Project

General

Profile

Bug #6765

zfs_zaccess_delete() comments do not accurately reflect delete permissions for ACLs

Added by Yuri Pankov over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Kevin Crowe
Category:
zfs - Zettabyte File System
Start date:
2016-03-19
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

(by Kevin)

Per this chart from usr/src/uts/common/fs/zfs/zfs_acl.c

2529  *      -------------------------------------------------------
2530  *      |   Parent Dir  |      Target Object Permissions      |
2531  *      |  permissions  |                                     |
2532  *      -------------------------------------------------------
2533  *      |               | ACL Allows | ACL Denies| Delete     |
2534  *      |               |  Delete    |  Delete   | unspecified|
2535  *      -------------------------------------------------------
2536  *      |  ACL Allows   | Permit     | Permit *  | Permit     |
2537  *      |  DELETE_CHILD |            |           |            |
2538  *      -------------------------------------------------------
2539  *      |  ACL Denies   | Permit *   | Deny      | Deny       |
2540  *      |  DELETE_CHILD |            |           |            |
2541  *      -------------------------------------------------------
2542  *      | ACL specifies |            |           |            |
2543  *      | only allow    | Permit     | Permit *  | Permit     |
2544  *      | write and     |            |           |            |
2545  *      | execute       |            |           |            |
2546  *      -------------------------------------------------------
2547  *      | ACL denies    |            |           |            |
2548  *      | write and     | Permit     | Deny      | Deny       |
2549  *      | execute       |            |           |            |
2550  *      -------------------------------------------------------

We should deny delete i.e. the starred box in row 'parent dir denies DELETE_CHILD' and column target object 'ACL allows DELETE'

We seem to allow delete in that situation which is wrong (the boxes with asterisks are boxes where we ignore the NFS suggestion (of permit) and instead deny.

Steps to Reproduce:
I think this is about as simplified a test case as you can make:

user1@box-142:~/acls$ touch test1
user1@box-142:~/acls$ chmod A=owner@:delete/read_data/read_xattr/write_xattr/read_attributes/write_attributes/read_acl/write_acl/write_owner/synchronize:allow test1
user1@box-142:~/acls$ lv test1
-r--------+  1 user1    staff          0 Feb 25 12:19 test1
     0:owner@:read_data/read_xattr/write_xattr/read_attributes
         /write_attributes/delete/read_acl/write_acl/write_owner
         /synchronize:allow
user1@box-142:~/acls$ cd ..
user1@box-142:~$ chmod A=owner@:delete_child:deny,owner@:list_directory/add_subdirectory/read_xattr/write_xattr/read_attributes/read_acl/synchronize/write_owner/write_attributes/write_acl/execute:allow acls/
user1@box-142:~$ lv acls/
dr-x------+  2 user1    staff          3 Feb 25 12:19 acls/
     0:owner@:delete_child:deny
     1:owner@:list_directory/read_data/add_subdirectory/append_data
         /read_xattr/write_xattr/execute/read_attributes/write_attributes
         /read_acl/write_acl/write_owner/synchronize:allow
user1@box-142:~$ cd acls/
user1@box-142:~/acls$ rm test1
rm: test1: override protection 400 (yes/no)? yes
user1@box-142:~/acls$

I've tried a couple other slightly less restrictive settings but it doesn't matter, object is still deleted.

Expected Results:
Expected to be denied delete.

Actual Results:
Target object is deleted.


Related issues

Precedes illumos gate - Bug #6875: fix zfs-tests ACL casesClosed2016-03-212016-03-21

Actions

History

#1

Updated by Yuri Pankov over 3 years ago

  • Precedes Bug #6875: fix zfs-tests ACL cases added
#2

Updated by Electric Monk over 3 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit da412744bc6f902e4519ae67e92191a2e5d85e2c

commit  da412744bc6f902e4519ae67e92191a2e5d85e2c
Author: Kevin Crowe <kevin.crowe@nexenta.com>
Date:   2016-04-20T15:34:00.000Z

    6765 zfs_zaccess_delete() comments do not accurately reflect delete permissions for ACLs
    Reviewed by: Gordon Ross <gwr@nexenta.com>
    Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
    Approved by: Richard Lowe <richlowe@richlowe.net>

Also available in: Atom PDF