[OpenIndiana-discuss] Cannot delete file on zfs as root

Andrew Martin amartin at xes-inc.com
Thu Nov 13 16:24:27 UTC 2014 

Hello,

I am running an OpenIndiana fileserver serving shares from a ZFS pool over NFS
and CIFS (smb/server). The majority of users access files from Windows 7 over
CIFS. I've run into an issue, particularly with PDFs, where a user who has full
permissions on a file is unable to delete it. I know that this is not an ACL
issue on the parent directory because the same user can delete/modify other
files in the same directory. I think this is probably due to Adobe Reader
requesting an exclusive lock on the file when someone opens it, so most likely
the reason why it cannot be removed is that another user somewhere has the file
open (or Windows Explorer has requested an opportunistic lock on the file). I
logged in as root on the OpenIndiana server and attempted to remove the file,
however it tells me Permission Denied. I ran a truss with the following output:


root at oi0:/# ls -l /export/share/dir/file.pdf
-rwxrwxrwx+ 1 user1 Domain Users 78067 2014-11-05 14:20 /export/share/dir/file.pdf

root at oi0:/# /usr/bin/ls -V /export/share/dir/file.pdf
-rwxrwxrwx+  1 user1 Domain Users   78067 Nov  5 14:20 /export/share/dir/file.pdf
              everyone@:rwxpdDaARWcCos:------I:allow
     group:Domain Users:rwxpd-aARWc--s:-------:allow
     group:Domain Users:rw-pd-aARWcCos:-------:allow
                 owner@:rw-pd-aARWcCos:-------:allow
                 group@:r-----a-R-c--s:-------:allow
root at oi0:/# /usr/bin/ls -d/ v /export/share/dir/file.pdf
-rwxrwxrwx+  1 user1 Domain Users   78067 Nov  5 14:20 /export/share/dir/file.pdf
                {archive,nohidden,noreadonly,nosystem,noappendonly,nonodump,noimmutable,av_modified,noav_quarantined,nonounlink,nooffline,nosparse}

root at oi0:/# truss rm -f /export/share/dir/file.pdf
...
lstat64("/export/share/dir/file.pdf", 0x08086330) = 0
unlink("/export/share/dir/file.pdf") Err#13 EACCES
open("/usr/gnu/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) Err#2 ENOENT
...

Here are the ACLs on the parent directory:
root at oi0:/# /usr/bin/ls -Vd /export/share/dir
drwxrwx---+  3 user1 Domain Users       6 Nov 13 10:08 /export/share/dir
                 owner@:rwxpdDaARWcCos:-d-----:allow
                 owner@:rw-pdDaARWcCos:f-i----:allow
     group:Domain Users:rwxpdDaARWcCos:-d-----:allow
     group:Domain Users:rw-pdDaARWcCos:f-i----:allow
                 group@:r-x---a-R-c--s:-d-----:allow
                 group@:r-----a-R-c--s:f-i----:allow
              everyone@:rwxp-DaA--cC-s:-d-----:deny


I initially thought perhaps the everyone@ deny ACL was the problem, but I
removed it from the parent directory and I still could not remove this file.
Moreover, even with the everyone@ ACL in place, I was still able to create
other files and remove other existing files inside of /export/share/dir.

What is preventing me from removing this file as root? Is there a safe utility
for viewing which users have a file open (equivalent of smbstatus)? What can I
do to prevent this type of situation from occurring?

Thanks,

Andrew Martin

More information about the openindiana-discuss mailing list