On Tue, Jul 24, 2012 at 03:29:07PM -0500, Nico Williams wrote: > On Tue, Jul 24, 2012 at 3:09 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > > But Tom was asking above only about ACE4_WRITE_ACL. And possibly only > > in the legacy case. (Does ZFS have a real ACE4_WRITE_ACL bit?) > > Ah, oops. That's trickier. The examples don't say (or I'm not seeing > it). IMO the most reasonable thing to do is to make chmod mask away > the ACE4_WRITE_ACL bits of non-OWNER@/non-owner-user ACEs, but > subsequent ACL writes can restore ACE4_WRITE_ACL without contributing > to the w group or world bits of mode. > > That is: to make aclmode=mask most natural and usable a chmod must > have the expected POSIX behavior of taking away or granting access, > but never granting anything like ACE4_WRITE_ACL to non-owners, while > an ACL write should should be able to grant much more access than > chmod and it should compute a new mode that is as close as possible to > the new ACL. This requires storing a mode, an ACL, and one bit to > indicate whether the ACL was set after the mode or the mode after the > ACL. I was with you up to the "one bit to indicate...". That doesn't sound necessary to implement the behavior you describe. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
