Project

General

Profile

Actions

Bug #6762

closed

POSIX write should imply DELETE_CHILD on directories - and some additional considerations

Added by Yuri Pankov over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Kevin Crowe
Category:
zfs - Zettabyte File System
Start date:
2016-03-19
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:

Description

- POSIX write should imply DELETE_CHILD on directories
- ACE_DELETE_CHILD should also allow for delete providing ACE_WRITE_DATA is set and...
- the above needs to take into consideration sticky-bit semantics. In sticky directories, write access is not sufficient; you can remove entries from a directory only if:
-- you own the directory,
-- you own the entry,
-- the entry is a plain file and you have write access,
-- or you are privileged (checked in secpolicy...)

Steps to Reproduce:
- Set zfs dataset prop aclmode to passthrough
- When a directory entry has write permission for owner, group or world the corresponding ACE for owner@, group@ or everyone@ should have DELETE_CHILD set.
- you should then be able to delete files in the directory
- additional steps to repro and check ACE_DELETE_CHILD and sticky-bit semantics


Related issues

Has duplicate illumos gate - Bug #807: Trivial ACEs missing deleteClosed2011-03-12

Actions
Has duplicate illumos gate - Bug #3528: setting permission with chmod kills delete_child permission on owner aclClosed2013-02-05

Actions
Precedes illumos gate - Bug #6875: fix zfs-tests ACL casesClosedYuri Pankov2016-03-212016-03-21

Actions
Actions

Also available in: Atom PDF