From: Michael Adam <obnox@samba.org>
To: Volker Lendecke <Volker.Lendecke@SerNet.DE>,
Christoph Hellwig <hch@infradead.org>
Cc: Jeremy Allison <jra@samba.org>,
Andreas Gruenbacher <agruenba@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
"J. Bruce Fields" <bfields@fieldses.org>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
"Theodore Ts'o" <tytso@mit.edu>,
linux-cifs@vger.kernel.org, Linux API <linux-api@vger.kernel.org>,
Trond Myklebust <trond.myklebust@primarydata.com>,
LKML <linux-kernel@vger.kernel.org>,
XFS Developers <xfs@oss.sgi.com>,
Andreas Dilger <adilger.kernel@dilger.ca>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Jeff Layton <jlayton@poochiereds.net>,
linux-ext4 <linux-ext4@vger.kernel.org>,
Anna Schumaker <anna.schumaker@netapp.com>
Subject: Re: [PATCH v18 00/22] Richacls (Core and Ext4)
Date: Mon, 21 Mar 2016 19:20:57 +0100 [thread overview]
Message-ID: <20160321182057.GF1044@samba.org> (raw)
In-Reply-To: <20160315201700.GA22945@sernet.de>
[-- Attachment #1: Type: text/plain, Size: 2054 bytes --]
On 2016-03-15 at 21:17 +0100, Volker Lendecke wrote:
> On Tue, Mar 15, 2016 at 08:45:14AM -0700, Jeremy Allison wrote:
> > On Tue, Mar 15, 2016 at 12:11:03AM -0700, Christoph Hellwig wrote:
> > > People have long learned that we only have 'alloc' permissions. Any
> > > model that mixes allow and deny ACE is a mistake.
> >
> > People can also learn and change though :-). One of the
> > biggest complaints people deploying Samba on Linux have is the
> > incompatible ACL models.
>
> Just to confirm: I see this a lot in the field. NFSv4 ACLs, while not a
> perfect match for NTFS ACLs are a lot closer much more usable to people
> who want to serve Windows clients.
>
> Also in the pure linux world there is a lot that you can not express
> with just rwx, sgid, sticky bits and friends. If you want the additional
> functionality of the richacl bits, I would call it a big mistake to
> omit negative aces, if just for the reason not to create yet another
> ACLs flavor.
>
> > Whilst I have sympathy with your intense dislike of the
> > Windows ACL model, this comes down to the core of "who
> > do we serve ?"
>
> The world has enough confusion around ACL semanics, please do not add
> more to it by creating your own model of the day.
Exacty: Like it or not, Windows ACLs are a fact. And the
approximation by the NFSv4 ACLs is getting closer and closer
with each iteration... ;-) So it is not only that Windows world
looking into this.
As Volker and Jeremy have pointed out, the lack of ACL semantics
is one of things the users of Samba complain about most bitterly.
While Samba can work around it when it is acting exclusively on
the files, this is not an option when NFS or other protocols are
to access the data concurrently. In that case we need more
precision down in the file system. So because they make use of
*existing* formats and semantics, I think Andreas' richacls are
just the way to go, as alien as they may seem from the pure linux
filesystem point of view at first.
Cheers - Michael
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
prev parent reply other threads:[~2016-03-21 18:21 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-29 8:17 [PATCH v18 00/22] Richacls (Core and Ext4) Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 04/22] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 05/22] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 06/22] richacl: In-memory representation and helper functions Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 07/22] richacl: Permission mapping functions Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 08/22] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 09/22] richacl: Permission check algorithm Andreas Gruenbacher
2016-03-11 14:09 ` Christoph Hellwig
2016-02-29 8:17 ` [PATCH v18 10/22] posix_acl: Unexport acl_by_type and make it static Andreas Gruenbacher
2016-03-11 14:03 ` Christoph Hellwig
2016-02-29 8:17 ` [PATCH v18 11/22] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2016-03-11 14:07 ` Christoph Hellwig
2016-03-11 16:24 ` Andreas Gruenbacher
2016-03-15 7:12 ` Christoph Hellwig
2016-03-16 22:31 ` Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 12/22] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 13/22] vfs: Cache richacl in struct inode Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 14/22] richacl: Update the file masks in chmod() Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 15/22] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 16/22] richacl: Create-time inheritance Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 17/22] richacl: Automatic Inheritance Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 18/22] richacl: xattr mapping functions Andreas Gruenbacher
2016-03-11 14:17 ` Christoph Hellwig
2016-03-11 17:03 ` Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 19/22] richacl: Add richacl xattr handler Andreas Gruenbacher
2016-03-11 14:17 ` Christoph Hellwig
2016-03-11 14:19 ` J. Bruce Fields
2016-03-15 7:10 ` Christoph Hellwig
2016-03-15 21:05 ` J. Bruce Fields
2016-03-21 16:09 ` Christoph Hellwig
2016-02-29 8:17 ` [PATCH v18 20/22] vfs: Add richacl permission checking Andreas Gruenbacher
2016-02-29 8:17 ` [PATCH v18 21/22] ext4: Add richacl support Andreas Gruenbacher
2016-03-11 14:27 ` Christoph Hellwig
2016-03-13 23:08 ` Andreas Gruenbacher
2016-03-15 7:17 ` Christoph Hellwig
2016-03-16 22:38 ` Andreas Gruenbacher
2016-03-13 23:49 ` Andreas Gruenbacher
2016-03-14 13:02 ` Andreas Gruenbacher
2016-03-15 7:18 ` Christoph Hellwig
2016-02-29 8:17 ` [PATCH v18 22/22] ext4: Add richacl feature flag Andreas Gruenbacher
2016-03-11 14:01 ` [PATCH v18 00/22] Richacls (Core and Ext4) Christoph Hellwig
2016-03-11 14:07 ` J. Bruce Fields
2016-03-12 21:12 ` Simo
2016-03-15 7:09 ` Christoph Hellwig
2016-03-11 16:11 ` Andreas Gruenbacher
2016-03-11 20:05 ` Steve French
2016-03-11 23:02 ` Jeremy Allison
2016-03-13 23:02 ` Andreas Gruenbacher
2016-03-14 3:54 ` Jeremy Allison
2016-03-15 7:14 ` Christoph Hellwig
2016-03-16 3:40 ` Steve French
2016-03-15 7:11 ` Christoph Hellwig
2016-03-15 15:45 ` Jeremy Allison
2016-03-15 20:17 ` Volker Lendecke
2016-03-16 3:28 ` Steve French
2016-03-21 18:20 ` Michael Adam [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160321182057.GF1044@samba.org \
--to=obnox@samba.org \
--cc=Volker.Lendecke@SerNet.DE \
--cc=adilger.kernel@dilger.ca \
--cc=agruenba@redhat.com \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=hch@infradead.org \
--cc=jlayton@poochiereds.net \
--cc=jra@samba.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).