ACL interitance question

Hallo everybody!

I am experiencing with ZFS and ACL interitance. Normally I have a very simple permission structure, the owner and primary group and one additional group with read access. My goal is to set permissions on the zfs root folder in a manner that if I add a group to the zfs root folder the group is automatically set to all existing files and folders within the root folder. I expected that with inheritance this should work without problems, but adding a group to the root folder always need a "-r" switch to set the permissions on the subfiles and folders.

Why are existing files not affected by permission changes on a parent folder although inheritance is set?

Code:
zfs get all zfs01:
zfs01  aclmode               groupmask              local
zfs01  aclinherit            passthrough            local

Permissions are set as follows:

Code:
chgrp admins@mydomain.at /zfs01
chmod g+s /zfs01
chmod A=owner@:rwxpcCosRrWaAdD:fd:allow /zfs01
chmod A+group@:rwxpcCosRrWaAdD:fd:allow /zfs01
chmod A+everyone@::fd:allow /zfs01
chmod A+group:sales@mydomain.at:rxcRa:fd:allow /zfs01

If I now change the permissions to "sales@mydomain.at" only the permissions on the root folders are changed without the "-r" parameter, that makes no sense to me:

Code:
chmod A0=group:sales@mydomain.at:write_data:fd:allow /zfs01

Please give me an idea for this behavior.
 
Back
Top