git.samba.org - bbaumbach/samba-autobuild/.git/commit - docs-xml/manpages/vfs

author	Andrew Walker <awalker@ixsystems.com>
	Thu, 24 Sep 2020 15:42:16 +0000 (11:42 -0400)
committer	Jeremy Allison <jra@samba.org>
	Thu, 15 Oct 2020 19:07:40 +0000 (19:07 +0000)
commit	c10ae30c1185463eb937f69c1fc9914558087167
tree	02fc5719330c2d683831468d1cb023744db93792	tree
parent	f763b1e43640082af80c855a4a519f7747a6c87c	commit \| diff

vfs_zfsacl: Add new parameter to stop automatic addition of special entries

Prevent ZFS from automatically adding NFSv4 special entries (owner@, group@,
everyone@). ZFS will automatically add these these entries when calculating the
inherited ACL of new files if the ACL of the parent directory lacks an
inheriting special entry. This may result in user confusion and unexpected
change in permissions of files and directories as the inherited ACL is
generated. Blocking this behavior is achieved by setting an inheriting
everyone@ that grants no permissions and not adding the entry to the file's
Security Descriptor.

This change also updates behavior so that the fd-based syscall facl() is
used where possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14470

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

docs-xml/manpages/vfs_zfsacl.8.xml		diff \| blob \| history
source3/modules/vfs_zfsacl.c		diff \| blob \| history