Hallo everybody!
I am experiencing with ZFS and ACL interitance. Normally I have a very simple permission structure, the owner and primary group and one additional group with read access. My goal is to set permissions on the zfs root folder in a manner that if I add a group to the zfs root folder the group is automatically set to all existing files and folders within the root folder. I expected that with inheritance this should work without problems, but adding a group to the root folder always need a "-r" switch to set the permissions on the subfiles and folders.
Why are existing files not affected by permission changes on a parent folder although inheritance is set?
Permissions are set as follows:
If I now change the permissions to "sales@mydomain.at" only the permissions on the root folders are changed without the "-r" parameter, that makes no sense to me:
Please give me an idea for this behavior.
I am experiencing with ZFS and ACL interitance. Normally I have a very simple permission structure, the owner and primary group and one additional group with read access. My goal is to set permissions on the zfs root folder in a manner that if I add a group to the zfs root folder the group is automatically set to all existing files and folders within the root folder. I expected that with inheritance this should work without problems, but adding a group to the root folder always need a "-r" switch to set the permissions on the subfiles and folders.
Why are existing files not affected by permission changes on a parent folder although inheritance is set?
Code:
zfs get all zfs01:
zfs01 aclmode groupmask local
zfs01 aclinherit passthrough local
Permissions are set as follows:
Code:
chgrp admins@mydomain.at /zfs01
chmod g+s /zfs01
chmod A=owner@:rwxpcCosRrWaAdD:fd:allow /zfs01
chmod A+group@:rwxpcCosRrWaAdD:fd:allow /zfs01
chmod A+everyone@::fd:allow /zfs01
chmod A+group:sales@mydomain.at:rxcRa:fd:allow /zfs01
If I now change the permissions to "sales@mydomain.at" only the permissions on the root folders are changed without the "-r" parameter, that makes no sense to me:
Code:
chmod A0=group:sales@mydomain.at:write_data:fd:allow /zfs01
Please give me an idea for this behavior.