Linux NFS development
 help / color / mirror / Atom feed
From: "J. Bruce Fields" <bfields@fieldses.org>
To: nfsv4@ietf.org
Cc: Sam Falkner <Sam.Falkner@sun.com>,
	nfs@lists.sourceforge.net,
	Spencer Shepler <spencer.shepler@sun.com>,
	Brian Pawlowski <beepy@netapp.com>
Subject: Re: [NFS] NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Date: Fri, 14 Jul 2006 13:59:30 -0400	[thread overview]
Message-ID: <20060714175930.GD20999@fieldses.org> (raw)
In-Reply-To: <200607071355.30624.agruen@suse.de>

On Fri, Jul 07, 2006 at 01:55:30PM +0200, Andreas Gruenbacher wrote:
> On Monday, 3. July 2006 23:10, Andreas Gruenbacher wrote:
> > I have been thinking about the problems of interaction between NFSv4 ACLs
> > and POSIX, and particularly about the issue of masking permissions through
> > chmod and after creating files or directories.

So, omitting the details, the idea is to add 3 optional attributes
(owner_class_mask, group_class_mask, and other_class_mask) which limit
the permissions that an ACL can grant to different classes of entities.

For a client that doesn't support the new attributes, a server can apply
the mask attributes to the ACL before returning it.  I suppose a
multi-protocol server would do the same for CIFS clients.

For a server that doesn't support the new attributes, the client still
has available any of the current options: give up on non-destructive
chmod, or fall back on representing mask bits with DENIES.

When client and server support the new mask bits, we get a completely
non-destructive chmod without all the complicated DENY heuristics.

I agree that that would be an improvement.

--b.

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

  parent reply	other threads:[~2006-07-14 17:59 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-03 21:10 NFSv4 ACL and POSIX interaction / mask Andreas Gruenbacher
2006-07-07 11:55 ` NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready Andreas Gruenbacher
2006-07-08  3:45   ` Sam Falkner
2006-07-08  6:51     ` [nfsv4] " Lisa Week
2006-07-10 21:09       ` Andreas Gruenbacher
2006-07-08 14:32     ` Sam Falkner
2006-07-09 16:22     ` [nfsv4] " Andreas Gruenbacher
2006-07-10 13:29       ` Sam Falkner
2006-07-10 14:15         ` [nfsv4] " J. Bruce Fields
2006-07-10 15:32           ` Sam Falkner
2006-07-10 18:57             ` [NFS] " J. Bruce Fields
2006-07-10 22:26               ` [nfsv4] " Sam Falkner
2006-07-10 22:39                 ` J. Bruce Fields
2006-07-10 22:43                   ` J. Bruce Fields
2006-07-11  0:44                   ` Andreas Gruenbacher
2006-07-11  0:15             ` Andreas Gruenbacher
2006-07-11  5:42               ` [nfsv4] " Sam Falkner
2006-07-11  8:05                 ` Andreas Gruenbacher
2006-07-11 12:29                   ` [nfsv4] " Sam Falkner
2006-07-11 13:46                     ` J. Bruce Fields
2006-07-15 13:56                       ` [nfsv4] " Sam Falkner
2006-07-11  0:01           ` Andreas Gruenbacher
2006-07-11  0:28             ` [nfsv4] " J. Bruce Fields
2006-07-11  0:48               ` Andreas Gruenbacher
2006-07-10 22:50         ` Andreas Gruenbacher
2006-07-11  6:17           ` [nfsv4] " Sam Falkner
2006-07-11  8:45             ` Andreas Gruenbacher
2006-07-11 12:44               ` [nfsv4] " Sam Falkner
2006-07-11  6:50       ` Lisa Week
2006-07-11  8:55         ` Andreas Gruenbacher
2006-07-27  0:59         ` Andreas Gruenbacher
2006-07-27  2:57           ` Andreas Gruenbacher
2006-07-28  6:32           ` Lisa Week
2006-08-01 10:36             ` [nfsv4] " Andreas Gruenbacher
2006-07-14 17:59   ` J. Bruce Fields [this message]
2006-07-14 18:22     ` Re: [NFS] " J. Bruce Fields
2006-07-14 19:02     ` Andreas Gruenbacher
2006-07-14 19:13       ` J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060714175930.GD20999@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=Sam.Falkner@sun.com \
    --cc=beepy@netapp.com \
    --cc=nfs@lists.sourceforge.net \
    --cc=nfsv4@ietf.org \
    --cc=spencer.shepler@sun.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox