Bug 14470 - vfs_zfsacl improvements to ACL handling
Summary: vfs_zfsacl improvements to ACL handling
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: 4.11.6
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Ralph Böhme
QA Contact: Ralph Böhme
Depends on:
Reported: 2020-08-20 13:49 UTC by Ralph Böhme
Modified: 2020-08-20 14:35 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2020-08-20 13:49:12 UTC
ZFS ACL inheritance results in automatically adding NFSv4 special entries (owner@, group@, everyone@) to inherited ACLs which is confusing to Windows users maintaing ACLs via Windows tools and expecting Windows semantics.

ZFS will automatically add these these entries when calculating the inherited ACL of new files if the ACL of the parent directory lacks an inheriting special entry. This may result in user confusion and unexpected change in permissions of files and directories as the inherited ACL is generated.

Blocking this behavior is achieved by setting an inheriting everyone@ that grants no permissions and not adding the entry to the file's Security Descriptor when the client queries the SD.