[gpfsug-discuss] Unexpected permissions with ACLs

Dietrich, Stefan stefan.dietrich at desy.de
Fri Sep 15 07:32:23 BST 2023 

Hi,

since Scale 5.1.3, there's also a new parameter for filesets to control the behaviour of umask & ACLs:

man mmchfileset|mmcrfileset

--allow-permission-inherit PermissionInheritMode

inheritAclOnly
    Specifies that permissions of a newly created object will be inherited only from its parent's NFSv4 ACL.

inheritAclAndAddMode
    Specifies that permissions of a newly created object will be inherited from its parent's NFSv4 ACL and the special entries OWNER, GROUP, and EVERYONE will use the provided mode and the umask from the open() or creat() call to set the new mode permissions.

With the default inheritAclOnly, umask is ignored and only the inherited ACLs will be applied to newly created files.
With inheritAclAndAddMode the umask is used in addition to inherited ACLs for new files.

Regards,
Stefan

----- Original Message -----
> From: "Talamo Ivano Giuseppe" <ivano.talamo at psi.ch>
> To: gpfsug-discuss at gpfsug.org
> Sent: Friday, September 15, 2023 8:08:52 AM
> Subject: Re: [gpfsug-discuss] Unexpected permissions with ACLs

> Thank you both, now I have a clearer picture.
> Actually, the ACL and umask interaction was unclear to me. Reading around I also
> found some reference in the man page of the open syscall ("in the absence of a
> default ACL, the mode of the created file is (mode & ~umask)").
> 
> Cheers,
> Ivano
> 
> __________________________________________
> Paul Scherrer Institut
> Ivano Talamo
> WHGA/038
> Forschungsstrasse 111
> 5232 Villigen PSI
> Schweiz
> 
> Phone: +41 56 310 47 11
> E-Mail: ivano.talamo at psi.ch
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at gpfsug.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org

-- 
------------------------------------------------------------------------
Stefan Dietrich            Deutsches Elektronen-Synchrotron (IT-Systems)
                        Ein Forschungszentrum der Helmholtz-Gemeinschaft
                                                            Notkestr. 85
phone:  +49-40-8998-4696                                   22607 Hamburg
e-mail: stefan.dietrich at desy.de                                  Germany
------------------------------------------------------------------------

More information about the gpfsug-discuss mailing list