POSIX write should imply DELETE_CHILD on directories - and some additional considerations
- POSIX write should imply DELETE_CHILD on directories
- ACE_DELETE_CHILD should also allow for delete providing ACE_WRITE_DATA is set and...
- the above needs to take into consideration sticky-bit semantics. In sticky directories, write access is not sufficient; you can remove entries from a directory only if:
-- you own the directory,
-- you own the entry,
-- the entry is a plain file and you have write access,
-- or you are privileged (checked in secpolicy...)
Steps to Reproduce:
- Set zfs dataset prop aclmode to passthrough
- When a directory entry has write permission for owner, group or world the corresponding ACE for owner@, group@ or everyone@ should have DELETE_CHILD set.
- you should then be able to delete files in the directory
- additional steps to repro and check ACE_DELETE_CHILD and sticky-bit semantics