ACL Inheritance Behavior
When a new file or directory is created, it is possible to inherit existing ACL settings from the parent directory. This property controls how this inheritance works. These property settings usually only affect ACL entries that are flagged as inheritable - other entries are not propagated regardless of this property setting. However, all trivial ACL entries are inheritable when used with SMB. A trivial ACL represents the traditional UNIX owner/group/othe
r entries. To edit the ACL inheritance behavior, see Editing a Project - BUI, CLI.
Table 4-62 ACL Inheritance Behavior Values
BUI Value | CLI Value | Description |
---|---|---|
Do not inherit entries |
|
No ACL entries are inherited. The file or directory is created according to the client and protocol being used. |
Only inherit deny entries |
|
Only inheritable ACL entries specifying |
Inherit all but "write ACL" and "change owner" |
|
Removes the |
Inherit all entries |
|
All inheritable ACL entries are inherited. The |
Inherit all but "execute" when not specified |
|
Same as |
Inherit all, but preserve mode from client |
|
Inheritable ACL entries are inherited, while preserving the creation mode specified by the application. This preserves the inheritance bits so SMB creates ACLs that interoperate well with shares accessed over NFS and SMB simultaneously. This property setting is only available after applying the deferred update for ACL Passthrough with Mode Preservation. For more information, see Deferred Updates in Oracle ZFS Storage Appliance Customer Service Manual, Release OS8.8.x. |
When using SMB to create a file in a directory with a trivial ACL, all ACL entries are inherited. As a result, the following behavior occurs:
-
Inheritance bits display differently when viewed in SMB or NFS. When viewing the ACL directory in SMB, inheritance bits are displayed. In NFS, inheritance bits are not displayed.
-
When a file is created in a directory using SMB, its ACL entries are shown as inherited; however, when viewed through NFS, the directory has no inheritable ACL entries.
-
If the ACL is changed so that it is no longer trivial, for example, by adding an access control entry (ACE), this behavior does not occur.
-
If the ACL is modified using SMB, the resulting ACL will have the previously synthetic inheritance bits turned into real inheritance bits.
Related Topics