# ACL interitance question



## armin (Apr 17, 2012)

Hallo everybody!

I am experiencing with ZFS and ACL interitance. Normal*l*y I have a very simple permission structure, the owner and primary group and one additional group with read access. My goal is to set permissions on the zfs root folder in a manner that if *I* add a group to the zfs root folder the group is automatically set to all existing files and folders within the root folder. I expected that with inheritance this should work without problems, but adding a group to the root folder always need a "-r" switch to set the permissions on the subfiles and folders.

Why are existing files not affected by permission changes on a parent folder although inheritance is set?


```
zfs get all zfs01:
zfs01  aclmode               groupmask              local
zfs01  aclinherit            passthrough            local
```

Permiss*i*ons are set as follows:


```
chgrp admins@mydomain.at /zfs01
chmod g+s /zfs01
chmod A=owner@:rwxpcCosRrWaAdD:fd:allow /zfs01
chmod A+group@:rwxpcCosRrWaAdD:fd:allow /zfs01
chmod A+everyone@::fd:allow /zfs01
chmod A+group:sales@mydomain.at:rxcRa:fd:allow /zfs01
```

If *I* now change the permissions to "sales@mydomain.at" only the permissions on the root folders are changed without the "-r" parameter, that makes no sense to me:


```
chmod A0=group:sales@mydomain.at:write_data:fd:allow /zfs01
```

Please give me an idea for this behavior.


----------

