On Fri, 26 Feb 2010, David Dyer-Bennet wrote: > chown ddb /path/to/file > chmod 640 /path/to/file > > constitutes explicit instructions to give read-write access to ddb, read > access to people in the group, and no access to others. Now, how should > that be combined with an ACL?
The first changes the owner of the file, and hence what object the special owner@ ACE applies to. The second (assuming "file" has a non-trivial ACL) is an attempt to change the permission related mode bits on a file with an ACL. There are three ways this could currently be handled by the solaris implementation, all of which end up applying mode bit permission changes to the ACL. I'd like to see two more ways implemented, both of which would result in no change to the ACL. > I'll tell you, if I type that and then find I (I'm "ddb") *can't* read the > file, I'm going to be REALLY unhappy. Then clearly you should configure your zfs filesystem in such a manner as to propogate the mode bit changes to the ACL. Which is currently, and even if the additional modes I'd like to see are implemented, would remain the default. So unless you explicitly selected an alternative that better met your needs you could continue to ignore the differences between legacy mode bits and ACL's. > The concept of having parts of a filesystem designated ACL-only and parts > designated permissions-only leads to a total nightmare for utilities, > applications, and admin scripts of all kinds, so I don't think that can > be the answer. I disagree. If your deployment scenario is better served by preventing a ACL from being mangled by a well intentioned but destructive mapping of legacy permission mode bits, why shouldn't that option be available for you? Nobody would be forced to use it. It would probably be very unwise to set such an option on a root pool filesystem. But for a data filesystem with files accessed both via CIFS and NFSv4, the ability to keep *exactly* that same set of utilities, applications, and admin scripts from screwing up your ACL's would be invaluable. > Maybe you could make some rules, though. No, that's been tried before. There is no good mapping from mode bits to ACL's. My understanding is that Sun is currently considering getting rid of both the groupmask and passthrough aclmode's (both examples of trying to apply rules to map mode bit changes to ACL's), leaving only discard. I actually agree with that -- if you're going to apply mode bit changes to an object with an ACL, you might as well just get rid of it. However, in addition to discard, I think an option to just not *let* the ACL be destroyed should also be available. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | hen...@csupomona.edu California State Polytechnic University | Pomona CA 91768 _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
