POSIX-draft ACL and NFSv4 ACL
Before talking about what is what, and what is better, i will say that i do prefer the things working…
If you are deploying Solaris ZFS/NFS services on your site, and you have GNU/Linux NFS clients, you will probably face problems like this sooner or later. The standard UNIX permissions scheme is too limited, and because of that, many UNIX filesystems use ACLs to have more granular permissions (UFS has ACL support since Solaris 2.5 – 1995). You can see the UFS development history here, if you don’t have a copy of Solaris Internals (like me). But, there are ACLs and ACLs…
The ACL implemented in UFS is the POSIX-draft, used in many other filesystems, including XFS/GPL filesystem used in GNU/Linux environments. Like the Solaris manual page describes (man -s 5 acl): “This model is based on a withdrawn ACL POSIX specification that was never standardized. It was subsequently withdrawn by the POSIX committee“. With ZFS, Sun have decided to use the new ACL model (written by Sun and IETF approved), for the NFSv4 protocol(Section 5.11).
The NFS version 4 ACL model is quite rich. No, that is not my words, that sentence is on the NFSv4 protocol specification. Fair enough, Sun did write the specification, there are many problems with the POSIX-draft ACL model, seems normal to me that Sun have decided to use it on ZFS. A quick look at the new ACL structure and the set of permissions like: read_data, list_data, add_file, append_data, add_subdirectory, and etc, is sufficient to see that the new model seems to be a better solution. But here the problem starts, in an heterogeneous network, where everyone is talking “A”, and you start to talk just “B”, at least you are wanting to change the subject. So, in the end, you can see yourself talking to walls…