[OmniOS-discuss] issue 8984 (fix for 6764 breaks ACL inheritance)
Andries Annema
an3s.annema at gmail.com
Tue Feb 20 19:20:59 UTC 2018
Paul,
Thanks for the insight!
And thumbs up for the team working on this bug already.
Cheers,
On 2018-02-18 21:47, Paul B. Henson wrote:
> On Sun, Feb 18, 2018 at 05:20:43PM +0100, Andries Annema wrote:
>> Playing around with r151022, I may have bumped into the same issue here.
>> The ACE's that I set on the parent directory are nicely inherited, but
>> on top of that, another ACE for owner@, group@ and everyone@ is added.
> Yup, that looks like it :(.
>
>> Another weird thing I noticed is that these unwanted ACE's are *only*
>> added when the file is created directly from the command line on the
>> server itself or from a non-global zone that has the dataset
>> lofs-mounted; files created from a Windows client, through a CIFS/SMB
>> mount, do *not* get the extra unwanted ACE's. Now, where the heck does
>> that difference come from...?!
> The underlying bug is a chmod is incorrectly executed during the
> creation of the file using the requested creation mode (modified by
> umask), resulting in an ACL based on your aclmode setting. If you're
> using the in-kernel CIFS server, that bypasses the POSIX layer, and as
> such the chmod isn't called and there's no brokenness to the ACL.
>
> Fortunately thanks to the great responsiveness of the omniosce team :),
> as posted there is a fix available for testing already. We're going to be
> applying it to our dev systems tomorrow to try out.
More information about the OmniOS-discuss
mailing list