrote:

Chris Gerhard wrote:
I'm trying to create a directory hierarchy that when ever a file is
created it is created mode 664 with directories 775.

Now I can do this with chmod to create the ACL on UFS and it behaves
as expected howerver on ZFS it does not.

So what exactly are you trying to accomplish by doing this?

I want a file system that is shared by the group. Everything in the file
system writable by the group no matter what the umask.

ZFS always honors the umask and mode during file/dir creates. UFS
ignores the umask when default ACLs are present. This is actually a
POSIX violation in UFS.

Does this apply to mkdir as well? It does not seem to:

rwxrws---+ 3 cg13442 users 4 Oct 24 21:09 .
owner@:---A-W-Co-:--:allow
group@:rwxp--a---c---:-di---:allow
group@:--a---c---:--:allow
owner@:--:--:deny
owner@:rwxp---A-W-Co-:--:allow
group@:--:--:deny
group@:rwxp--:--:allow
everyone@:rwxp---A-W-Co-:--:deny
everyone@:--a-R-c--s:--:allow
: principia IA 39 $; umask
026
: principia IA 40 $; mkdir spam
: principia IA 41 $; ls -lVd spam
drwxrws--x+ 2 cg13442 users 2 Oct 24 21:12 spam
group@:rwxp--a---c---:-di---:allow
group@:--a---c---:--:allow
owner@:--:--:deny
owner@:rwxp---A-W-Co-:--:allow
group@:-w-p--:--:deny
group@:r-x---:--:allow
everyone@:rw-p---A-W-Co-:--:deny
everyone@:--x---a-R-c--s:--:allow
: principia IA 42 $;

If your desire is to allow certain users/groups to access/write to
various files in the directory tree then you can use the various
inheritance flags, such as file_inherit, dir_inherit, inherit_only and
no_propagate to control how the permissions flow down the tree.

It is however with the umask taking effect it prevents this, at least
for files.

: pearson TS 68 $; mkdir ~/tmp/acl
: pearson TS 69 $; df -h ~/tmp/acl
Filesystem size used avail capacity Mounted on
tank/users/cjg 100G22G75G23%/tank/users/cjg
: pearson TS 70 $; mkdir /var/tmp/acl
: pearson TS 71 $; df -h /var/tmp/acl
Filesystem size used avail capacity Mounted on
/dev/md/dsk/d4 9.6G 4.7G 4.8G50%/
: pearson TS 72 $; chmod
A=user::rwx,group::rwx,other:r-x,default:user::rwx,default:group::rwx,default:other:r-x,default:mask:rwx
/var/tmp/acl /home/cjg/tmp/acl

: pearson TS 73 $;

Why are you trying to set a POSIX draft ACL on ZFS? What you end up
with is an ACL that was translated from POSIX Draft - ZFS/NFSv4.

Because I know how to create the ACL with the old style ACLs and so was
letting the system do the conversion for me.

--
Chris Gerhard. __o __o __o
Principal Engineer _`\,`\,`\,_
Sun Microsystems Limited (*)/---/---/ (*)
Phone: +44 (0) 1252 426033 (ext 26033) http://blogs.sun.com/chrisg
---
NOTICE: This email message is for the sole use of the
intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited.
If you are not the intended recipient, please contact
the sender by reply email and destroy all copies of the
original message.

smime.p7s
Description: S/MIME Cryptographic Signature
___
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

2006-10-24 Thread Mark Shellenbaum


Chris Gerhard wrote:

Mark Shellenbaum wrote:

Chris Gerhard wrote:
I'm trying to create a directory hierarchy that when ever a file is 
created it is created mode 664 with directories 775.


Now I can do this with chmod to create the ACL on UFS and it behaves 
as expected howerver on  ZFS it does not.




So what exactly are you trying to accomplish by doing this?


I want a file system that is shared by the group. Everything in the file
system writable by the group no matter what the umask.



The simplest way to do something like that would be:

# zfs create pool/fs
# chmod A+group:whatever:perms desired:fd:allow pool/fs

Now every file/dir that is created under pool/fs will have an ACE 
prepended for the specific group.  To get more power out of this you may 
want to toggle the aclmode property to passthrough to prevent future 
chmod's from disabling various permissions.


  -Mark
___
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

Re: [zfs-discuss] chmod A=.... on ZFS != chmod A=... on UFS

7 matches

Site Navigation

Mail list logo

Footer information