From: Maurice R V. <mau...@ei...> - 2011-07-27 19:08:56
|
I compiled without nfsv4 acls and it's still happening, so this is a red herring even though it would useful to understand what it's doing. From what I can tell, netatalk calls an internal mkdir to make directories and that where permissions are assigned at least initially. Now when I call /usr/gnu/bin/mkdir and pass anything to -m, it always lets zfs assign the permissions. But /usr/bin/mkdir does seem to take -m into account, and I can strip permissions like the below with 0700. But I can't see where netatalk is doing that. When I turn on debugging after a folder is created Jul 27 01:38:52.323998 afpd[16023] {unix.c:212} (D5:AFPDaemon): nfsv4_chmod("/wpool/labs/faberlab/untitled folder 9/.", 2700) Jul 27 01:38:52.324017 afpd[16023] {unix.c:72} (D9:AFPDaemon): get_nfsv4_acl: file: . -> No. of ACEs: 3 Jul 27 01:38:52.324028 afpd[16023] {unix.c:146} (D7:AFPDaemon): strip_trivial_aces: non-trivial ACEs: 0 Jul 27 01:38:52.324051 afpd[16023] {unix.c:72} (D9:AFPDaemon): get_nfsv4_acl: file: . -> No. of ACEs: 3 Jul 27 01:38:52.324061 afpd[16023] {unix.c:185} (D7:AFPDaemon): strip_nontrivial_aces: trivial ACEs: 3 Jul 27 01:38:52.324092 afpd[16023] {unix.c:244} (D5:AFPDaemon): nfsv4_chmod("(null)//wpool/labs/faberlab/untitled folder 9", 1002574021): result: 1472 What does strip_trivial_aces and strip_nontrivial_aces do? Why would you want to strip them? 2700 implies the incorrect permissions below. However, it's not clear where they are coming from. Then it reports 1472 and it's not clear where that is coming from either. It's not clear to me why this code is here. Merely creating the directory should result in correct default permissions due to the way zfs is configured to work. It appear that it works correctly with files because none of these calls appear in the log. Under Solaris Express ZFS, I have the parent volume's permissions set as follows: drwxr-sr-x+ 97 faberlab users 143 Jul 19 16:32 . owner@:rwxp-DaARWcCos:fd-----:allow group@:r-x---a-R-c--s:fd-----:allow everyone@:r-x---a-R-c--s:fd-----:allow The "fd" is there to have the permissions inherit. The filesystem aclinherit property is passthrough. When I create a folder in netatalk (2.1.4) under this folder, I get instead drwx--S--- 3 faberlab users 3 Jul 19 16:32 untitled folder 7 owner@:rwxp--aARWcCos:-------:allow group@:------a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow |