All of lore.kernel.org
 help / color / mirror / Atom feed
From: "J. Bruce Fields" <bfields@fieldses.org>
To: Sam Falkner <Sam.Falkner@Sun.COM>
Cc: nfs@lists.sourceforge.net,
	Spencer Shepler <spencer.shepler@Sun.COM>,
	Brian Pawlowski <beepy@netapp.com>,
	nfsv4@ietf.org, Lisa Week <Lisa.Week@Sun.COM>
Subject: Re: [NFS] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Date: Mon, 10 Jul 2006 14:57:42 -0400	[thread overview]
Message-ID: <20060710185742.GD10035@fieldses.org> (raw)
In-Reply-To: <1A2FAFA9-0B94-48FA-8B0B-2A8AC0BE0331@Sun.COM>

On Mon, Jul 10, 2006 at 09:32:28AM -0600, Sam Falkner wrote:
> On Jul 10, 2006, at 8:15 AM, J. Bruce Fields wrote:
> > As Andreas says, this is what the posix draft would have you do.  It's
> > also what Linux (and, I assume, Solaris) do in the case of posix ACLs.
> 
> Not on Solaris.  With POSIX-draft ACLs, adding user:friend:rw- to a  
> mode rw-r--r-- file still gives you rw-r--r--.  (And as you point out  
> later, these ACLs ain't POSIX.)
...
> > That is how posix acl's work; again, the group mode bit really
> > corresponds to the mask, not to the group acl entry:
...
> Again, not so on Solaris.  I wasn't aware that it was on Linux.  Sigh.

Ugh, sorry, OK, I didn't understand that we had that difference.

Personally, after seeing how complicated this can get, I almost think
I'd rather translate mode bits to NFSv4 ACLs by translating them to the
obvious ACL with 3 ALLOW ACEs.  And I'd rather translate the mask by
just masking out the bits in the obvious way, rather than adding DENY
aces.

At the very least, I'd rather not *forbid* such an implementation.  Yes,
it makes chmod irreversible, and it's wrong in a few rare corner cases,
but there are advantages to being wrong in a way that's simple and easy
to document.

If we're committed to getting the mask ace right, though, I would prefer
to adopt one of Andreas's solutions; they'd allow us to generate much
simpler ACLs.  I actually prefer the first proposal (letting the server
use the mode bits to mask out permissions).  But if we're going to add
explicit mask aces, then please, let's add only one.  I understand the
theoretical advantage to masking out all three classes, but that's
adding too much complexity for a few corner cases, and I don't think
it's going to be easy for users to understand.

We could add a new ACE type (in addition to ALLOW, DENY, AUDIT, ALARM),
and then a client could query the server's ability to represent the mask
with the aclsupport attribute and decide whether it wants to add DENY's
to represent the mask, or just give up on chmod reversibility.

--b.

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

  reply	other threads:[~2006-07-10 18:57 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-03 21:10 NFSv4 ACL and POSIX interaction / mask Andreas Gruenbacher
2006-07-07 11:55 ` NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready Andreas Gruenbacher
2006-07-08  3:45   ` Sam Falkner
2006-07-08  6:51     ` [nfsv4] " Lisa Week
2006-07-10 21:09       ` Andreas Gruenbacher
2006-07-08 14:32     ` Sam Falkner
2006-07-09 16:22     ` [nfsv4] " Andreas Gruenbacher
2006-07-10 13:29       ` Sam Falkner
2006-07-10 14:15         ` [nfsv4] " J. Bruce Fields
2006-07-10 15:32           ` Sam Falkner
2006-07-10 18:57             ` J. Bruce Fields [this message]
2006-07-10 22:26               ` [nfsv4] " Sam Falkner
2006-07-10 22:39                 ` J. Bruce Fields
2006-07-10 22:43                   ` J. Bruce Fields
2006-07-11  0:44                   ` Andreas Gruenbacher
2006-07-11  0:15             ` Andreas Gruenbacher
2006-07-11  5:42               ` [nfsv4] " Sam Falkner
2006-07-11  8:05                 ` Andreas Gruenbacher
2006-07-11 12:29                   ` [nfsv4] " Sam Falkner
2006-07-11 13:46                     ` J. Bruce Fields
2006-07-15 13:56                       ` [nfsv4] " Sam Falkner
2006-07-11  0:01           ` Andreas Gruenbacher
2006-07-11  0:28             ` [nfsv4] " J. Bruce Fields
2006-07-11  0:48               ` Andreas Gruenbacher
2006-07-10 22:50         ` Andreas Gruenbacher
2006-07-11  6:17           ` [nfsv4] " Sam Falkner
2006-07-11  8:45             ` Andreas Gruenbacher
2006-07-11 12:44               ` [nfsv4] " Sam Falkner
2006-07-11  6:50       ` Lisa Week
2006-07-11  8:55         ` Andreas Gruenbacher
2006-07-27  0:59         ` Andreas Gruenbacher
2006-07-27  2:57           ` Andreas Gruenbacher
2006-07-28  6:32           ` Lisa Week
2006-08-01 10:36             ` [nfsv4] " Andreas Gruenbacher
2006-07-14 17:59   ` [NFS] " J. Bruce Fields
2006-07-14 18:22     ` J. Bruce Fields
2006-07-14 19:02     ` Andreas Gruenbacher
2006-07-14 19:13       ` J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060710185742.GD10035@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=Lisa.Week@Sun.COM \
    --cc=Sam.Falkner@Sun.COM \
    --cc=beepy@netapp.com \
    --cc=nfs@lists.sourceforge.net \
    --cc=nfsv4@ietf.org \
    --cc=spencer.shepler@Sun.COM \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.