On 03/01/10 13:50, Miles Nordin wrote:
"dd" == David Dyer-Bennet<d...@dd-b.net> writes:
dd> Okay, but the argument goes the other way just as well -- when
dd> I run "chmod 6400 foobar", I want the permissions set that
dd> specific way, and I don't want some magic background feature
dd> blocking me.
This will be true either way. Even if chmod isn't ignored, it will
reach into the nest of ACL's and mangle them in some non-obvious way
with unpredictable consequences, and the mangling will be implemented
by a magical background feature.
actually, you can be surprised even if there are no acls in use -- if,
unbeknownst to you, some user has been granted file_dac_read or
file_dac_write privilege, they will be able to bypass the file modes for
read and/or for write.
Likewise if that user has been delegated zfs "send" rights on the
filesystem the file is in, they'll be able to read every bit of the file.
- Bill
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
