On Tue, 28 Sep 2010, Nicolas Williams wrote: > I've researched this enough (mainly by reading most of the ~240 or so > relevant zfs-discuss posts and several bug reports)
And I think some fair fraction of those posts were from me, so I'll try not to start rehashing old discussions ;). > That only leaves aclmode=discard and some variant of aclmode=groupmask > that is less confusing. Or aclmode=deny, which is pretty simple, not very confusing, and basically the only paradigm that will prevent chmod from breaking your ACL. > So one might wonder: can one determine user intent from the ACL prior to > the change and the mode/POSIX ACL being set, and then edit the ZFS ACL > in a way that approximates the user's intention? You're assuming the user is intentionally executing the chmod, or even *aware* of it happening. Probably at least 99% of the chmod calls executed on a file with a ZFS ACL at my site are the result of non-ACL aware legacy apps being stupid. In which case the *user* intent to to *leave the damn ACL alone* :)... > But much better than that would be if we just move to a ZFS ACL world > (which, among other things, means we'll need a simple libc API for > editing ACLs). Yep. And a good first step towards an ACL world would be providing a way to keep chmod from destroying ACLs in the current world... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | hen...@csupomona.edu California State Polytechnic University | Pomona CA 91768 _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss