Mark Shellenbaum wrote:
Can you post the full ACL on the directory and on the file you are being
allowed to delete.
Simple test:
carson:gandalf 2 $ uname -a
SunOS gandalf.taltos.org 5.10 Generic_125101-02 i86pc i386 i86pc
carson:gandalf 0 $ mkdir foo
carson:gandalf 0 $ ls -dv foo
drwxr-xr-x 2 carson carson 2 Apr 3 07:28 foo
0:owner@::deny
1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/write_xattr/execute/write_attributes/write_acl
/write_owner:allow
2:group@:add_file/write_data/add_subdirectory/append_data:deny
3:group@:list_directory/read_data/execute:allow
4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
/write_attributes/write_acl/write_owner:deny
5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
/read_acl/synchronize:allow
carson:gandalf 0 $ chmod A+everyone@:add_file:allow foo
carson:gandalf 0 $ chmod A+everyone@:delete_child:deny foo
Tue Apr 03 07:30:41 /export/data/acltest
carson:gandalf 0 $ ls -dv foo
drwxrwxrwx+ 2 carson carson 2 Apr 3 07:30 foo
0:everyone@:delete_child:deny
1:everyone@:add_file/write_data:allow
2:owner@::deny
3:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/write_xattr/execute/write_attributes/write_acl
/write_owner:allow
4:group@:add_file/write_data/add_subdirectory/append_data:deny
5:group@:list_directory/read_data/execute:allow
6:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
/write_attributes/write_acl/write_owner:deny
7:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
/read_acl/synchronize:allow
carson:gandalf 0 $ touch foo/bar
carson:gandalf 0 $ ls -v foo/bar
-rw-r--r-- 1 carson carson 0 Apr 3 07:29 foo/bar
0:owner@:execute:deny
1:owner@:read_data/write_data/append_data/write_xattr/write_attributes
/write_acl/write_owner:allow
2:group@:write_data/append_data/execute:deny
3:group@:read_data:allow
4:everyone@:write_data/append_data/write_xattr/execute/write_attributes
/write_acl/write_owner:deny
5:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize
:allow
(different user)
gabe:gandalf 0 $ rm foo/bar
rm: foo/bar: override protection 644 (yes/no)? yes
carson:gandalf 0 $ ls -v foo/bar
foo/bar: No such file or directory
Let's make it more fun:
carson:gandalf 0 $ touch foo/bar
carson:gandalf 0 $ chmod A+everyone@:delete:deny foo/bar
carson:gandalf 0 $ ls -dv foo/bar
-rw-r--r--+ 1 carson carson 0 Apr 3 07:33 foo/bar
0:everyone@:delete:deny
1:owner@:execute:deny
2:owner@:read_data/write_data/append_data/write_xattr/write_attributes
/write_acl/write_owner:allow
3:group@:write_data/append_data/execute:deny
4:group@:read_data:allow
5:everyone@:write_data/append_data/write_xattr/execute/write_attributes
/write_acl/write_owner:deny
6:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize
:allow
gabe:gandalf 0 $ rm foo/bar
rm: foo/bar: override protection 644 (yes/no)? yes
carson:gandalf 0 $ ls -dv foo/bar
foo/bar: No such file or directory
--
Carson
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
