RFC5661 6.4.3.2 Automatic Inheritance defines an optional mechanism for
propagating changes to inheritable ACEs to an entire directory hierarchy.
These are: ACL4_AUTO_INHERIT, ACL4_PROTECTED, ACL4_DEFAULTED
Support for these flags is a requirement for faithfully reproducing NTFS
ACL inheritance behavior in Samba. This commit provides minimal functionality
to allow correct behavior in Samba and provide basic administrative capabilities
to the end-user. This minimal feature set does the following:
- exposes existing ZFS flags
- introduces libc ACL API changes to allow getting / setting them through acl_set_aclflag_np(3) and acl_get_aclflag_np(3)
- adds support for these flags to getfacl / setfacl
getfacl changes:
Introduce new flag "-f", which adds the acl_flag as a comment to the ACL
output. This is done so as to not impact the ability to pipe output into setfacl.
setfacl changes:
Introduce two new options and one new flag:
-i sets the ACL auto inheritance flag. Possible values are "none", "auto-inherit", "protected", and "defaulted". The only flag that has functional impact is "protected".
-p performs NFSv41 ACL automatic inheritance. This is only permitted on paths that have the "protected" flag set. The automatic inheritance operation recursively traverses the direcory's descendenants and modifies each ACL encounted to remove all ACEs with the INHERITED flag set, and replace them with new inherited ACEs calculated from the parent ACL. ACEs without the INHERITED flag set are left untouched.
New inherited ACEs are appended to the end of the existing ACL to maintain consistency with Windows canonical ordering of ACEs. Due to the nature of this operation, the recursive (-R) flag is _always_ set.
-f forces bypassing of protective measures regarding ACL auto-inheritance.