[PATCH] zfsacl: Fix ACL behavior issues with vfs_zfsacl

Ralph Boehme slow at samba.org
Mon May 27 09:34:17 UTC 2019

Hi Andrew,

On 5/20/19 1:00 PM, Andrew Walker via samba-technical wrote:
 > Thanks for the feedback and suggestions. I'll try to get this done this
> week or next week. You are correct that ZFS has the  NFSv4.1 ACL flags, but
> FreeBSD does not currently implement NFSv4.1 ACL inheritance. The
> suggestion of just mapping what we receive over the wire is a good one. I
> could probably do this for the case of Solaris and Illumos.
> One possible alternative is that I could move this logic/lies to libsunacl
> (the library that maps ZFS ACLs to FreeBSD ACLs) so that there won't be a
> FreeBSD-specific parameter for vfs_zfsacl. In this case the only thing I
> would need to add to fix disabling inheritance in samba is mapping the
> NFSv4.1 ACL flags to control flags like gpfs does.
> Let me know if you prefer the second approach.

Not sure if I like either of both. :)

Iirc the protected flag only comes to play client side, when Windows
Explorer performs tree inheritance for new created ACEs. My NT ACL mind
model is currently swapped out and not fully swapped back in, so I might
be missing something. Jeremy?

So basically the only thing you need to implement this in the filesystem
is storing the flag, no need to attach any semantics to it in the
filesystem. The chmod command could be updated to honor the flag when
appyling ACL changes in directory tree mode, not sure if how GPFS
handles this.

Christof do you know? I guess chmod on GPFS will ignore the protected flag.

So ideally we could convince the OpenZFS folks to add the flag and store
it on disk. I'm still not convinced that setting the flag for any ACL
that doesn't contain inheritable ACEs is a good idea.


Ralph Boehme, Samba Team                https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG-Fingerprint   FAE2C6088A24252051C559E4AA1E9B7126399E46
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 1757 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190527/13655e80/pEpkey.key>

More information about the samba-technical mailing list