| commit | 1bf997aa2443248b07933dfc2dc5d9f3cadeef4b | |
| author | Andrew Walker <awalker@ixsystems.com> | |
| Thu, 24 Sep 2020 15:42:16 +0000 (24 11:42 -0400) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Fri, 30 Oct 2020 13:54:18 +0000 (30 13:54 +0000) | ||
| tree | 2ee434510025d99a0e134da628ec40772f40fe50 | treesnapshot (tar.gz zip) |
| parent | 78d843f43626a876557d3c6738329282adeb4dab | commitdiff |
vfs_zfsacl: Add new parameter to stop automatic addition of special entries
Prevent ZFS from automatically adding NFSv4 special entries (owner@, group@,
everyone@). ZFS will automatically add these these entries when calculating the
inherited ACL of new files if the ACL of the parent directory lacks an
inheriting special entry. This may result in user confusion and unexpected
change in permissions of files and directories as the inherited ACL is
generated. Blocking this behavior is achieved by setting an inheriting
everyone@ that grants no permissions and not adding the entry to the file's
Security Descriptor.
This change also updates behavior so that the fd-based syscall facl() is
used where possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14470
RN: vfs_zfsacl: Add new parameter to stop automatic addition of special entries
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c10ae30c1185463eb937f69c1fc9914558087167)
Prevent ZFS from automatically adding NFSv4 special entries (owner@, group@,
everyone@). ZFS will automatically add these these entries when calculating the
inherited ACL of new files if the ACL of the parent directory lacks an
inheriting special entry. This may result in user confusion and unexpected
change in permissions of files and directories as the inherited ACL is
generated. Blocking this behavior is achieved by setting an inheriting
everyone@ that grants no permissions and not adding the entry to the file's
Security Descriptor.
This change also updates behavior so that the fd-based syscall facl() is
used where possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14470
RN: vfs_zfsacl: Add new parameter to stop automatic addition of special entries
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c10ae30c1185463eb937f69c1fc9914558087167)
| docs-xml/manpages/vfs_zfsacl.8.xml | diffblobblamehistory | |
| source3/modules/vfs_zfsacl.c | diffblobblamehistory |