From: "Frank Filz" <ffilzlnx@mindspring.com>
To: "'J. Bruce Fields'" <bfields@fieldses.org>,
"'Jeff Layton'" <jeff.layton@primarydata.com>
Cc: "'Andreas Gruenbacher'" <agruenba@redhat.com>,
"'Jan Kara'" <jack@suse.cz>, <linux-fsdevel@vger.kernel.org>,
<lsf-pc@lists.linux-foundation.org>,
"'Jeremy Allison'" <jra@samba.org>
Subject: RE: [Lsf-pc] [LSF/MM ATTEND] Richacls
Date: Wed, 14 Jan 2015 09:21:36 -0800 [thread overview]
Message-ID: <003801d0301e$8df4d7d0$a9de8770$@mindspring.com> (raw)
In-Reply-To: <20150114161123.GA1375@fieldses.org>
> On Wed, Jan 14, 2015 at 07:01:35AM -0500, Jeff Layton wrote:
> > On Wed, 14 Jan 2015 09:53:10 +0100
> > Andreas Gruenbacher <agruenba@redhat.com> wrote:
> > > I really don't think that changing the existing POSIX ACL behavior
> > > is an option here, or that representing POSIX ACLs as richacls
> > > internally makes a lot of sense. We'll be much better off having
> > > both models side by side.
>
> OK, fair enough, it may not be worth the trouble.
That certainly makes life a lot simplere.
> > > Converting existing POSIX ACLs into richacls, for example for
> > > converting an entire file system, possibly offline, is relatively
> > > simple and straight forward -- and will be needed -- with the caveat
> > > that permissions will then start to accumulate.
>
> Please don't say it that way or people are going to think we're not
handling
> cases like mode 026--we should definitely insert DENYs as as necessary.
So
> the only inaccuracy is that weird corner case with group ACEs. Which is
worth
> a footnote, sure, but that's all.
Yes, definitely, any conversion tool should make a best effort. A conversion
tool could also have options to direct how it translates certain tricky
constructions. So if the sysadmin knows groups are used to remove
permissions, then the conversion tool could be directed to insert a DENY ACE
after every group ACE (such a user SHOULD NOT have this construct anyway, it
wouldn't make sense).
> > > Converting richacls into POSIX ACLs may occasionally be needed when
> > > migrating something back as well, but this operation is lossy in
> > > general, likely slow, there could be different policies like failing
> > > or dropping permissions when something cannot be represented
> > > exactly. By representing POSIX ACLs as richacls internally, that
> > > more complicated conversion would be needed all the time, even in the
> kernel, though.
Hmm, poor cp and tar (and other tools) will be thrown into shark infested
waters... I assume the initial caveat will be that anything that copies a
file from a filesystem that uses POSIX to a filesystem that uses RICHACL or
visa versa will NOT copy the ACL.
> > FWIW, at the last LSF we had a discussion around richacls and Aneesh
> > was present. The tentative decision at that time was that filesystems
> > should store _either_ richacls or posix acls, and that decision should
> > be made at fs creation time.
> >
> > If you need to convert to the other scheme, then the understanding was
> > that you'd either recreate the filesystem, or potentially do some sort
> > of in-place conversion with a specialized tool.
> >
> > I think aiming for that sort of scheme makes the most sense as it
> > covers the vast majority of use-cases and keeps undue complexity out
> > of the kernel.
Yea, that sounds good.
Frank
next prev parent reply other threads:[~2015-01-14 17:21 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1626890778.1513173.1421087867777.JavaMail.zimbra@redhat.com>
2015-01-12 21:06 ` [LSF/MM ATTEND] Richacls Andreas Gruenbacher
2015-01-12 21:54 ` Jeremy Allison
2015-01-12 22:30 ` J. Bruce Fields
2015-01-13 10:14 ` [Lsf-pc] " Jan Kara
2015-01-13 15:07 ` Andreas Gruenbacher
2015-01-13 16:48 ` Jeremy Allison
2015-01-13 17:23 ` Andreas Gruenbacher
2015-01-13 17:29 ` Jeremy Allison
2015-01-13 17:40 ` J. Bruce Fields
2015-01-13 18:04 ` Jeremy Allison
2015-01-13 19:53 ` Frank Filz
2015-01-13 20:24 ` 'J. Bruce Fields'
2015-01-13 20:26 ` Jeremy Allison
2015-01-13 20:30 ` Jeremy Allison
2015-01-13 20:35 ` Frank Filz
2015-01-14 7:57 ` Andreas Gruenbacher
2015-01-13 21:04 ` Jan Kara
2015-01-13 21:16 ` J. Bruce Fields
2015-01-13 21:20 ` Jeremy Allison
2015-01-13 21:27 ` Frank Filz
2015-01-13 21:31 ` Jan Kara
2015-01-14 8:53 ` Andreas Gruenbacher
2015-01-14 12:01 ` Jeff Layton
2015-01-14 16:11 ` J. Bruce Fields
2015-01-14 17:21 ` Frank Filz [this message]
2015-01-23 5:31 ` Steve French
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='003801d0301e$8df4d7d0$a9de8770$@mindspring.com' \
--to=ffilzlnx@mindspring.com \
--cc=agruenba@redhat.com \
--cc=bfields@fieldses.org \
--cc=jack@suse.cz \
--cc=jeff.layton@primarydata.com \
--cc=jra@samba.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=lsf-pc@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).