ZFS Properties aclinherit and aclmode
From http://docs.oracle.com/cd/E36784_01/html/E36835/gbaaz.html#scrolltoc
„ aclinherit
– Determine the behavior of ACL inheritance. Values include:
discard – For new objects, no ACL entries are inherited when a file or di
-
rectory is created. The ACL on the file or directory is equal to the per
-
mission mode of the file or directory.
noallow – For new objects, only inheritable ACL entries that have an ac-
cess type of deny are inherited.
restricted – For new objects, the write_owner and write_acl permissions
are removed when an ACL entry is inherited.
passthrough – When property value is set to passthrough, files are created
with a mode determined by the inheritable ACEs. If no inheritable ACEs
exist that affect the mode, then the mode is set in accordance to the re-
quested mode from the application.
passthrough-x – Has the same semantics as passthrough, except that when
passthrough-x is enabled, files are created with the execute (x) permissi
-
on, but only if execute permission is set in the file creation mode and in
an inheritable ACE that affects the mode.
The default mode for the aclinherit is passthrough (napp-it only).
aclmode
– Modifies ACL behavior when a file is initially created or controls how an
ACL is modified during a chmod operation. Values include the following:
discard – A file system with an aclmode property of discard deletes all
ACL entries that do not represent the mode of the file. This is the de
-
fault value.
mask – A file system with an aclmode property of mask reduces user or
group permissions. The permissions are reduced, such that they are no
greater than the group permission bits, unless it is a user entry that
has the same UID as the owner of the file or directory. In this case, the
ACL permissions are reduced so that they are no greater than owner per-
mission bits. The mask value also preserves the ACL across mode changes,
provided an explicit ACL set operation has not been performed.
passthrough – A file system with an aclmode property of passthrough indi
-
cates that no changes are made to the ACL other than generating the ne-
cessary ACL entries to represent the new mode of the file or directory.
The default mode for the aclmode is pass-through (napp-it only). “
aclmode = restricted is added in Illumos/OmniOS to avoid permission
modifications with a chmod command (ex via NFS)
Summary of Contents for ZFS Storage
Page 8: ...3 1 ZFS Configurations...