From: Steve French <smfrench@gmail.com>
To: Andreas Gruenbacher <agruenba@redhat.com>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
samba-technical <samba-technical@lists.samba.org>
Cc: Anne Marie Merritt <annemarie.merritt@primarydata.com>,
Weston Andros Adamson <dros@primarydata.com>
Subject: Richacl and stored but ignored permissions
Date: Tue, 8 Nov 2016 12:25:44 -0600 [thread overview]
Message-ID: <CAH2r5mvtWv6D4zmcFWL5Yowiy+wQ5mGgd1mRWNCT4bBGnrQLQA@mail.gmail.com> (raw)
I noticed that setrichacl (on ext4/xfs with richacl patches from your
tree) allows setting some of the five "stored but ignored" permissions
S synchronize
W write named attributes
R read named attributes
e write retention
E write retention hold
but it brings up some questions:
1) why is 'S' the only one of those five that although allowed to be
set, will not be displayed by getrichacl? Presumably if it can be
set, you might as well display it on getrichacl and that might have
been the original intent since there is a space for it when you do
"getrichacl --full" but that implies (probably correctly) that
'Sychronize' permission is always granted.
2) should we allow 'e' and 'E' to be set (I lean toward yes, but NFS
rejected it when I tried, although xfs/ext4 accepted it).
3) Shouldn't we actually do something with 'W' (and maybe 'R'
permission but presumably that can be just implied to be on since some
attributes always need to be readable) and actually enforce use of W
permission to allow/forbid the setting of xattrs on the file?
4) Shouldn't we display as enabled permissions those that are implicit
rather than leaving them out (as if they are forbidden)? e.g. the
'owner' permission ('o') presumably can be displayed for root (as it
is by default granted), Also note the 'a' and 'S' permissions when
you do "getrichacl --full" are displayed as unset even though they are
implicitly granted. You can fix that by setting 'a' explicitly but it
seems wrong to implicitly grant a permission, but not display it as
granted in getrichacl
--
Thanks,
Steve
next reply other threads:[~2016-11-08 18:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-08 18:25 Steve French [this message]
2016-11-08 20:47 ` Richacl and stored but ignored permissions Andreas Gruenbacher
2016-11-08 20:53 ` Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAH2r5mvtWv6D4zmcFWL5Yowiy+wQ5mGgd1mRWNCT4bBGnrQLQA@mail.gmail.com \
--to=smfrench@gmail.com \
--cc=agruenba@redhat.com \
--cc=annemarie.merritt@primarydata.com \
--cc=dros@primarydata.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=samba-technical@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).