Forum Stats

  • 3,873,432 Users
  • 2,266,573 Discussions
  • 7,911,533 Comments

Discussions

Behavior of access rights when a folder on ZFSSA has audit settings

User_POTH5
User_POTH5 Member Posts: 1 Red Ribbon

Translated by Deeple.

Hi, this is my first post.

ZFSSA is linked to an AD server.

From the AD server, MMC is used to add audit settings to the root directory of ZFSSA and folders under the root directory.


When the [ls -ivd ] command is executed on ZFSSA, the output is as follows as an authority.


zfs-test# ls -lvd /export/test-smb08

drwxrwxrwx+ 3 nobody  other     3 Mar 14 10:04 /export/test-smb08

   0:[email protected]:list_directory/read_data/add_file/write_data/add_subdirectory

     /append_data/read_xattr/write_xattr/execute/delete_child

     /read_attributes/write_attributes/delete/read_acl/write_acl

     /write_owner/synchronize:file_inherit/dir_inherit:allow

   1:[email protected]:list_directory/read_data/read_xattr/execute/read_attributes

     /read_acl/synchronize:file_inherit/dir_inherit:allow

   2:[email protected]:list_directory/read_data/add_file/write_data

     /add_subdirectory/append_data/read_xattr/write_xattr/execute

     /delete_child/read_attributes/write_attributes/delete/read_acl

     /write_acl/write_owner/synchronize:file_inherit/dir_inherit:allow

   3:[email protected]:list_directory/read_data/read_xattr/execute/read_attributes

     /read_acl:file_inherit/dir_inherit/successful_access:audit


All users should have read/write access to 2 because everyone has been granted read/write permissions.


However, in ZFSSA OS version 8.8 and later, an event occurs that prevents some users from being able to write to the file.

If you remove the audit setting in 3, you will be able to write to the file normally.


This event does not occur in OS version 8.7. Oracle should fix this defect immediately.