Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Improve mechanisms for interacting with ACLs, permissions, and share types in legacy UI

Description

There are several key areas for improvements related to permissions:

1) Winacl needs the ability to implement inheritance of NO_PROPAGATE_INHERIT|INHERIT_ONLY

2) filesystem.setacl needs to provide the ability to specify Owner / Group (although this is not strictly part of the ACL, it allows us to provide similar interface for filesystem.setperm)

3) We need a filesystem.setperm call to set posix mode on arbitrary path and plumb it into the various places of middleware and UI where we are using legacy interfaces for this.

4) Remove reliance on ".windows", and ".mac" files to detect dataset share type. From an admin perspective, the only thing that really matters is whether ACLs are present and doing the right thing when they are. The dataset share types are a significant source of confusion.

5) Old UI does not provide an adequate mechanism for detecting and removing ACL from a dataset, and needs to be made ACL-aware.

6) Exposing ZFS aclmode property can make some support calls more self-service. It should be visible to users.

Problem/Justification

None

Impact

None

SmartDraw Connector

Katalon Manual Tests (BETA)

Activity

Show:

Andrew Walker 
June 6, 2019 at 5:36 PM

There are a few implementation changes that the New UI will need to account for.
1) `pool.dataset.permission` is now a wrapper for filesystem.chown, filesystem.setperm, or filesystem.setacl depending on `options` and how `mode` and `acl` are specified.

`acl` changed as follows:
OLD - string 'UNIX', 'MAC', 'WINDOWS'
NEW - list of ACL entries (see filesystem.setacl for details. Default ACL value is a slightly more secure version of our historic default (Owner@ - full_set, Group@ - full_set).

If setting mode through this call, set `'mode': posix_mode, 'acl': []`
See gui/storage/form.py for reference

OLD - recursive was bool
NEW - options dictionary with keys 'stripacl', 'recursive', 'traverse'

2) There is a newly exposed ZFS dataset property ('aclmode'). This should be available as an advanced option for users

3) Legacy 'share type' is mostly gone. It is replaced with create-time dataset optimization `GENERAL` or `SMB`. SMB optimization includes setting dataset case sensitivity to insensitive (an immutable property).

4) `filesystem.setacl` now accepts a dictionary containing all parameters (originally had positional arguments). It also can take a `uid` and `gid` parameters, which set the User and Group of the file.

5) `filesystem.getacl` has a corresponding change. It now returns a dictionary with three keys `uid`, `gid`, `acl` . Originally, it returned only a list containing the ACL.

(4) and (5) will require changes to the ACL manager. The ACL manager should also expose the owner-user and owner-group.

Bug Clerk 
June 6, 2019 at 5:20 PM

Complete

Details

Assignee

Reporter

Components

Fix versions

Priority

Parent

More fields

Katalon Platform

Created May 31, 2019 at 4:16 PM
Updated July 1, 2022 at 4:31 PM
Resolved October 30, 2019 at 6:28 PM