Prevent zfs_acl_chmod() if aclmode restricted and ACL inherited

In absence of inheriting entry for owner@, group@, or everyone@, zfs_acl_chmod() is called to set these. This can cause confusion for Samba admins who do not expect these entries to appear on newly created files and directories once they have been stripped from from the parent directory. When aclmode is set to "restricted", chmod is prevented on non-trivial ACLs. It is not a stretch to assume that in this case the administrator does not want ZFS to add the missing special entries. Add check for this aclmode, and if an inherited entry is present skip zfs_acl_chmod(). Reviewed-by: Ryan Moeller <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Andrew Walker <[email protected]> Closes #10748
author: Andrew <[email protected]> 2020-08-23 00:49:25 -0400
committer: GitHub <[email protected]> 2020-08-22 21:49:25 -0700
commit: a741b386d3ce195fd3eb2e98066f9abffbbace89 (patch)
tree: 6ebcc92fa8fa3f42673c9cd09fd155c30052b9ab /module/os/linux/zfs/zfs_acl.c
parent: ab4a78c7444fc6fa410261166f1b75e50d8be872 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/module/os/linux/zfs/zfs_acl.c b/module/os/linux/zfs/zfs_acl.c
index 87547eb54..8d79878c0 100644
--- a/module/os/linux/zfs/zfs_acl.c
+++ b/module/os/linux/zfs/zfs_acl.c
@@ -1766,6 +1766,10 @@ zfs_acl_inherit(zfsvfs_t *zfsvfs, umode_t va_mode, zfs_acl_t *paclp,
 			    newflags|ACE_INHERITED_ACE);
 		}
 	}
+	if (zfsvfs->z_acl_mode == ZFS_ACL_RESTRICTED &&
+	    aclp->z_acl_count != 0) {
+		*need_chmod = B_FALSE;
+	}
 
 	return (aclp);
 }
author	Andrew <[email protected]>	2020-08-23 00:49:25 -0400
committer	GitHub <[email protected]>	2020-08-22 21:49:25 -0700
commit	a741b386d3ce195fd3eb2e98066f9abffbbace89 (patch)
tree	6ebcc92fa8fa3f42673c9cd09fd155c30052b9ab /module/os/linux/zfs/zfs_acl.c
parent	ab4a78c7444fc6fa410261166f1b75e50d8be872 (diff)