Re: [Netatalk-devel] [BUG?] Netatalk is not honoring the parent zfs permissions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I compiled without nfsv4 acls and it's still happening, so this is a red herring even though it would useful to understand what it's doing. From what I can tell, netatalk calls an internal mkdir to make directories and that where permissions are assigned at least initially.

Now when I call /usr/gnu/bin/mkdir and pass anything to -m, it always lets zfs assign the permissions. But /usr/bin/mkdir does seem to take -m into account, and I can strip permissions like the below with 0700. But I can't see where netatalk is doing that.

When I turn on debugging after a folder is created

Jul 27 01:38:52.323998 afpd[16023] {unix.c:212} (D5:AFPDaemon): nfsv4_chmod("/wpool/labs/faberlab/untitled folder 9/.", 2700)
Jul 27 01:38:52.324017 afpd[16023] {unix.c:72} (D9:AFPDaemon): get_nfsv4_acl: file: . -> No. of ACEs: 3
Jul 27 01:38:52.324028 afpd[16023] {unix.c:146} (D7:AFPDaemon): strip_trivial_aces: non-trivial ACEs: 0
Jul 27 01:38:52.324051 afpd[16023] {unix.c:72} (D9:AFPDaemon): get_nfsv4_acl: file: . -> No. of ACEs: 3
Jul 27 01:38:52.324061 afpd[16023] {unix.c:185} (D7:AFPDaemon): strip_nontrivial_aces: trivial ACEs: 3
Jul 27 01:38:52.324092 afpd[16023] {unix.c:244} (D5:AFPDaemon): nfsv4_chmod("(null)//wpool/labs/faberlab/untitled folder 9", 1002574021): result: 1472

What does strip_trivial_aces  and strip_nontrivial_aces do? Why would you want to strip them?

2700 implies the incorrect permissions below. However, it's not clear where they are coming from. Then it reports 1472 and it's not clear where that is coming from either. It's not clear to me why this code is here. Merely creating the directory should result in correct default permissions due to the way zfs is configured to work.

It appear that it works correctly with files because none of these calls appear in the log.

Under Solaris Express ZFS, I have the parent volume's permissions set as
follows:
drwxr-sr-x+ 97 faberlab users        143 Jul 19 16:32 .
                 owner@:rwxp-DaARWcCos:fd-----:allow
                 group@:r-x---a-R-c--s:fd-----:allow
              everyone@:r-x---a-R-c--s:fd-----:allow

The "fd" is there to have the permissions inherit. The filesystem
aclinherit property is passthrough.

When I create a folder in netatalk (2.1.4) under this folder, I get instead
drwx--S---   3 faberlab users          3 Jul 19 16:32 untitled folder 7
                 owner@:rwxp--aARWcCos:-------:allow
                 group@:------a-R-c--s:-------:allow
              everyone@:------a-R-c--s:-------:allow