[Bug 277193] NFSv4 ACLs are not inherited when moving file

Tue, 20 Feb 2024 06:58:13 -0800 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277193

            Bug ID: 277193
           Summary: NFSv4 ACLs are not inherited when moving file
           Product: Base System
           Version: 13.2-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: misc
          Assignee: [email protected]
          Reporter: [email protected]

I'm using NFSv4 ACLs in a ZFS dataset. The dataset "zroot/srv/files/myshare"
has been created like this:

zfs create -o mountpoint=/srv/files -o aclmode=restricted zroot/srv/files
zfs create -o mountpoint=/srv/files/myshare -o aclmode=restricted -o
aclinherit=passthrough-x zroot/srv/files/myshare

When I set ACEs with inheritance flags on a directory, I expect files or
directories transferred there to inherit those ACEs. For examples, consider the
directories A and B with the following ACEs:

# file: /srv/files/myshare/A
# owner: root
# group: wheel
user:alice:rwx--daARWc--s:fd-----:allow
    owner@:rwxp-daARWc--s:fd-----:allow
    group@:------a-R-c--s:fd-----:allow
 everyone@:------a-R-c--s:fd-----:allow

# file: /srv/files/myshare/B
# owner: root
# group: wheel
  user:bob:rwx--daARWc--s:fd-----:allow
    owner@:rwxp-daARWc--s:fd-----:allow
    group@:------a-R-c--s:fd-----:allow
 everyone@:------a-R-c--s:fd-----:allow

Creating a file A/test.txt will inherit the ACEs correctly to that file:

# file: /srv/files/myshare/A/test.txt
# owner: root
# group: wheel
user:alice:rw---daARWc--s:------I:allow
    owner@:rw-p-daARWc--s:------I:allow
    group@:------a-R-c--s:------I:allow
 everyone@:------a-R-c--s:------I:allow

When moving the file over to B (cp /srv/files/myshare/A/test.txt
/srv/files/myshare/B/) I expect it to inherit B's ACEs, but it doesn't. Instead
A's ACEs are preserved:

# file: /srv/files/myshare/B/test.txt
# owner: root
# group: wheel
user:alice:rw---daARWc--s:------I:allow
    owner@:rw-p-daARWc--s:------I:allow
    group@:------a-R-c--s:------I:allow
 everyone@:------a-R-c--s:------I:allow

This makes the file unaccessible for Bob even though he has read/write access
on the directory B.

Am I doing something wrong or is this a bug?

Note that when copying instead of moving the file, inheritance works as
expected.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to