From: Andreas Gruenbacher <agruen@suse.de>
To: nfsv4@ietf.org
Cc: "J. Bruce Fields" <bfields@fieldses.org>,
Lisa Week <Lisa.Week@sun.com>, Sam Falkner <Sam.Falkner@sun.com>,
nfs@lists.sourceforge.net,
Spencer Shepler <spencer.shepler@sun.com>,
Brian Pawlowski <beepy@netapp.com>
Subject: Re: Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Date: Tue, 11 Jul 2006 02:15:53 +0200 [thread overview]
Message-ID: <200607110215.53496.agruen@suse.de> (raw)
In-Reply-To: <1A2FAFA9-0B94-48FA-8B0B-2A8AC0BE0331@Sun.COM>
On Monday, 10. July 2006 17:32, Sam Falkner wrote:
> On Jul 10, 2006, at 8:15 AM, J. Bruce Fields wrote:
> > On Mon, Jul 10, 2006 at 07:29:56AM -0600, Sam Falkner wrote:
> >> On Jul 9, 2006, at 10:22 AM, Andreas Gruenbacher wrote:
> >>> According to section 5.1 of draft-ietf-nfsv4-acls [1], the
> >>> resulting file mode
> >>> permission bits for this acl shall be rw-r--r--.
> >>
> >> Your proposal would give this mode: rw-rw-r--. I think we should
> >> consider this more carefully.
> >
> > As Andreas says, this is what the posix draft would have you do. It's
> > also what Linux (and, I assume, Solaris) do in the case of posix ACLs.
>
> Not on Solaris. With POSIX-draft ACLs, adding user:friend:rw- to a
> mode rw-r--r-- file still gives you rw-r--r--. (And as you point out
> later, these ACLs ain't POSIX.)
Indeed, they are only pretty close. One other difference is that Solaris POSIX
ACLs are always four-entry on some (all?) file systems, while Draft 17 ACLs
as implemented on Irix, FreeBSD, Linux, and possibly others support
three-entry ACLs as well (they are equivalent to the file mode permission
bits.)
It would be bad to repeat the mistake of breaking POSIX assumptions.
> I think having chmod be functional, i.e. chmod 770 gives write
> permission to the owning group, and an "ls -l" shows "rwxrwx---",
> would be best by far.
It screws you when you want to give the owning group fewer permissions than
other users in the File Group Class. This can be worked around by creating a
dummy group with no members, or one group that only contains a single user
for each user, and changing the owning group of files, but the owning group
already has other defined uses in POSIX (think of SETGID for files and
directories), and so it's not desirable and not always possible to change the
owning group to such a dummy group.
Andreas
--
Andreas Gruenbacher <agruen@suse.de>
Novell / SUSE Labs
_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4
next prev parent reply other threads:[~2006-07-11 0:15 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-03 21:10 NFSv4 ACL and POSIX interaction / mask Andreas Gruenbacher
2006-07-07 11:55 ` NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready Andreas Gruenbacher
2006-07-08 3:45 ` Sam Falkner
2006-07-08 6:51 ` [nfsv4] " Lisa Week
2006-07-10 21:09 ` Andreas Gruenbacher
2006-07-08 14:32 ` Sam Falkner
2006-07-09 16:22 ` [nfsv4] " Andreas Gruenbacher
2006-07-10 13:29 ` Sam Falkner
2006-07-10 14:15 ` [nfsv4] " J. Bruce Fields
2006-07-10 15:32 ` Sam Falkner
2006-07-10 18:57 ` [NFS] " J. Bruce Fields
2006-07-10 22:26 ` [nfsv4] " Sam Falkner
2006-07-10 22:39 ` J. Bruce Fields
2006-07-10 22:43 ` J. Bruce Fields
2006-07-11 0:44 ` Andreas Gruenbacher
2006-07-11 0:15 ` Andreas Gruenbacher [this message]
2006-07-11 5:42 ` Sam Falkner
2006-07-11 8:05 ` Andreas Gruenbacher
2006-07-11 12:29 ` [nfsv4] " Sam Falkner
2006-07-11 13:46 ` J. Bruce Fields
2006-07-15 13:56 ` [nfsv4] " Sam Falkner
2006-07-11 0:01 ` Andreas Gruenbacher
2006-07-11 0:28 ` [nfsv4] " J. Bruce Fields
2006-07-11 0:48 ` Andreas Gruenbacher
2006-07-10 22:50 ` Andreas Gruenbacher
2006-07-11 6:17 ` [nfsv4] " Sam Falkner
2006-07-11 8:45 ` Andreas Gruenbacher
2006-07-11 12:44 ` [nfsv4] " Sam Falkner
2006-07-11 6:50 ` Lisa Week
2006-07-11 8:55 ` Andreas Gruenbacher
2006-07-27 0:59 ` Andreas Gruenbacher
2006-07-27 2:57 ` Andreas Gruenbacher
2006-07-28 6:32 ` Lisa Week
2006-08-01 10:36 ` [nfsv4] " Andreas Gruenbacher
2006-07-14 17:59 ` [NFS] " J. Bruce Fields
2006-07-14 18:22 ` J. Bruce Fields
2006-07-14 19:02 ` Andreas Gruenbacher
2006-07-14 19:13 ` J. Bruce Fields
-- strict thread matches above, loose matches on Subject: below --
2006-07-08 15:04 Noveck, Dave
2006-07-10 8:07 ` [nfsv4] " Andreas Gruenbacher
2006-07-10 14:24 ` J. Bruce Fields
2006-07-10 15:25 ` Spencer Shepler
2006-07-10 23:48 ` Andreas Gruenbacher
2006-07-11 0:09 ` J. Bruce Fields
2006-07-19 1:48 Noveck, Dave
2006-07-20 22:57 ` Sam Falkner
2006-07-21 15:10 Noveck, Dave
2006-07-21 18:10 ` J. Bruce Fields
2006-07-23 15:47 ` Sam Falkner
2006-07-25 0:32 ` [nfsv4] " a.gruenbacher
2006-07-25 4:26 ` Sam Falkner
2006-07-25 20:15 ` Andreas Gruenbacher
2006-07-26 4:59 ` Sam Falkner
2006-07-21 17:16 Yoder, Alan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200607110215.53496.agruen@suse.de \
--to=agruen@suse.de \
--cc=Lisa.Week@sun.com \
--cc=Sam.Falkner@sun.com \
--cc=beepy@netapp.com \
--cc=bfields@fieldses.org \
--cc=nfs@lists.sourceforge.net \
--cc=nfsv4@ietf.org \
--cc=spencer.shepler@sun.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.