JavaScript is required to for searching.
  »  ...Oracle® ZFS Storage Appliance ...  »  Shares, Projects, and Schema  »  Shares > Shares > Access  »  Root Directory ACL
Skip Navigation Links
Exit Print View
Oracle® ZFS Storage Appliance Administration Guide
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Using This Documentation

Chapter 1 Oracle ZFS Storage Appliance Overview

Chapter 2 Status

Chapter 3 Initial Configuration

Chapter 4 Network Configuration

Chapter 5 Storage Configuration

Chapter 6 Storage Area Network Configuration

Chapter 7 User Configuration

Chapter 8 Setting ZFSSA Preferences

Chapter 9 Alert Configuration

Chapter 10 Cluster Configuration

Chapter 11 ZFSSA Services

Chapter 12 Shares, Projects, and Schema

Understanding Shares

Storage Pools

Using Shares

Share Properties

Share Snapshots

Share Clones

Shares Space Management

Shares Space Terminology

Understanding Snapshots

File System and Project Settings

Data Quotas

Data Reservations

Space Management for Replicating LUNs

User and Group Settings

Viewing Current Usage

Viewing Current Usage in the BUI

Viewing Current Usage in the CLI

Setting User or Group Quotas

Set User or Group Quotas Using the BUI

Set User or Group Quotas Using the CLI

Identity Management

Filesystem Namespace

Namespace Nested Mountpoints

Namespace Protocol Access to Mountpoints

Namespace NFSv2 / NFSv3

Namespace NFSv4

Namespace SMB

Namespace FTP / FTPS / SFTP

Namespace HTTP / HTTPS

Shares > Shares

Working with Shares > Shares in the BUI

List of Shares

Editing a Share

Usage Statistics

Static Properties

Shares Project Panel

Creating a Share

Working with Shares > Shares in the CLI

Navigation

Share Operations

Shares > Shares CLI Properties

Shares > Shares > General - BUI Page

Space Usage

Volume Size

Thin Provisioned

Mountpoint

Read only

Update access time on read

Non-blocking mandatory locking

Data deduplication

Data compression

Checksum

Cache Device Usage

Synchronous Write Bias

Database Record Size

Additional Replication

Virus Scan

Prevent Destruction

Restrict Ownership Change

Custom Properties

Shares > Shares > Protocols - BUI Page

Shares Protocols

Share Protocols - NFS

Share Protocols - CLI

Security Modes

Character Set Encodings

Shares - SMB

Shares - iSCSI

Shares - HTTP

Shares - FTP

Shares - SFTP

Shares > Shares > Access

Access Control

Shares - Root Directory Access

Shares - User

Shares - Group

Shares - Permissions

Shares - ACL Behavior

ACL Behavior on Mode Change

ACL Inheritance Behavior

Root Directory ACL

Shares - Snapshots

Shares - Snapshot Properties

.zfs/snapshot visible

Scheduled Snapshot Label

Listing Snapshots Using the BUI

Manual Snapshots Using the BUI

Create a project level snapshot

Create a share/LUN level snapshot

Renaming a Snapshot (BUI)

Destroying a Snapshot (BUI)

Rolling back to a Snapshot (BUI)

Cloning a Snapshot (BUI)

Scheduled Snapshots Using the BUI

Manual Snapshots Using the CLI

Listing Snapshots (CLI)

Taking Manual Snapshots (CLI)

Renaming a Snapshot (CLI)

Destroying a Snapshot (CLI)

Rolling back to a Snapshot (CLI)

Cloning a Snapshot (CLI)

Listing Dependent Clones Using the CLI

Scheduled Snapshots Using the CLI

Setting the Scheduled Snapshot Label Using the CLI

Projects

Working with Projects Using the BUI

Project Fields

Editing a Project

Usage Statistics

Static Properties

Creating Projects

Working with Projects Using the CLI

Navigation

Project Operations

Selecting a Pool in a Cluster

Project Properties

Project - General

Project - General Properties

Project - Space Usage

Project - Quota

Project - Reservation

Project - Inherited Properties

Project - Custom Properties

Filesystem Creation Defaults

LUN Creation Defaults

Project Protocols

Project Access

Project Snapshots

Project Snapshot Properites

.zfs/snapshot visible

Scheduled Snapshot Label

Schemas

Customized Share Properties

Working with Schemas in the BUI

Configuring a Schema Using the BUI

Working with Schemas Using the CLI

Configuring a Schema Using the CLI

Chapter 13 Replication

Chapter 14 Shadow Migration

Chapter 15 CLI Scripting

Chapter 16 Maintenance Workflows

Chapter 17 Integration

Index

Root Directory ACL

Fine-grained access on files and directories is managed via Access Control Lists. An ACL describes what permissions are granted, if any, to specific users or groups. The ZFSSA supports NFSv4-style ACLs, also accessible over SMB. POSIX draft ACLs (used by NFSv3) are not supported. Some trivial ACLs can be represented over NFSv3, but making complicated ACL changes may result in undefined behavior when accessed over NFSv3.

