diff options
author | Massimo Maggi <[email protected]> | 2013-10-28 09:22:15 -0700 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2013-10-29 14:54:26 -0700 |
commit | 023699cd62eb033ebed5e5fae4e13acaba4c5461 (patch) | |
tree | cc36188907422afa2ae4f74c217760d5379805b4 /man | |
parent | 7c2448a33ee71be1671c158a167559d1320ff839 (diff) |
Posix ACL Support
This change adds support for Posix ACLs by storing them as an xattr
which is common practice for many Linux file systems. Since the
Posix ACL is stored as an xattr it will not overwrite any existing
ZFS/NFSv4 ACLs which may have been set. The Posix ACL will also
be non-functional on other platforms although it may be visible
as an xattr if that platform understands SA based xattrs.
By default Posix ACLs are disabled but they may be enabled with
the new 'aclmode=noacl|posixacl' property. Set the property to
'posixacl' to enable them. If ZFS/NFSv4 ACL support is ever added
an appropriate acltype will be added.
This change passes the POSIX Test Suite cleanly with the exception
of xacl/00.t test 45 which is incorrect for Linux (Ext4 fails too).
http://www.tuxera.com/community/posix-test-suite/
Signed-off-by: Massimo Maggi <[email protected]>
Signed-off-by: Richard Yao <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #170
Diffstat (limited to 'man')
-rw-r--r-- | man/man8/zfs.8 | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/man/man8/zfs.8 b/man/man8/zfs.8 index fd612afd3..65d98ce76 100644 --- a/man/man8/zfs.8 +++ b/man/man8/zfs.8 @@ -676,17 +676,31 @@ The following native properties can be used to change the behavior of a \fBZFS\f Controls how \fBACL\fR entries are inherited when files and directories are created. A file system with an \fBaclinherit\fR property of \fBdiscard\fR does not inherit any \fBACL\fR entries. A file system with an \fBaclinherit\fR property value of \fBnoallow\fR only inherits inheritable \fBACL\fR entries that specify "deny" permissions. The property value \fBrestricted\fR (the default) removes the \fBwrite_acl\fR and \fBwrite_owner\fR permissions when the \fBACL\fR entry is inherited. A file system with an \fBaclinherit\fR property value of \fBpassthrough\fR inherits all inheritable \fBACL\fR entries without any modifications made to the \fBACL\fR entries when they are inherited. A file system with an \fBaclinherit\fR property value of \fBpassthrough-x\fR has the same meaning as \fBpassthrough\fR, except that the \fBowner@\fR, \fBgroup@\fR, and \fBeveryone@\fR \fBACE\fRs inherit the execute permission only if the file creation mode also requests the execute bit. .sp When the property value is set to \fBpassthrough\fR, files are created with a mode determined by the inheritable \fBACE\fRs. If no inheritable \fBACE\fRs exist that affect the mode, then the mode is set in accordance to the requested mode from the application. +.sp +The \fBaclinherit\fR property does not apply to Posix ACLs. .RE .sp .ne 2 .mk .na -\fB\fBaclmode\fR=\fBdiscard\fR | \fBgroupmask\fR | \fBpassthrough\fR\fR +\fB\fBacltype\fR=\fBnoacl\fR | \fBposixacl\fR \fR .ad .sp .6 .RS 4n -Controls how an \fBACL\fR is modified during \fBchmod\fR(2). A file system with an \fBaclmode\fR property of \fBdiscard\fR deletes all \fBACL\fR entries that do not represent the mode of the file. An \fBaclmode\fR property of \fBgroupmask\fR (the default) reduces user or group permissions. The permissions are reduced, such that they are no greater than the group permission bits, unless it is a user entry that has the same \fBUID\fR as the owner of the file or directory. In this case, the \fBACL\fR permissions are reduced so that they are no greater than owner permission bits. A file system with an \fBaclmode\fR property of \fBpassthrough\fR indicates that no changes are made to the \fBACL\fR other than generating the necessary \fBACL\fR entries to represent the new mode of the file or directory. +Controls whether ACLs are enabled and if so what type of ACL to use. When +a file system has the \fBacltype\fR property set to \fBnoacl\fR (the default) +then ACLs are disabled. Setting the \fBacltype\fR property to \fBposixacl\fR +indicates Posix ACLs should be used. Posix ACLs are specific to Linux and +are not functional on other platforms. Posix ACLs are stored as an xattr and +therefore will not overwrite any existing ZFS/NFSv4 ACLs which may be set. +Currently only \fBposixacls\fR are supported on Linux. +.sp +To obtain the best performance when setting \fBposixacl\fR users are strongly +encouraged to set the \fBxattr=sa\fR property. This will result in the +Posix ACL being stored more efficiently on disk. But as a consequence of this +all new xattrs will only be accessable from ZFS implementations which support +the \fBxattr=sa\fR property. See the \fBxattr\fR property for more details. .RE .sp @@ -2696,8 +2710,8 @@ userprop other Allows changing any user property userquota other Allows accessing any userquota@... property userused other Allows reading any userused@... property +acltype property aclinherit property -aclmode property atime property canmount property casesensitivity property @@ -3068,7 +3082,7 @@ pool/home/bob setuid on default pool/home/bob readonly off default pool/home/bob zoned off default pool/home/bob snapdir hidden default -pool/home/bob aclmode groupmask default +pool/home/bob acltype off default pool/home/bob aclinherit restricted default pool/home/bob canmount on default pool/home/bob shareiscsi off default |