[illumos-Developer] RFC: Resurrect the ZFS "aclmode" property

[Gordon Ross]

On Sun, Feb 27, 2011 at 2:49 PM, Bill Sommerfeld <sommerfeld at hamachi.org> wrote:
> On 02/27/11 02:02, Garrett D'Amore wrote:
>>
>> We reviewed this internally first, and obviously I'm strongly supportive.
>>  I would of course like further feedback from the community at large.
>
> as you might guess from my posting on zfs-discuss when this came up, I'm
> also strongly supportive of further experimentation around ways for acls and
> chmod to interact.  There are environments where truncating an acl is the
> wrong behavior -- when the application is acl-unaware and the admin is
> acl-aware, I say the admin's intent should dominate.
>
> It should be possible to prevent an acl-ignorant application from destroying
> acls in those environments.

Using "aclmode=passthrough" does that reasonably well in my testing.

> The pre-b147 choices aren't optimal, but the lack of choice in 147 and later
> is worse.
>
> Another relatively conservative behavior that may be worth experimenting
> with is a mode where the acl is considered authoritative, such that chmods
> inconsistent with the acl would fail.
> (I'm handwaving about the meaning of "consistent").

That's an interesting idea.  However, for this integration, I'd prefer to
just restore the functionality we lost with PSARC/2010/029, and to
get that integrated ASAP.  We have a prototype of this working in
the NexentaStor ZFS code, and we hope to have that out for review
very soon.

If, after experimenting with the revived aclmode property settings,
you find that you'd like additional settings, it should be relatively
easy to propose and implement those later.