I'm experiencing something I don't understand with ZFS ACLS.
Let me try with an example:
Step1: create the new folder "test" from a Microsoft client in a shared folder subdir.
Step2: permissions and ACL check from the command line
Code: Select all
filer1: XXXXXXX# ls -la
total 11
drwxrwxr-x 5 administrator domain_admins 5 Sep 6 16:56 .
drwxrwxrwx 11 root wheel 10 Sep 6 15:14 ..
drwxr-xr-x 2 administrator domain_admins 2 Sep 6 16:55 test
filer1: XXXXXXX# getfacl test
# file: test
# owner: root
# group: domain_admins
owner@:rwxp--aARWcCos:------:allow
group@:r-x---a-R-c--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
Administrator: Special Permissions
Domain Admins: Special Permissions
Everyone: Special Permissions
Step 4: Microsoft Client: change permissions (in this case I remove the "everyone" group and leave anything else untouched)
Code: Select all
filer1: XXXXXXX# ls -la
total 10
drwxrwxr-x 4 administrator domain_admins 4 Sep 6 17:06 .
d---rwx---+ 2 administrator domain_admins 2 Sep 6 17:06 test
Let's check the Acls:
Code: Select all
filer1: XXXXXXX# getfacl test
# file: test
# owner: administrator
# group: domain_admins
group:administrator:rwxpD-aARWcCo-:------:allow
group@:rwxpD-a-R-c---:------:allow
What I do not understand is:
- why the standard unix permissions for the owner got removed?
- why do I see an entry "group:administrator" in the getfacl output? Administrator is supposed to be an user, not a group
- why the "owner" acl entry vanished?
I get similar results when I try to modify the Admninistrator privileges (switching from "Special Permissions" to "Modify" or "Full control) and so on.
Sometimes I find that new "Deny" ACLS have appeared from somewhere.
Any help will be appreciated
