mapping SYNCHRONIZE permission in NTFS ACL for ZFS

J. Bruce Fields bfields at fieldses.org
Wed Jan 12 12:37:59 MST 2011


On Tue, Jan 11, 2011 at 01:35:19PM -0800, Paul B. Henson wrote:
> 
> I'm working with Solaris' bundled version of samba 3.5.5, and am seeing
> some weirdness with ACL mapping between ZFS and windows. By default (in my
> configuration), a new file in a directory inherits an initial (zfs) acl
> like:
> 
> -rw-------+  1 henson   csupomona       0 Jan 11 12:32 test.txt
>             owner@:rw-pdDaARWcC--:------:allow
> 
> Or more verbosely:
> 
> -rw-------+  1 henson   csupomona       0 Jan 11 12:32 test.txt
>      0:owner@:read_data/write_data/append_data/read_xattr/write_xattr
>          /delete_child/read_attributes/write_attributes/delete/read_acl
>          /write_acl:allow
...
> I also noticed that whenever an acl is set from the windows side, it also
> includes the SYNCHRONIZE permission for all entries. That permission isn't
> listed in the GUI, although the command line icacs program allows you to
> control it. It seems SYNCHRONIZE more or less should always be on?

That sounds like a ZFS bug to me....  I've verified in the past that
their NFSv4 server always set SYCHRONIZE by default--I suppose that
could have been a hack in their NFSv4 server, or they could have changed
the behavior since then.  Either would be strange.

--b.


More information about the samba-technical mailing list