Bug #6762
POSIX write should imply DELETE_CHILD on directories - and some additional considerations
100%
Description
- POSIX write should imply DELETE_CHILD on directories
- ACE_DELETE_CHILD should also allow for delete providing ACE_WRITE_DATA is set and...
- the above needs to take into consideration sticky-bit semantics. In sticky directories, write access is not sufficient; you can remove entries from a directory only if:
-- you own the directory,
-- you own the entry,
-- the entry is a plain file and you have write access,
-- or you are privileged (checked in secpolicy...)
Steps to Reproduce:
- Set zfs dataset prop aclmode to passthrough
- When a directory entry has write permission for owner, group or world the corresponding ACE for owner@, group@ or everyone@ should have DELETE_CHILD set.
- you should then be able to delete files in the directory
- additional steps to repro and check ACE_DELETE_CHILD and sticky-bit semantics
Related issues
History
Updated by
Updated by Electric Monk over 3 years ago
Updated by - Status changed from New to Closed
- % Done changed from 0 to 100
git commit 1eb4e906ec75b9bde421954ace46ef137b0fc9eb
commit 1eb4e906ec75b9bde421954ace46ef137b0fc9eb
Author: Kevin Crowe <kevin.crowe@nexenta.com>
Date: 2016-04-20T15:33:38.000Z
6762 POSIX write should imply DELETE_CHILD on directories - and some additional considerations
Reviewed by: Gordon Ross <gwr@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
Updated by Yuri Pankov about 3 years ago
- Has duplicate Bug #807: Trivial ACEs missing delete added
Updated by Yuri Pankov about 3 years ago
- Has duplicate Bug #3528: setting permission with chmod kills delete_child permission on owner acl added