Project

General

Profile

Bug #6762

POSIX write should imply DELETE_CHILD on directories - and some additional considerations

Added by Yuri Pankov over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Kevin Crowe
Category:
zfs - Zettabyte File System
Start date:
2016-03-19
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

- POSIX write should imply DELETE_CHILD on directories
- ACE_DELETE_CHILD should also allow for delete providing ACE_WRITE_DATA is set and...
- the above needs to take into consideration sticky-bit semantics. In sticky directories, write access is not sufficient; you can remove entries from a directory only if:
-- you own the directory,
-- you own the entry,
-- the entry is a plain file and you have write access,
-- or you are privileged (checked in secpolicy...)

Steps to Reproduce:
- Set zfs dataset prop aclmode to passthrough
- When a directory entry has write permission for owner, group or world the corresponding ACE for owner@, group@ or everyone@ should have DELETE_CHILD set.
- you should then be able to delete files in the directory
- additional steps to repro and check ACE_DELETE_CHILD and sticky-bit semantics


Related issues

Has duplicate illumos gate - Bug #807: Trivial ACEs missing deleteClosed2011-03-12

Actions
Has duplicate illumos gate - Bug #3528: setting permission with chmod kills delete_child permission on owner aclClosed2013-02-05

Actions
Precedes illumos gate - Bug #6875: fix zfs-tests ACL casesClosed2016-03-212016-03-21

Actions

History

#1

Updated by Yuri Pankov over 3 years ago

  • Precedes Bug #6875: fix zfs-tests ACL cases added
#2

Updated by Electric Monk over 3 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 1eb4e906ec75b9bde421954ace46ef137b0fc9eb

commit  1eb4e906ec75b9bde421954ace46ef137b0fc9eb
Author: Kevin Crowe <kevin.crowe@nexenta.com>
Date:   2016-04-20T15:33:38.000Z

    6762 POSIX write should imply DELETE_CHILD on directories - and some additional considerations
    Reviewed by: Gordon Ross <gwr@nexenta.com>
    Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
    Approved by: Richard Lowe <richlowe@richlowe.net>

#3

Updated by Yuri Pankov about 3 years ago

  • Has duplicate Bug #807: Trivial ACEs missing delete added
#4

Updated by Yuri Pankov about 3 years ago

  • Has duplicate Bug #3528: setting permission with chmod kills delete_child permission on owner acl added

Also available in: Atom PDF