Hello,
First my configuration.
I am using ZFS with one raidz pool:
and four zfs filesystem:
We will focus on "/homeData" and "/homeData/testACL2".
ZFS property for ACL is set as show bellow:
Here ACL for "homeData" (default):
and here for "testACL2" (custom):
Ok, now the question.
If I create a directory under the "/homeData/testACL2" like this:
ACL's are as expected:
That's great.
I have created an other directory in an UFS system without "acl" property and then moved it under the ZFS "testACL2" file system.
The problem is here, ACL's aren't as expected to be:
It seems to be a mixt of homeData, testACL2 and ohter.
It seems that the three ACL in blue are the same as the one just upper (in green) but without the four first bit (rwxp).
Is this normal ? How to avoid that behavior ?
Each file or directory moved from one place to an other one will get "wrong" ACL.
I will have to modify each one by and.
Thank you.
Bests regards,
First my configuration.
I am using ZFS with one raidz pool:
Code:
root# zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
homeData 7.25T 2.74T 4.51T 37% ONLINE -
Code:
root# zfs list
NAME USED AVAIL REFER MOUNTPOINT
homeData 2.06T 3.28T 2.02T /homeData
homeData/A 34.6G 3.28T 34.6G /mountA
homeData/B 758M 3.29T 758M /mountB
homeData/testACL2 44.1K 3.28T 44.1K /homeData/testACL2
We will focus on "/homeData" and "/homeData/testACL2".
ZFS property for ACL is set as show bellow:
Code:
NAME PROPERTY VALUE SOURCE
homeData aclinherit discard local
homeData aclmode discard local
homeData/testACL2 aclinherit passthrough local
homeData/testACL2 aclmode passthrough local
Here ACL for "homeData" (default):
Code:
# file: /homeData/
# owner: root
# group: wheel
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:------:allow
group@:-w-p----------:------:deny
group@:r-x-----------:------:allow
everyone@:-w-p---A-W-Co-:------:deny
everyone@:r-x---a-R-c--s:------:allow
and here for "testACL2" (custom):
Code:
# file: /homeData/testACL2/
# owner: root
# group: wheel
owner@:--------------:fd----:deny
owner@:rwxp---A-W-Co-:fd----:allow
group@:--------------:fd----:deny
group@:rwxp----------:fd----:allow
everyone@:rwxpDdaARWcCos:fd----:deny
Ok, now the question.
If I create a directory under the "/homeData/testACL2" like this:
Code:
root# mkdir /homeData/testACL2/dir1
Code:
# file: /homeData/testACL2/dir1/
# owner: root
# group: wheel
owner@:--------------:fdi---:deny
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:fdi---:allow
owner@:rwxp---A-W-Co-:------:allow
group@:--------------:fdi---:deny
group@:--------------:------:deny
group@:rwxp----------:fdi---:allow
group@:rwxp----------:------:allow
everyone@:rwxpDdaARWcCos:fdi---:deny
everyone@:rwxpDdaARWcCos:------:deny
That's great.
I have created an other directory in an UFS system without "acl" property and then moved it under the ZFS "testACL2" file system.
Code:
root# mkdir /tmp/dir2
root# mv /tmp/dir2 /homeData/testACL2/
The problem is here, ACL's aren't as expected to be:
Code:
# file: /homeData/testACL2/dir3
# owner: root
# group: wheel
[color="SeaGreen"]owner@:--------------:fdi---:deny
owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:fdi---:allow[/color]
[color="Blue"]owner@:-------A-W-Co-:------:allow[/color]
[color="SeaGreen"]group@:--------------:fdi---:deny
group@:--------------:------:deny
group@:rwxp----------:fdi---:allow[/color]
[color="Blue"]group@:--------------:------:allow[/color]
[color="SeaGreen"]everyone@:rwxpDdaARWcCos:fdi---:deny[/color]
[color="Blue"]everyone@:----DdaARWcCos:------:deny[/color]
[color="Red"]owner@:--------------:------:deny
owner@:rwxp---A-W-Co-:------:allow
group@:-w-p----------:------:deny
group@:r-x-----------:------:allow
everyone@:-w-p---A-W-Co-:------:deny
everyone@:r-x---a-R-c--s:------:allow[/color]
It seems to be a mixt of homeData, testACL2 and ohter.
It seems that the three ACL in blue are the same as the one just upper (in green) but without the four first bit (rwxp).
Is this normal ? How to avoid that behavior ?
Each file or directory moved from one place to an other one will get "wrong" ACL.
I will have to modify each one by and.
Thank you.
Bests regards,