Thanks for getting back to me. Unfortunately this is not the problem as the file move is on the one machine and is between zfs filesystems. Any other suggestions about removing the inheritance or whatever is causing it would be most useful.
On Sat, Nov 21, 2009 at 8:36 AM, Mark Shellenbaum <mark.shellenb...@sun.com>wrote: > lance wilson wrote: > >> On my opensolaris file storage machine files created in one zfs file >> system which is then subsequently moved to another gets an extra acl >> applied from somewhere. The problem with the newly applied acl is that the >> files are no longer readable from the network share. The way to resolve this >> is to access the server and execute a chmod -Rf A- which removes all of the >> extra and not required acls. The problem is I can not find where these file >> permissions are coming from. When I create a file in either of the file >> systems using touch, the files have this set of permissions >> >> 0:owner@:execute:deny >> 1:owner@ >> :read_data/write_data/append_data/write_xattr/write_attributes >> /write_acl/write_owner:allow >> 2:group@:write_data/append_data/execute:deny >> 3:group@:read_data:allow >> 4:everyone@ >> :write_data/append_data/write_xattr/execute/write_attributes >> /write_acl/write_owner:deny >> 5:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize >> :allow >> >> This group of permissions looks like the standard ones applied to user and >> group permissions. Now the files that are moved have the permissions below. >> >> 0:owner@:read_data/write_data/append_data/read_attributes >> /write_attributes/read_acl/write_acl/synchronize:allow >> 1:owner@:execute:deny >> 2:group@ >> :write_data/append_data/execute/write_attributes/write_acl:deny >> 3:group@:read_data/read_attributes/read_acl/synchronize:allow >> 4:group@ >> :write_data/append_data/execute/write_attributes/write_acl:deny >> 5:everyone@:read_data/read_attributes/read_acl/synchronize:allow >> 6:everyone@:write_data/append_data/execute/write_attributes/write_acl >> :deny >> >> I have tried removing all of the acls from the file systems by executing >> the chmod command in the roots of the file systems but it has not worked. >> Can anyone provide any suggestions. Also how do you use chmod on a directory >> only not the files? >> > > > Are you doing the "mv" over NFS? This looks like a translated ACL. It has > the allow/deny pairs as allow/deny instead of deny/allow and you have an > extra group@ which is to simulate the ACL mask from a POSIX draft ACL. > > -Mark >
_______________________________________________ storage-discuss mailing list storage-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/storage-discuss
