Managing ZFS File Systems in Oracle® Solaris 11.2

Exit Print View

 
Updated: December 2014
 
 

ACL Properties

The ZFS file system includes the following ACL properties to determine the specific behavior of ACL inheritance and ACL interaction with chmod operations.

  • aclinherit – Determine the behavior of ACL inheritance. Values include the following:

    • discard – For new objects, no ACL entries are inherited when a file or directory is created. The ACL on the file or directory is equal to the permission mode of the file or directory.

    • noallow – For new objects, only inheritable ACL entries that have an access type of deny are inherited.

    • restricted – For new objects, the write_owner and write_acl permissions are removed when an ACL entry is inherited.

    • passthrough – When property value is set to passthrough, files are created with a mode determined by the inheritable ACEs. If no inheritable ACEs exist that affect the mode, then the mode is set in accordance to the requested mode from the application.

    • passthrough-x – Has the same semantics as passthrough, except that when passthrough-x is enabled, files are created with the execute (x) permission, but only if execute permission is set in the file creation mode and in an inheritable ACE that affects the mode.

    The default mode for the aclinherit is restricted.

  • aclmode – Modifies ACL behavior when a file is initially created or controls how an ACL is modified during a chmod operation. Values include the following:

    • discard – A file system with an aclmode property of discard deletes all ACL entries that do not represent the mode of the file. This is the default value.

    • mask – A file system with an aclmode property of mask reduces user or group permissions. The permissions are reduced, such that they are no greater than the group permission bits, unless it is a user entry that has the same UID as the owner of the file or directory. In this case, the ACL permissions are reduced so that they are no greater than owner permission bits. The mask value also preserves the ACL across mode changes, provided an explicit ACL set operation has not been performed.

    • passthrough – A file system with an aclmode property of passthrough indicates that no changes are made to the ACL other than generating the necessary ACL entries to represent the new mode of the file or directory.

    The default mode for the aclmode is discard.

    For more information on using the aclmode property, see Example 7–14.

Copyright © 2006, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next