https://www.illumos.org/issues/8984
As per the documentation, for the `aclinherit` property: >When the property value is set to passthrough, files are created with a >mode determined by the inheritable ACEs. If no inheritable ACEs exist >that affect the mode, then the mode is set in accordance to the >requested mode from the application. 6764 introduced a bug causing the requested mode to always be set, even if mode-affecting inheritable ACEs are present. See https://illumos.topicbox.com/groups/zfs/Te5cbb71851130ac1-M486e4 for more discussion and example, including this from Albert Lee: >You are correct, aclinherit=passthrough/passthrough-x should still ignore the requested mode when an inheritable ACE for owner@ group@, or everyone@ is present in the parent directory. >It appears there was an oversight in my fix for https://www.illumos.org/issues/6764 which made calling zfs_acl_chmod from zfs_acl_inherit unconditional. I think the parent ACL check for aclinherit=passthrough needs to be reintroduced in zfs_acl_inherit. This change re-introduces that parent ACL check. Work by @hadfl ### Testing ``` r151022# zfs create -o aclinherit=passthrough-x rpool/test r151022# cd /rpool/test r151022# mkdir dropbox r151022# chmod A+user:af:full_set:f:allow dropbox r151022# ls -dV dropbox drwxr-xr-x+ 2 root root 2 Feb 18 21:37 dropbox/ user:af:rwxpdDaARWcCos:f------:allow owner@:rwxp-DaARWcCos:-------:allow group@:r-x---a-R-c--s:-------:allow everyone@:r-x---a-R-c--s:-------:allow # no inheritable owner@, group@, everyone@ - so should be normal behaviour r151022# touch dropbox/test r151022# ls -V dropbox/test -rw-r--r--+ 1 root root 0 Feb 18 21:38 dropbox/test user:af:rw-pdDaARWcCos:------I:allow owner@:rw-p--aARWcCos:-------:allow group@:r-----a-R-c--s:-------:allow everyone@:r-----a-R-c--s:-------:allow # Now setting inheritable owner... r151022# chmod A+owner@:rwx:fi:allow dropbox r151022# touch dropbox/test2 r151022# ls -V dropbox/test2 -rw-------+ 1 root root 0 Feb 18 21:40 dropbox/test2 owner@:rw------------:------I:allow user:af:rw-pdDaARWcCos:------I:allow # and group r151022# chmod A0=group@:rwx:fi:allow dropbox r151022# touch dropbox/test3 r151022# ls -V dropbox/test3 ----rw----+ 1 root root 0 Feb 18 21:41 dropbox/test3 group@:rw------------:------I:allow user:af:rw-pdDaARWcCos:------I:allow # and everyone r151022# chmod A0=everyone@:rwx:fi:allow dropbox r151022# touch dropbox/test4 r151022# ls -V dropbox/test4 -rw-rw-rw-+ 1 root root 0 Feb 18 21:42 dropbox/test4 everyone@:rw------------:------I:allow user:af:rw-pdDaARWcCos:------I:allow ``` You can view, comment on, or merge this pull request online at: https://github.com/openzfs/openzfs/pull/557 -- Commit Summary -- * 8984 fix for 6764 breaks ACL inheritance -- File Changes -- M usr/src/uts/common/fs/zfs/zfs_acl.c (40) -- Patch Links -- https://github.com/openzfs/openzfs/pull/557.patch https://github.com/openzfs/openzfs/pull/557.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/openzfs/openzfs/pull/557 ------------------------------------------ openzfs-developer Archives: https://openzfs.topicbox.com/groups/developer/discussions/Taa24d3ad3ace2410-M3bd70a4c31a72f0286332527 Powered by Topicbox: https://topicbox.com
