The Oracle Solaris ACL model fully supports the interoperability that NFSv4 offers between UNIX and non-UNIX clients. ZFS ACLs are similar to Windows NT-style ACLs, and provide more fine-grained access control than standard file permissions provide. ACLs are set and displayed with the chmod and ls commands.
The ACL model has two types of Access Control Entries (ACEs) that affect access checking: ALLOW and DENY. Therefore, you cannot infer from any single ACE that defines a set of permissions whether the permissions that are not defined in that ACE are allowed or denied.
For information about ACLs and backup products, see Saving ZFS Data With Other Backup Products in Managing ZFS File Systems in Oracle Solaris 11.4.
ACLs have two basic formats:
Trivial ACL – Contains only entries for traditional UNIX user categories that are represented as owner@, group@, and everyone@.
For a newly created file, the default ACL has the following entries:
0:owner@:read_data/write_data/append_data/read_xattr/write_xattr /read_attributes/write_attributes/read_acl/write_acl/write_owner /synchronize:allow 1:group@:read_data/read_xattr/read_attributes/read_acl/synchronize:allow 2:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize :allow
For a newly created directory, the default ACL has the following entries:
0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/read_xattr/write_xattr/execute/delete_child /read_attributes/write_attributes/read_acl/write_acl/write_owner /synchronize:allow 1:group@:list_directory/read_data/read_xattr/execute/read_attributes /read_acl/synchronize:allow 2:everyone@:list_directory/read_data/read_xattr/execute/read_attributes /read_acl/synchronize:allow
Non-Trivial ACL – Contains entries for added user categories. The entries might also include inheritance flags, or are ordered in a non-traditional way.
A non-trivial entry might look like the following example, where permissions are specifically granted to user Jan.
Use the following sample entry as a reference to understand the elements that comprise an ACL entry. These elements apply to both trivial and non-trivial ACLs.
A number at the beginning of the entry, such as the number zero (0) in the example. The index identifies a specific entry and distinguishes the entry from others in the ACL.
The user category. In trivial ACLs, only entries for owner@, group@, and everyone@ are set. In non-trivial ACLs, user:username and group:groupname are added. In the example, the entry type is user:jan.
Permissions that are granted or denied to the entry type. In the example, user Jan's permissions are read_data and write_data.
An optional list of ACL flags that control how permissions are propagated in a directory structure, including flags that audit access to files and directories. In the sample entry, file_inherit is also granted to user Jan.
An optional flag that enables you to audit access and changes that are being made to a file.
Determines whether the permissions in an entry are allowed or denied. In the example, the permissions for Jan are allowed.
The following table describes each ACL entry type.
The following table describes ACL access privileges.
The following table provides additional details about ACL delete and delete_child behavior.
An ACL set consists of a combination of ACL permissions. These ACL sets of permissions are predefined and cannot be modified.
full_set – All permissions
modify_set – All permissions except write_acl and write_owner
read_set – read_data, read_attributes, read_xattr, and read_acl
write_set – write_data, append_data, write_attributes, and write_xattr
You can apply an ACL set rather than having to set individual permissions separately.Example 7 Using an ACL Set to Assign a Combination of ACL Permissions
With the read_set ACL set, the user jan can read ACLs as well as file contents and their basic and extended attributes.
$ chmod A+user:jan:read_set:allow file.1 $ ls -v file.1 -r--r--r--+ 1 root root 206695 Jul 20 13:43 file.1 0:user:jan:read_data/read_xattr/read_attributes/read_acl:allow ...
ACL inheritance means that a newly created file or directory can inherit the ACLs that they are intended to inherit without disregarding the existing permission bits on the parent directory.
By default, ACLs are not propagated. If you set a non-trivial ACL on a directory, it is not inherited to any subsequent directory. You must specify the inheritance of an ACL on a file or directory.
In addition, you can set a default ACL inheritance policy on the file system that is more strict or less strict by using the aclinherit file system property. For more information about this property, see ACL Properties.
For more information about setting ACL inheritance on ZFS files, see Setting ACL Inheritance on ZFS Files.
The ZFS file system includes the ACL properties to determine the specific behavior of ACL inheritance and ACL interaction with chmod operations. These properties are:
aclinherit – Determine the behavior of ACL inheritance. Values include the following:
restricted – For new objects, the write_owner and write_acl permissions are removed when an ACL entry is inherited. This is the default mode.
discard – For new objects, no ACL entries are inherited when a file or directory is created. The ACL on the file or directory is equal to the permission mode of the file or directory.
noallow – For new objects, only inheritable ACL entries that have an access type of deny are inherited.
passthrough – When a property value is set to passthrough, files are created with a mode determined by the inheritable ACEs. If no inheritable ACEs exist that affect the mode, then the mode is set in accordance to the requested mode from the application.
passthrough-x – Has the same semantics as passthrough except that files are created with the execute (x) permission only if the execute permission is set in file creation mode and in an inheritable ACE that affects the mode.
For more information about the aclinherit modes, see Modifying ACL Inheritance With the ACL Inherit Mode.
aclmode – Modifies ACL behavior when a file is initially created or controls how an ACL is modified during a chmod operation. Values include the following:
discard – Deletes all ACL entries that do not represent the mode of the file. This is the default mode.
mask – Reduces user or group permissions. The permissions are reduced such that they are no greater than the group permission bits unless it is a user entry that has the same UID as the owner of the file or directory. In this case, the ACL permissions are reduced so that they are no greater than owner permission bits. The mask value also preserves the ACL across mode changes, provided that an explicit ACL set operation has not been performed.
passthrough – Indicates that no changes are made to the ACL other than generating the necessary ACL entries to represent the new mode of the file or directory.
For more information about using the aclmode property, see Example 9, ACL Properties and Modified ACL Permissions.