[OmniOS-discuss] issue 8984 (fix for 6764 breaks ACL inheritance)
Paul B. Henson
henson at acm.org
Sun Feb 18 20:47:25 UTC 2018
On Sun, Feb 18, 2018 at 05:20:43PM +0100, Andries Annema wrote:
> Playing around with r151022, I may have bumped into the same issue here.
> The ACE's that I set on the parent directory are nicely inherited, but
> on top of that, another ACE for owner@, group@ and everyone@ is added.
Yup, that looks like it :(.
> Another weird thing I noticed is that these unwanted ACE's are *only*
> added when the file is created directly from the command line on the
> server itself or from a non-global zone that has the dataset
> lofs-mounted; files created from a Windows client, through a CIFS/SMB
> mount, do *not* get the extra unwanted ACE's. Now, where the heck does
> that difference come from...?!
The underlying bug is a chmod is incorrectly executed during the
creation of the file using the requested creation mode (modified by
umask), resulting in an ACL based on your aclmode setting. If you're
using the in-kernel CIFS server, that bypasses the POSIX layer, and as
such the chmod isn't called and there's no brokenness to the ACL.
Fortunately thanks to the great responsiveness of the omniosce team :),
as posted there is a fix available for testing already. We're going to be
applying it to our dev systems tomorrow to try out.
More information about the OmniOS-discuss
mailing list