|
Example 7-6 ACL Inheritance With ACL Inherit Mode Set to Noallow
In the following example, two explicit ACLs with file inheritance are set: one
allows read_data permission and one denies read_data permission.
# zfs set aclinherit=noallow tank/cindy
# chmod A+user:gozer:read_data:deny:file_inherit test6.dir
# chmod A+user:lp:read_data:allow:file_inherit test6.dir
# ls -dv test6.dir
drwxr-xr-x+ 2 root root 2 Nov 4 15:13 test6.dir
0:user:lp:read_data:allow:file_inherit
1:user:gozer:read_data:deny:file_inherit
2:owner@::deny
3:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
/append_data/write_xattr/execute/write_attributes/write_acl
/write_owner:allow
4:group@:add_file/write_data/add_subdirectory/append_data:deny
5:group@:list_directory/read_data/execute:allow
6:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr
/write_attributes/write_acl/write_owner:deny
7:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
/read_acl/synchronize:allow
|
When a new file is created, the ACL that allows read_data permission
is discarded.
# touch test6.dir/file.6
# ls -v test6.dir/file.6
-rw-r--r-- 1 root root 0 Nov 4 15:14 test6.dir/file.6
0:user:gozer:read_data:deny
0:owner@:execute:deny
1:owner@:read_data/write_data/append_data/write_xattr/write_attributes
/write_acl/write_owner:allow
2:group@:write_data/append_data/execute:deny
3:group@:read_data:allow
4:everyone@:write_data/append_data/write_xattr/execute/write_attributes
/write_acl/write_owner:deny
5:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize
:allow
|
| 
Previous