diff options
| author | Andrew Walker <awalker@ixsystems.com> | 2020-09-24 11:42:16 -0400 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2020-10-15 19:07:40 +0000 |
| commit | c10ae30c1185463eb937f69c1fc9914558087167 (patch) | |
| tree | 02fc5719330c2d683831468d1cb023744db93792 /docs-xml | |
| parent | f763b1e43640082af80c855a4a519f7747a6c87c (diff) | |
| download | samba-c10ae30c1185463eb937f69c1fc9914558087167.tar.gz | |
vfs_zfsacl: Add new parameter to stop automatic addition of special entries
Prevent ZFS from automatically adding NFSv4 special entries (owner@, group@,
everyone@). ZFS will automatically add these these entries when calculating the
inherited ACL of new files if the ACL of the parent directory lacks an
inheriting special entry. This may result in user confusion and unexpected
change in permissions of files and directories as the inherited ACL is
generated. Blocking this behavior is achieved by setting an inheriting
everyone@ that grants no permissions and not adding the entry to the file's
Security Descriptor.
This change also updates behavior so that the fd-based syscall facl() is
used where possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14470
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'docs-xml')
| -rw-r--r-- | docs-xml/manpages/vfs_zfsacl.8.xml | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/docs-xml/manpages/vfs_zfsacl.8.xml b/docs-xml/manpages/vfs_zfsacl.8.xml index ae583409fe1..1ac954b9429 100644 --- a/docs-xml/manpages/vfs_zfsacl.8.xml +++ b/docs-xml/manpages/vfs_zfsacl.8.xml @@ -141,6 +141,26 @@ </varlistentry> <varlistentry> + <term>zfsacl:block_special = [yes|no]</term> + <listitem> + <para>Prevent ZFS from automatically adding NFSv4 special + entries (owner@, group@, everyone@). ZFS will automatically + generate these these entries when calculating the inherited ACL + of new files if the ACL of the parent directory lacks an + inheriting special entry. This may result in user confusion and + unexpected change in permissions of files and directories as the + inherited ACL is generated. Blocking this behavior is achieved + by setting an inheriting everyone@ that grants no permissions + and not adding the entry to the file's Security + Descriptor</para> + <itemizedlist> + <listitem><para><command>yes (default)</command></para></listitem> + <listitem><para><command>no</command></para></listitem> + </itemizedlist> + </listitem> + </varlistentry> + + <varlistentry> <term>zfsacl:map_dacl_protected = [yes|no]</term> <listitem> <para>If enabled and the ZFS ACL on the underlying filesystem does not contain |