Like root directory access, this property only affects the root directory of the filesystem. ACLs can be controlled through in-band protocol management, but the BUI provides a way to set the ACL just for the root directory of the filesystem. There is no way to set the root directory ACL through the CLI. You can use in-band management tools if the BUI is not an option. Changing this ACL does not affect existing files and directories in the filesystem. Depending on the ACL inheritance behavior, these settings may or may not be inherited by newly created files and directories. However, all ACL entries are inherited when SMB is used to create a file in a directory with a trivial ACL.

An ACL is composed of any number of ACEs (access control entries). Each ACE describes a type/target, a mode, a set of permissions, and inheritance flags. ACEs are applied in order, starting at the beginning of the ACL, to determine whether a given action should be permitted. For information on in-band configuration ACLs through data protocols, consult the appropriate client documentation. The BUI interface for managing ACLs and the effect on the root directory are described here.

Table 12-18  Share - ACL Types
Type
Description
Owner
Current owner of the directory. If the owner is changed, this ACE will apply to the new owner.
Group
Current group of the directory. If the group is changed, this ACE will apply to the new group.
Everyone
Any user.
Named User
User named by the 'target' field. The user can be specified as a user ID or a name resolvable by the current name service configuration.
Named Group
Group named by the 'target' field. The group can be specified as a group ID or a name resolvable by the current name service configuration.
Table 12-19  Share - ACL Modes
Mode
Description
image:Access Control List: allow rule Allow
The permissions are explicitly granted to the ACE target.
image:Access Control List: deny rule Deny
The permissions are explicitly denied to the ACE target.
Table 12-20  Share - ACL Permissions
Permission
Description
Read
(r)
Read Data/List Directory
Permission to list the contents of a directory. When inherited by a file, permission to read the data of the file.
(x)
Execute File/Traverse Directory
Permission to traverse (lookup) entries in a directory. When inherited by a file, permission to execute the file.
(a)
Read Attributes
Permission to read basic attributes (non-ACLs) of a file. Basic attributes are considered to be the stat level attributes, and allowing this permission means that the user can execute ls and stat equivalents.
(R)
Read Extended Attributes
Permission to read the extended attributes of a file or do a lookup in the extended attributes directory.
Write
(w)
Write Data/Add File
Permission to add a new file to a directory. When inherited by a file, permission to modify a file's data anywhere in the file's offset range. This include the ability to grow the file or write to any arbitrary offset.
(p)
Append Data/Add Subdirectory
Permission to create a subdirectory within a directory. When inherited by a file, permission to modify the file's data, but only starting at the end of the file. This permission (when applied to files) is not currently supported.
(d)
Delete
Permission to delete a file.
(D)
Delete Child
Permission to delete a file within a directory. As of the 2011.1 software release, if the sticky bit is set, a child file can only be deleted by the file owner.
(A)
Write Attributes
Permission to change the times associated with a file or directory.
(W)
Write Extended Attributes
Permission to create extended attributes or write to the extended attributes directory.
Admin
(c)
Read ACL/Permissions
Permission to read the ACL.
(C)
Write ACL/Permissions
Permission to write the ACL or change the basic access modes.
(o)
Change Owner
Permission to change the owner.
Inheritance
(f)
Apply to Files
Inherit to all newly created files in a directory.
(d)
Apply to Directories
Inherit to all newly created directories in a directory.
(i)
Do not apply to self
The current ACE is not applied to the current directory, but does apply to children. This flag requires one of "Apply to Files" or "Apply to Directories" to be set.
(n)
Do not apply past children
The current ACE should only be inherited one level of the tree, to immediate children. This flag requires one of "Apply to Files" or "Apply to Directories" to be set.

When the option to use Windows default permissions is used at share creation time, an ACL with the following three entries is created for the share's root directory:

Table 12-21  Share Root Directory Entities
Type
Action
Access
Owner
Allow
Full Control
Group
Allow
Read and Execute
Everyone
Allow
Read and Execute
Copyright © 2009, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next