IETF Logo Mail Archive

Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready

"J. Bruce Fields" <bfields@fieldses.org> Fri, 14 July 2006 19:43 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1TZv-0005jp-GS; Fri, 14 Jul 2006 15:43:59 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1TZu-0005jk-Rx for nfsv4@ietf.org; Fri, 14 Jul 2006 15:43:58 -0400
Received: from mail.fieldses.org ([66.93.2.214] helo=pickle.fieldses.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G1TZt-0000Y8-JP for nfsv4@ietf.org; Fri, 14 Jul 2006 15:43:58 -0400
Received: from bfields by pickle.fieldses.org with local (Exim 4.62) (envelope-from <bfields@fieldses.org>) id 1G1TZo-0001LI-04; Fri, 14 Jul 2006 15:43:52 -0400
Date: Fri, 14 Jul 2006 15:43:51 -0400
To: "Yoder, Alan" <agy@netapp.com>
Subject: Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Message-ID: <20060714194351.GK20999@fieldses.org>
References: <992BA60650F1584BA63E339312CE420305958904@exsvl02.hq.netapp.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <992BA60650F1584BA63E339312CE420305958904@exsvl02.hq.netapp.com>
User-Agent: Mutt/1.5.11+cvs20060403
From: "J. Bruce Fields" <bfields@fieldses.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc: Sam.Falkner@sun.com, wurzl_mario@emc.com, nfsv4@ietf.org
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Errors-To: nfsv4-bounces@ietf.org

On Fri, Jul 14, 2006 at 12:26:29PM -0700, Yoder, Alan wrote:
> Let me see if I understand.
> 
> A POSIX ACL client sees ALLOW bfields READ+WRITE

Not necessarily "POSIX ACL" clients, but clients that request the new
mask attributes.  Such clients also understand that the relevant mask
makes that ALLOW effectively the same as just an allow of READ.

> A *nix client that only does perms sees r

In the group bit, yes.

> A client that only does CIFS sees ALLOW bfields READ

Right.

> If I have that right, this is like going straight to hell 
> for a multi-protocol server company.

Why?  As far as I can tell, for the multi-protocol server it's a mild
improvement over the current situation.

Right now any client attempting to do posix-draft ACL's (or implementing
full NFSv4 ACLs and strictly adhering to posix requirements on
permissions mechanisms) is setting ACLs with complicated interleaved
DENYs and ALLOWs that, I'm told, no reasonable Windows application is
going to be able to make head or tails of.

My revision of the posix acl draft allows such clients to do that kind
of thing less often.

But Andreas's proposal removes the need for clients to do that stuff in
many more cases.  And the server-side implementation seems doable.

--b.

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email