added support in zfs for aclmode=restricted

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
G

gea

Well-Known Member
Dec 31, 2010
3,163
1,195
113
DE
https://www.illumos.org/issues/3254

"ZFS ACL's are quite powerful and very useful; however, there is currently no way to protect them from being destroyed or corrupted by a drive-by chmod. There is virtually no way to simply avoid chmod. Whether it's a user or junior admin who simply doesn't know any better, or a closed binary application that is not ACL aware and uses chmod under the hood, or even the issue with NFS exclusive open that stomps on inherited ACL's, one way or another at some point your carefully constructed ACL is going to get mangled.

To prevent this, I propose adding an additional aclmode "restricted", which would restrict any attempt to chmod a zfs object with a nontrivial ACL. "
Click to expand...

This new feature is included in OmniOS.
I support this in current napp-it and use it as a default value during creating a filesystem in OmniOS
 
You must log in or register to reply here.
Top Bottom