Drew Balfour wrote:
I have OSol 2009.06 (b111a), and I'm not sure I'm getting this ZFS ACL thing:%whoami abalfour % ls -V file ----------+ 1 abalfour root 1474560 May 11 18:43 file owner@:-w--d--A-W-C--:-------:denyaccording to that ACL I shouldn't be able to write anything having to do with file, correct?% cat >> file zsh: permission denied: file % mv file foo mv: cannot rename file to foo: Permission denied % rm file rm: file: override protection 0 (yes/no)? y rm: file not removed: Permission denied So far, so good. But then I can do this: % chmod A=owner@:full_set:allow file % ls -V file -rwx------+ 1 abalfour root 1474560 May 11 18:43 file owner@:rwxpdDaARWcCos:-------:allow % rm file %I've tried this with all the aclmode values on the filesystem, and it's always the same behavior.
aclmode has no bearing on that. that only comes into play during file creation or during a chmod operation.
Am I missing something? Does the owner always have the ability to change the ACL to whatever they want?
Nope, the owner always has the ability to fix broken permissions on files. Otherwise the owner would be locked out of their own files.
Here is a similar example on UFS, but without an ACL. $ touch file $ chmod 000 file $ echo this >file /bin/ksh93: file: cannot create [Permission denied] $ chmod 644 file _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
