From: Andreas Gruenbacher <agruen@suse.de>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Lisa Week <Lisa.Week@sun.com>,
nfsv4@ietf.org, Sam Falkner <Sam.Falkner@sun.com>,
nfs@lists.sourceforge.net,
Spencer Shepler <spencer.shepler@sun.com>,
Brian Pawlowski <beepy@netapp.com>
Subject: Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Date: Tue, 11 Jul 2006 02:48:37 +0200 [thread overview]
Message-ID: <200607110248.37374.agruen@suse.de> (raw)
In-Reply-To: <20060711002826.GB1440@fieldses.org>
On Tuesday, 11. July 2006 02:28, J. Bruce Fields wrote:
> On Tue, Jul 11, 2006 at 02:01:42AM +0200, Andreas Gruenbacher wrote:
> > The issue is that you sometimes want to give the owning group fewer
> > perissions than say, user:bfields in the above example. You can only do
> > that by separating the owning group and mask permissions.
> >
> > For this aspect of the problem (actually for all aspects except for those
> > that the DENY entries cause because they are sometimes difficult or
> > impossible to uniquely tell from other "ordinary" entries) it is totally
> > irrelevant whether the mask is represented as a mask:: acl entry as in
> > POSIX ACLs, as a series of DENY ACL entries, or as NFSv4 attributes.
> >
> > (POSIX ACLs only need one mask entry because they can never grant more
> > than rwx permissions anyway, and so the owner and other permissions are
> > always identical to the owner and other file mode permission bits. That's
> > no longer true with POSIX ACLs, and so there we also need mask entries
> > for the owner and for others.)
>
> So you need this if and only if you want to be able to set OWNER@
> permissions other than read, write, or execute, *and* want to be able to
> recover from a chmod?
I think I have answered this exhaustively in:
Subject: Re: [NFS] [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask,
draft-ietf-nfsv4-acls-00 not ready
Date: Tue, 11 Jul 2006 02:44:30 +0200
Message-Id: <200607110244.31010.agruen@suse.de>
Andreas
--
Andreas Gruenbacher <agruen@suse.de>
Novell / SUSE Labs
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2006-07-11 0:51 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-03 21:10 NFSv4 ACL and POSIX interaction / mask Andreas Gruenbacher
2006-07-07 11:55 ` NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready Andreas Gruenbacher
2006-07-08 3:45 ` Sam Falkner
2006-07-08 6:51 ` [nfsv4] " Lisa Week
2006-07-10 21:09 ` Andreas Gruenbacher
2006-07-08 14:32 ` Sam Falkner
2006-07-09 16:22 ` [nfsv4] " Andreas Gruenbacher
2006-07-10 13:29 ` Sam Falkner
2006-07-10 14:15 ` [nfsv4] " J. Bruce Fields
2006-07-10 15:32 ` Sam Falkner
2006-07-10 18:57 ` [NFS] " J. Bruce Fields
2006-07-10 22:26 ` [nfsv4] " Sam Falkner
2006-07-10 22:39 ` J. Bruce Fields
2006-07-10 22:43 ` J. Bruce Fields
2006-07-11 0:44 ` Andreas Gruenbacher
2006-07-11 0:15 ` Andreas Gruenbacher
2006-07-11 5:42 ` [nfsv4] " Sam Falkner
2006-07-11 8:05 ` Andreas Gruenbacher
2006-07-11 12:29 ` [nfsv4] " Sam Falkner
2006-07-11 13:46 ` J. Bruce Fields
2006-07-15 13:56 ` [nfsv4] " Sam Falkner
2006-07-11 0:01 ` Andreas Gruenbacher
2006-07-11 0:28 ` [nfsv4] " J. Bruce Fields
2006-07-11 0:48 ` Andreas Gruenbacher [this message]
2006-07-10 22:50 ` Andreas Gruenbacher
2006-07-11 6:17 ` [nfsv4] " Sam Falkner
2006-07-11 8:45 ` Andreas Gruenbacher
2006-07-11 12:44 ` [nfsv4] " Sam Falkner
2006-07-11 6:50 ` Lisa Week
2006-07-11 8:55 ` Andreas Gruenbacher
2006-07-27 0:59 ` Andreas Gruenbacher
2006-07-27 2:57 ` Andreas Gruenbacher
2006-07-28 6:32 ` Lisa Week
2006-08-01 10:36 ` [nfsv4] " Andreas Gruenbacher
2006-07-14 17:59 ` [NFS] " J. Bruce Fields
2006-07-14 18:22 ` J. Bruce Fields
2006-07-14 19:02 ` Andreas Gruenbacher
2006-07-14 19:13 ` J. Bruce Fields
-- strict thread matches above, loose matches on Subject: below --
2006-07-08 15:04 Noveck, Dave
2006-07-08 19:27 ` [nfsv4] " Lisa Week
2006-07-10 8:07 ` Andreas Gruenbacher
2006-07-14 18:29 Noveck, Dave
2006-07-14 18:32 ` J. Bruce Fields
2006-07-16 13:10 Noveck, Dave
2006-07-18 22:08 ` Sam Falkner
2006-07-21 15:10 Noveck, Dave
2006-07-21 18:10 ` J. Bruce Fields
2006-07-23 15:47 ` Sam Falkner
2006-07-25 0:32 ` [nfsv4] " a.gruenbacher
2006-07-25 4:26 ` Sam Falkner
2006-07-25 20:15 ` Andreas Gruenbacher
2006-07-26 4:59 ` Sam Falkner
2006-07-26 13:00 ` [nfsv4] " J. Bruce Fields
2006-08-03 13:46 ` Andreas Gruenbacher
2006-08-04 0:30 ` Andreas Gruenbacher
2006-08-04 1:37 ` Sam Falkner
2006-08-04 10:35 ` Andreas Gruenbacher
2006-08-04 11:19 ` Andreas Gruenbacher
2006-08-04 20:20 ` Sam Falkner
2006-07-21 17:16 Yoder, Alan
2006-07-23 15:45 ` [nfsv4] " Sam Falkner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200607110248.37374.agruen@suse.de \
--to=agruen@suse.de \
--cc=Lisa.Week@sun.com \
--cc=Sam.Falkner@sun.com \
--cc=beepy@netapp.com \
--cc=bfields@fieldses.org \
--cc=nfs@lists.sourceforge.net \
--cc=nfsv4@ietf.org \
--cc=spencer.shepler@sun.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.