Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
"J. Bruce Fields" <bfields@fieldses.org> Fri, 14 July 2006 19:43 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1TZv-0005jp-GS; Fri, 14 Jul 2006 15:43:59 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1TZu-0005jk-Rx for nfsv4@ietf.org; Fri, 14 Jul 2006 15:43:58 -0400
Received: from mail.fieldses.org ([66.93.2.214] helo=pickle.fieldses.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G1TZt-0000Y8-JP for nfsv4@ietf.org; Fri, 14 Jul 2006 15:43:58 -0400
Received: from bfields by pickle.fieldses.org with local (Exim 4.62) (envelope-from <bfields@fieldses.org>) id 1G1TZo-0001LI-04; Fri, 14 Jul 2006 15:43:52 -0400
Date: Fri, 14 Jul 2006 15:43:51 -0400
To: "Yoder, Alan" <agy@netapp.com>
Subject: Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Message-ID: <20060714194351.GK20999@fieldses.org>
References: <992BA60650F1584BA63E339312CE420305958904@exsvl02.hq.netapp.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <992BA60650F1584BA63E339312CE420305958904@exsvl02.hq.netapp.com>
User-Agent: Mutt/1.5.11+cvs20060403
From: "J. Bruce Fields" <bfields@fieldses.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc: Sam.Falkner@sun.com, wurzl_mario@emc.com, nfsv4@ietf.org
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Errors-To: nfsv4-bounces@ietf.org
On Fri, Jul 14, 2006 at 12:26:29PM -0700, Yoder, Alan wrote: > Let me see if I understand. > > A POSIX ACL client sees ALLOW bfields READ+WRITE Not necessarily "POSIX ACL" clients, but clients that request the new mask attributes. Such clients also understand that the relevant mask makes that ALLOW effectively the same as just an allow of READ. > A *nix client that only does perms sees r In the group bit, yes. > A client that only does CIFS sees ALLOW bfields READ Right. > If I have that right, this is like going straight to hell > for a multi-protocol server company. Why? As far as I can tell, for the multi-protocol server it's a mild improvement over the current situation. Right now any client attempting to do posix-draft ACL's (or implementing full NFSv4 ACLs and strictly adhering to posix requirements on permissions mechanisms) is setting ACLs with complicated interleaved DENYs and ALLOWs that, I'm told, no reasonable Windows application is going to be able to make head or tails of. My revision of the posix acl draft allows such clients to do that kind of thing less often. But Andreas's proposal removes the need for clients to do that stuff in many more cases. And the server-side implementation seems doable. --b. _______________________________________________ nfsv4 mailing list nfsv4@ietf.org https://www1.ietf.org/mailman/listinfo/nfsv4
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Lisa Week
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… J. Bruce Fields
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Spencer Shepler
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… J. Bruce Fields
- RE: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… Noveck, Dave
- Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… J. Bruce Fields
- RE: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… Yoder, Alan
- Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… J. Bruce Fields
- RE: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… Yoder, Alan
- Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… J. Bruce Fields
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… J. Bruce Fields
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… J. Bruce Fields
- Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner