New ZFS "passthrough" ACL inheritance rules [PSARC/2008/231 FastTrack timeout 04/08/2008]
Mark Shellenbaum
Mark.Shellenbaum at sun.com
Tue Apr 1 13:47:52 PDT 2008
Alan M Wright wrote:
> Mark Shellenbaum wrote:
>> Darren J Moffat wrote:
>>> Mark Shellenbaum wrote:
>>>> Darren J Moffat wrote:
>>>>> Since this proposed behaviour is the default for ACLs on UFS why
>>>>> isn't it the default for ZFS too ?
>>>>
>>>> I'm more than willing to make this the default behavior for ZFS, but
>>>> it will affect POSIX compliance. If thats alright with everyone
>>>> then I can change it to be the default.
>>>
>>> Would this be the one and only setting that means that a ZFS dataset
>>> wouldn't be in a POSIX compliant configuration by default ? If it is
>>> then I would say it shouldn't be changed. However if there are
>>> others then IMO the default ACL behaviour should be the one that
>>> matches NFSv4 and what people expect of ACLs regardless of what POSIX
>>> thinks.
>>>
>>
>> Lets leave the default as it is, and have the new inheritance behavior
>> only take place under "passthrough". We can always change this later
>> with another fast track.
>>
>>>
>>>>>
>>>>> Also shouldn't "secure" be "posix" because "secure" is subjective
>>>>> and relative.
>>>>>
>>>>
>>>> secure is what it was called in the original ZFS ARC case. I can
>>>> change it to "posix" if you want. My only concern would be if users
>>>> have become accustomed to its present value.
>>>
>>> What about an alias ?
>>>
>>
>> How about I rename "secure" to "restricted" and have an alias for
>> "secure".
>>
>> -Mark
>
> Mark,
>
> While you are doing this, would it be possible to get aliases for some
> standard chmod settings?
>
Why don't you open an RFE for that and I will take care of it, but its
not part of this case.
> For example, currently, to set FullControl we have:
>
> chmod A=everyone@:rwxpdDaARWcCos:fd:allow /pool/fs
>
> For most people that probably requires use of the man page every time.
> It would be nice if we could do:
>
> chmod A=everyone@:$FullControl:fd:allow /pool/fs
>
> How about three aliases: $READ, $CHANGE, $FULLCONTROL
>
> $Read: read, execute, view properties/permissions
> (directory: list contents)
> Alias for: rxacR
>
> $Change: $Read, write, delete, modify properties/permissions
> (directory: add files/sub-directories)
> Alias for: rwxpdDaARWcC
>
> $FullControl: $Change, write-owner
> Alias for: rwxpdDaARWcCos
>
> I'm not hung up on the doller ($) prefix or the names but it would
> be good to have something to make this easier than it is now.
>
> Alan
More information about the opensolaris-arc
mailing list