New ZFS "passthrough" ACL inheritance rules [PSARC/2008/231 FastTrack timeout 04/08/2008]

Alan M Wright amw at sun.com
Tue Apr 1 13:51:39 PDT 2008 

Mark Shellenbaum wrote:
> Alan M Wright wrote:
>> Mark Shellenbaum wrote:
>>> Darren J Moffat wrote:
>>>> Mark Shellenbaum wrote:
>>>>> Darren J Moffat wrote:
>>>>>> Since this proposed behaviour is the default for ACLs on UFS why 
>>>>>> isn't it the default for ZFS too ?
>>>>>
>>>>> I'm more than willing to make this the default behavior for ZFS, 
>>>>> but it will affect POSIX compliance.  If thats alright with 
>>>>> everyone then I can change it to be the default.
>>>>
>>>> Would this be the one and only setting that means that a ZFS dataset 
>>>> wouldn't be in a POSIX compliant configuration by default ?  If it 
>>>> is then I would say it shouldn't be changed.  However if there are 
>>>> others then IMO the default ACL behaviour should be the one that 
>>>> matches NFSv4 and what people expect of ACLs regardless of what 
>>>> POSIX thinks.
>>>>
>>>
>>> Lets leave the default as it is, and have the new inheritance 
>>> behavior only take place under "passthrough".  We can always change 
>>> this later with another fast track.
>>>
>>>>
>>>>>>
>>>>>> Also shouldn't "secure" be "posix" because "secure" is subjective 
>>>>>> and relative.
>>>>>>
>>>>>
>>>>> secure is what it was called in the original ZFS ARC case.  I can 
>>>>> change it to "posix" if you want.  My only concern would be if 
>>>>> users have become accustomed to its present value.
>>>>
>>>> What about an alias ?
>>>>
>>>
>>> How about I rename "secure" to "restricted" and have an alias for 
>>> "secure".
>>>
>>>   -Mark
>>
>> Mark,
>>
>> While you are doing this, would it be possible to get aliases for some
>> standard chmod settings?
>>
> 
> Why don't you open an RFE for that and I will take care of it, but its 
> not part of this case.

Okay.

Alan

>> For example, currently, to set FullControl we have:
>>
>>     chmod A=everyone@:rwxpdDaARWcCos:fd:allow /pool/fs
>>
>> For most people that probably requires use of the man page every time.
>> It would be nice if we could do:
>>
>>     chmod A=everyone@:$FullControl:fd:allow /pool/fs
>>
>> How about three aliases: $READ, $CHANGE, $FULLCONTROL
>>
>> $Read:         read, execute, view properties/permissions
>>                (directory: list contents)
>>                Alias for: rxacR
>>
>> $Change:       $Read, write, delete, modify properties/permissions
>>                (directory: add files/sub-directories)
>>                Alias for: rwxpdDaARWcC
>>
>> $FullControl:  $Change, write-owner
>>                Alias for: rwxpdDaARWcCos
>>
>> I'm not hung up on the doller ($) prefix or the names but it would
>> be good to have something to make this easier than it is now.
>>
>> Alan
>

More information about the opensolaris-arc mailing list