Bug 10160 - NFSv4 ACLs: default zfs ACL shows up as 'special' not WRITE
NFSv4 ACLs: default zfs ACL shows up as 'special' not WRITE
Status: ASSIGNED
Product: Samba 3.6
Classification: Unclassified
Component: File services
3.6.18
All All
: P5 normal
: ---
Assigned To: Volker Lendecke
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-20 20:50 UTC by Andrew Bartlett
Modified: 2013-09-20 21:54 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2013-09-20 20:50:31 UTC
This happens with the default ACL on our ZFS share, and both smbclient and the windows GUI both show the ACL as something more complex than just 'WRITE'.  Windows shows 'special permissions' down the bottom of the ACL tool, for example.
Comment 1 Justin Maggard 2013-09-20 21:01:39 UTC
After modifying in the Windows GUI:

root@res-c7-95-b6:~# smbcacls //localhost/ns4 'New folder (2)/The test folder'
Enter root's password: 
REVISION:1
CONTROL:0x8004
OWNER:Unix User\guest
GROUP:Unix Group\guest
ACL:Everyone:ALLOWED/OI|CI/READ
ACL:Unix User\guest:ALLOWED/OI|CI/FULL
ACL:Unix Group\guest:ALLOWED/OI|CI/READ

root@res-c7-95-b6:~# /usr/sun/bin/ls -ladV '/v2/ns4/New folder (2)/The test folder'
drwxr-xr-x+  2 guest    guest          2 Sep 20 11:05 /v2/ns4/New folder (2)/The test folder
              everyone@:r-x---a-R-c---:fd-----:allow
             user:guest:rwxpdDaARWcCo-:fd-----:allow
            group:guest:r-x---a-R-c---:fd-----:allow

root@res-c7-95-b6:~# /usr/sun/bin/ls -ladv '/v2/ns4/New folder (2)/The test folder'
drwxr-xr-x+  2 guest    guest          2 Sep 20 11:05 /v2/ns4/New folder (2)/The test folder
     0:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl:file_inherit/dir_inherit:allow
     1:user:guest:list_directory/read_data/add_file/write_data
         /add_subdirectory/append_data/read_xattr/write_xattr/execute
         /delete_child/read_attributes/write_attributes/delete/read_acl
         /write_acl/write_owner:file_inherit/dir_inherit:allow
     2:group:guest:list_directory/read_data/read_xattr/execute
         /read_attributes/read_acl:file_inherit/dir_inherit:allow


Before (unmodified directory):

root@res-c7-95-b6:~# smbcacls //localhost/ns4 'New folder (2)'                
Enter root's password: 
REVISION:1
CONTROL:0x8004
OWNER:Unix User\guest
GROUP:Unix Group\guest
ACL:Unix User\guest:ALLOWED/0x0/0x001e01ff
ACL:Unix Group\guest:ALLOWED/0x0/READ
ACL:Everyone:ALLOWED/0x0/READ

root@res-c7-95-b6:~# /usr/sun/bin/ls -ladv '/v2/ns4/New folder (2)'                
drwxr-xr-x   3 guest    guest          4 Sep 20 11:52 /v2/ns4/New folder (2)
     0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     1:group@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow
     2:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow

root@res-c7-95-b6:~# /usr/sun/bin/ls -ladV '/v2/ns4/New folder (2)'
drwxr-xr-x   3 guest    guest          4 Sep 20 11:52 /v2/ns4/New folder (2)
                 owner@:rwxp-DaARWcCos:-------:allow
                 group@:r-x---a-R-c--s:-------:allow
              everyone@:r-x---a-R-c--s:-------:allow
Comment 2 Andrew Bartlett 2013-09-20 21:08:29 UTC
We think this is related to the missing delete permission.  When we add back what look like the 'right' permissions, we get delete as well as all the others, and the ACL shows up normal, not special.  

Should we add in 'delete' to make the GUI happy, even if it isn't strictly true?

Additionally, the @owner does not seem to be being shown as CREATOR_OWNER, despite having the patch from #9467 installed.
Comment 3 Andrew Bartlett 2013-09-20 21:40:25 UTC
Alexander,

Do you see anything like this on your GPFS installation?