Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tkt-78672: Add support for getting and setting ACLs through middleware (
#2739) * Add support for getting and setting ACLs through middleware setacl and getacl: - include ability to manipulate ACLs with simplified permset and flagset simple permset: FULL_CONTROL, MODIFY, READ, TRAVERSE, NOPERMS simple flagset: INHERIT, NOINHERIT setacl: - if setacl is called with a path and the option "strip=true", then the ACL already set on the file will be converted to a trivial ACL (one in which the ACL permset and flagset is fully expressed in the mode). - middleware job because 'winacl -a clone' can be very longrunning. Current record is about 3-4 hours for about 60TB of data. acl_is_trivial: - checks for presence of extended ACL. Returns True if ACL can be fully expressed by posix mode. to do: - FTS_XDEV flag in winacl doesn't prevent us from setting the ACL directly on a sub- dataset (but it does protect the contents). I need to make this a little more intelligent. - Calculation of ACL to be inherited in winacl also needs to be a little more precise. (remove non-inheriting ACEs and properly handle 'inherit-only' and 'no-propagate inherit' bits).
- Loading branch information
Showing
2 changed files
with
260 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters