I am a bit confused about how to properly setup file inheritance at the directory level. So that I can set that the proper inheritance basically I want to files in inheritance permission from the folder they are in. Let’s say I have a folder called foo and I want the files in foo to inherent read permissions. I believe the ACL is setup right IE chmod+user:testuser:r:f:allow foo/ Which should give the user foo read access to all files in the foo directory assuming the inherit permissions from directory foo/ is correct. I then ran zfs set aclinherit=passthrough foo/ but get invalid dataset. What am I doing wrong?
I don't think there is a way by just using standard ACL permissions to allow inheritable permissions on file system objects in a file system that you don't rights to from the top-level.
You'll need to be the root user or have the right administrative privileges to set this as a regular user. Your administrator would need to delegate permissions for you to manage the foo file system. See the example below where user amy is delegated administrative permissions to manage pond/data.
# chmod A+user:amy:add_subdirectory:fd:allow pond/data
# zfs allow amy create,destroy,mount,aclinherit pond/data
# su - amy
Oracle Corporation SunOS 5.10 Generic Patch January 2005
$ /usr/sbin/zfs set aclinherit=passthrough pond/data
I figured either root or delegated permissions would be required but wanted to make sure I understood correctly. If I have file inheritance with pass though enabled by the root user then the ACL inheritance should work correct after running the below command as a standard user?
run as root zfs set aclinherit=passthrough foo
than as a standard user run chmod A+user:gozer:read_data:file_inherit:allow foo
or would both commands require root or delegated permissions in order to work. I am able to run chmod A+user:gozer:read_data:file_inherit:allow foo but file inheritance won’t work since that requires root or delegated permissions.
Thanks for your input.
this command is not correct when doing inheritance chmod+user:testuser:r:f:allow foo/ . If I read correctly, r (is for read) f, is for file_inherit
Run this command as the owner of the file or if you are root
# chmod A+user:testuser:r:f:allow foo
That should do the trick.