I'm running ZFS on a Ubuntu machine that hosts our home directories. The pool has the following ACL setting:
# zfs get all homes | grep acl
homes aclinherit restricted default
homes acltype off default
Here I have two regular files with the same permissions:
# getfacl 1.txt 2.txt
# file: 1.txt
# owner: usr
# group: grp
user::rw-
group::r--
other::r--
# file: 2.txt
# owner: usr
# group: grp
user::rw-
group::r--
other::r--
Every night I send an incremental snapshot to a machine running ZFS on Solaris 8
zfs send -i homes@$PREV_BACKUP homes@$CURRENT_BACKUP | \
ssh solarishost zfs receive -vFd homes_backup
The file system on the Solaris host has the following ACL settings:
# zfs get all homes_backup | grep acl
homes_backup aclmode passthrough local
homes_backup aclinherit restricted default
When I inspect the files in the snapshot on the Solaris host, I see that the more recent one (1.txt) does not have any ACLs set:
# /usr/bin/ls -v 1.txt 2.txt
-rw-r--r-- 1 2428 2000 2170 Oct 12 13:42 1.txt
-rw-r--r-- 1 2428 2000 2146 May 31 2013 2.txt
0:owner@:execute:deny
1:owner@:read_data/write_data/append_data/write_xattr/write_attributes
/write_acl/write_owner:allow
2:group@:write_data/append_data/execute:deny
3:group@:read_data:allow
4:everyone@:write_data/append_data/write_xattr/execute/write_attributes
/write_acl/write_owner:deny
5:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize
:allow
Now when I mount the solarishost-snapshot on a Ubuntu client, I can see the files and they appear to have identical permissions, but I cannot read 1.txt:
# cat 2.txt >/dev/null; echo $?
0
# cat 1.txt >/dev/null; echo $?
cat: 1.txt: Permission denied
1
Again, the look the same to the Ubuntu client:
# getfacl 1.txt 2.txt
# file: 1.txt
# owner: usr
# group: grp
user::rw-
group::r--
mask::rwx
other::r--
# file: 2.txt
# owner: usr
# group: grp
user::rw-
group::r--
mask::rwx
other::r--
# ls -l 1.txt 2.txt
-rw-r--r--+ 1 usr grp 2.2K Oct 12 13:42 1.txt
-rw-r--r--+ 1 usr grp 2.1K May 31 2013 2.txt
My question is now: how do I set up the snapshot creation from Ubuntu to Solaris such that the ACLs on the Solaris host allow users to mount the snapshots and read their own files? Looks like all recently backed up files are affected.
Solaris 11 ZFS uses NFSv4 ACLs rather than POSIX ACLs. Linux doesn't have NFSv4 ACLs on ZFS at all, and seems like it never will. While NFSv4 ACLs are a superset of POSIX ACLs, seems like only Solaris can transfer/translate POSIX ACLs to NFSv4 ones during file moving/copying.
So, concluding, I don't see a way to preserve ACL in ZFS snapshots. Either use Linux -> Linux scheme, or use Solaris -> Solaris, Solaris -> FreeBSD or FreeBSD -> FreeBSD scheme (both do have NFSv4 ACLs).