On Tue, Jul 24, 2012 at 3:09 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > But Tom was asking above only about ACE4_WRITE_ACL. And possibly only > in the legacy case. (Does ZFS have a real ACE4_WRITE_ACL bit?) Ah, oops. That's trickier. The examples don't say (or I'm not seeing it). IMO the most reasonable thing to do is to make chmod mask away the ACE4_WRITE_ACL bits of non-OWNER@/non-owner-user ACEs, but subsequent ACL writes can restore ACE4_WRITE_ACL without contributing to the w group or world bits of mode. That is: to make aclmode=mask most natural and usable a chmod must have the expected POSIX behavior of taking away or granting access, but never granting anything like ACE4_WRITE_ACL to non-owners, while an ACL write should should be able to grant much more access than chmod and it should compute a new mode that is as close as possible to the new ACL. This requires storing a mode, an ACL, and one bit to indicate whether the ACL was set after the mode or the mode after the ACL. Nico -- -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html