From: Andreas Gruenbacher <agruen@suse.de>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Lisa Week <Lisa.Week@sun.com>,
nfsv4@ietf.org, Sam Falkner <Sam.Falkner@sun.com>,
nfs@lists.sourceforge.net,
Spencer Shepler <spencer.shepler@sun.com>,
Brian Pawlowski <beepy@netapp.com>
Subject: Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Date: Tue, 11 Jul 2006 02:48:37 +0200 [thread overview]
Message-ID: <200607110248.37374.agruen@suse.de> (raw)
In-Reply-To: <20060711002826.GB1440@fieldses.org>
On Tuesday, 11. July 2006 02:28, J. Bruce Fields wrote:
> On Tue, Jul 11, 2006 at 02:01:42AM +0200, Andreas Gruenbacher wrote:
> > The issue is that you sometimes want to give the owning group fewer
> > perissions than say, user:bfields in the above example. You can only do
> > that by separating the owning group and mask permissions.
> >
> > For this aspect of the problem (actually for all aspects except for those
> > that the DENY entries cause because they are sometimes difficult or
> > impossible to uniquely tell from other "ordinary" entries) it is totally
> > irrelevant whether the mask is represented as a mask:: acl entry as in
> > POSIX ACLs, as a series of DENY ACL entries, or as NFSv4 attributes.
> >
> > (POSIX ACLs only need one mask entry because they can never grant more
> > than rwx permissions anyway, and so the owner and other permissions are
> > always identical to the owner and other file mode permission bits. That's
> > no longer true with POSIX ACLs, and so there we also need mask entries
> > for the owner and for others.)
>
> So you need this if and only if you want to be able to set OWNER@
> permissions other than read, write, or execute, *and* want to be able to
> recover from a chmod?
I think I have answered this exhaustively in:
Subject: Re: [NFS] [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask,
draft-ietf-nfsv4-acls-00 not ready
Date: Tue, 11 Jul 2006 02:44:30 +0200
Message-Id: <200607110244.31010.agruen@suse.de>
Andreas
--
Andreas Gruenbacher <agruen@suse.de>
Novell / SUSE Labs
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2006-07-11 0:51 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-03 21:10 NFSv4 ACL and POSIX interaction / mask Andreas Gruenbacher
2006-07-07 11:55 ` NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready Andreas Gruenbacher
2006-07-08 3:45 ` Sam Falkner
2006-07-08 6:51 ` [nfsv4] " Lisa Week
2006-07-10 21:09 ` Andreas Gruenbacher
2006-07-08 14:32 ` Sam Falkner
2006-07-09 16:22 ` [nfsv4] " Andreas Gruenbacher
2006-07-10 13:29 ` Sam Falkner
2006-07-10 14:15 ` [nfsv4] " J. Bruce Fields
2006-07-10 15:32 ` Sam Falkner
2006-07-10 18:57 ` [NFS] " J. Bruce Fields
2006-07-10 22:26 ` [nfsv4] " Sam Falkner
2006-07-10 22:39 ` J. Bruce Fields
2006-07-10 22:43 ` J. Bruce Fields
2006-07-11 0:44 ` Andreas Gruenbacher
2006-07-11 0:15 ` Andreas Gruenbacher
2006-07-11 5:42 ` [nfsv4] " Sam Falkner
2006-07-11 8:05 ` Andreas Gruenbacher
2006-07-11 12:29 ` [nfsv4] " Sam Falkner
2006-07-11 13:46 ` J. Bruce Fields
2006-07-15 13:56 ` [nfsv4] " Sam Falkner
2006-07-11 0:01 ` Andreas Gruenbacher
2006-07-11 0:28 ` [nfsv4] " J. Bruce Fields
2006-07-11 0:48 ` Andreas Gruenbacher [this message]
2006-07-10 22:50 ` Andreas Gruenbacher
2006-07-11 6:17 ` [nfsv4] " Sam Falkner
2006-07-11 8:45 ` Andreas Gruenbacher
2006-07-11 12:44 ` [nfsv4] " Sam Falkner
2006-07-11 6:50 ` Lisa Week
2006-07-11 8:55 ` Andreas Gruenbacher
2006-07-27 0:59 ` Andreas Gruenbacher
2006-07-27 2:57 ` Andreas Gruenbacher
2006-07-28 6:32 ` Lisa Week
2006-08-01 10:36 ` [nfsv4] " Andreas Gruenbacher
2006-07-14 17:59 ` [NFS] " J. Bruce Fields
2006-07-14 18:22 ` J. Bruce Fields
2006-07-14 19:02 ` Andreas Gruenbacher
2006-07-14 19:13 ` J. Bruce Fields
-- strict thread matches above, loose matches on Subject: below --
2006-07-08 15:04 Noveck, Dave
2006-07-08 19:27 ` [nfsv4] " Lisa Week
2006-07-10 8:07 ` Andreas Gruenbacher
2006-07-14 18:29 Noveck, Dave
2006-07-14 18:32 ` J. Bruce Fields
2006-07-16 13:10 Noveck, Dave
2006-07-18 22:08 ` Sam Falkner
2006-07-21 15:10 Noveck, Dave
2006-07-21 18:10 ` J. Bruce Fields
2006-07-23 15:47 ` Sam Falkner
2006-07-25 0:32 ` [nfsv4] " a.gruenbacher
2006-07-25 4:26 ` Sam Falkner
2006-07-25 20:15 ` Andreas Gruenbacher
2006-07-26 4:59 ` Sam Falkner
2006-07-26 13:00 ` [nfsv4] " J. Bruce Fields
2006-08-03 13:46 ` Andreas Gruenbacher
2006-08-04 0:30 ` Andreas Gruenbacher
2006-08-04 1:37 ` Sam Falkner
2006-08-04 10:35 ` Andreas Gruenbacher
2006-08-04 11:19 ` Andreas Gruenbacher
2006-08-04 20:20 ` Sam Falkner
2006-07-21 17:16 Yoder, Alan
2006-07-23 15:45 ` [nfsv4] " Sam Falkner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200607110248.37374.agruen@suse.de \
--to=agruen@suse.de \
--cc=Lisa.Week@sun.com \
--cc=Sam.Falkner@sun.com \
--cc=beepy@netapp.com \
--cc=bfields@fieldses.org \
--cc=nfs@lists.sourceforge.net \
--cc=nfsv4@ietf.org \
--cc=spencer.shepler@sun.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox