RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
"Noveck, Dave" <Dave.Noveck@netapp.com> Fri, 21 July 2006 15:18 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G3wlV-0001u8-HB; Fri, 21 Jul 2006 11:18:09 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G3wlT-0001td-Cf for nfsv4@ietf.org; Fri, 21 Jul 2006 11:18:08 -0400
Received: from mx2.netapp.com ([216.240.18.37]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G3wfD-0004eh-Co for nfsv4@ietf.org; Fri, 21 Jul 2006 11:11:39 -0400
Received: from smtp1.corp.netapp.com ([10.57.156.124]) by mx2.netapp.com with ESMTP; 21 Jul 2006 08:11:39 -0700
X-IronPort-AV: i="4.07,169,1151910000"; d="scan'208"; a="394420758:sNHT22318620"
Received: from svlexc03.hq.netapp.com (svlexc03.corp.netapp.com [10.57.156.149]) by smtp1.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id k6LFBXE8029334; Fri, 21 Jul 2006 08:11:38 -0700 (PDT)
Received: from exsvlrb01.hq.netapp.com ([10.56.8.62]) by svlexc03.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.0); Fri, 21 Jul 2006 08:11:33 -0700
Received: from exnane01.hq.netapp.com ([10.97.0.61]) by exsvlrb01.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 21 Jul 2006 08:11:33 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Date: Fri, 21 Jul 2006 11:10:04 -0400
Message-ID: <C98692FD98048C41885E0B0FACD9DFB8023DF6B9@exnane01.hq.netapp.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Thread-Index: AcasT9Q9WONKK24NQ/WTgmfTtfSh/gAHBWVQ
From: "Noveck, Dave" <Dave.Noveck@netapp.com>
To: Sam Falkner <Sam.Falkner@Sun.COM>
X-OriginalArrivalTime: 21 Jul 2006 15:11:33.0056 (UTC) FILETIME=[F38B0C00:01C6ACD7]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 789c141a303c09204b537a4078e2a63f
Cc: Lisa Week <Lisa.Week@Sun.COM>, nfsv4@ietf.org, "J. Bruce Fields" <bfields@fieldses.org>, nfs@lists.sourceforge.net, Spencer Shepler <spencer.shepler@Sun.COM>, "Pawlowski, Brian" <beepy@netapp.com>, Andreas Gruenbacher <agruen@suse.de>
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Errors-To: nfsv4-bounces@ietf.org
> The current ACL spec, in the minorversion1 draft and in the previous > ACL drafts, rigorously specifies mode/ACL interactions by specifying > algorithms. Bruce had the comment that the spec read as though the > algorithm was mandatory. That was my reading. Was that the intention or not? > Rethinking, it would be preferable to have the ACL specification > specify requirements, and have the algorithms serve as examples. I think the requirements that the algorithms are intended to address, would be helpful in understanding, whether the algorithms are examples or are mandatory. > Or, > rewrite the sections as requirements, and release algorithms outside > the minorversion1 draft, possibly through one or more informational > RFCs. This would shorten the minorversion1 draft, without > invalidating the existing semantics. I think this would complicate understanding and review. Even if the algorithms are examples and not mandatory, I would imagine they would be helpful in understanding the requirements and their implications, and if they are helpful, they should be in the spec, with an indication that they are illustrative and not mandatory. > We'll try to have an initial draft of the ACL parts of the > minorversion1 document on August 7. I'll also add an issue to nfs4- > editor.org. Here's a couple of other things I've noted that you might consider while working in this area: There is statement about not using additional mode bits beyond the ones defined but there is a "MUST NOT" addressed to the world in general. I think the mandate should be for the server. It MUST NOT return other bits on GETATTR and MUST return NFS4ERR_INVAL if other bits are set on SETATTR or CREATE/OPEN-create. The client is free to use whatever bits he wants. He is not disobeying the protocol but he will get NFS4ERR_INVAL. I don't see the point of allowing multiple behaviors in the case in which both MODE and ACL are set. Rather than rell the client how to deal with all possible server behaviors, consider mandating the order in which a SETATTR/CREATE with both MODE and ACL will be processed by the server. I think that would make life simpler for everybody. The server knows what order he should do these in and the client knows which order the changes will be done in. -----Original Message----- From: Sam Falkner [mailto:Sam.Falkner@Sun.COM] Sent: Thursday, July 20, 2006 6:57 PM To: Noveck, Dave Cc: Lisa Week; nfsv4@ietf.org; J. Bruce Fields; nfs@lists.sourceforge.net; Spencer Shepler; Pawlowski, Brian; Andreas Gruenbacher Subject: Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready On Jul 18, 2006, at 7:48 PM, Noveck, Dave wrote: > It seems like this is what most users would want. It doesn't seem to > match what is specified in section 3.16.6.3 of draft-03. That says > the acl is modified when you change the mode. Right -- see below... > What does solaris do if you do a chmod specifying a numeric mode > whose value is the same as would be set by doing a chomod +s? Does > that change the ACL? Sorry, I misunderstood your earlier question -- I was testing against POSIX-draft ACLs, and not NFSv4 ACLs. In the case of NFSv4 ACLs (on ZFS), it does change the ACL, whether you use "+s" or "4xxx". In my test, it added a mask ACE for the supplemental user I had added before, even though the mask didn't really mask anything in this case. As you pointed out, chmod doesn't necessarily have to modify the ACL to set the setuid bit in the mode, unless the mode requires changes to the ACL for POSIX conformance. The mode might require changing the ACL more times than is obvious, but the ACL specification shouldn't require unnecessary changes to the ACL... Here's an idea. It's not an original idea, it's one that Bruce proposed last April, and unfortunately his comments went unanswered (mea culpa). The current ACL spec, in the minorversion1 draft and in the previous ACL drafts, rigorously specifies mode/ACL interactions by specifying algorithms. Bruce had the comment that the spec read as though the algorithm was mandatory. Rethinking, it would be preferable to have the ACL specification specify requirements, and have the algorithms serve as examples. Or, rewrite the sections as requirements, and release algorithms outside the minorversion1 draft, possibly through one or more informational RFCs. This would shorten the minorversion1 draft, without invalidating the existing semantics. We'll try to have an initial draft of the ACL parts of the minorversion1 document on August 7. I'll also add an issue to nfs4- editor.org. - Sam (Read on if you're interested in implications.) This would make it possible to craft different algorithms that can still meet the ACL spec in minorversion1. Take this example single- ACE ACL as a starting point: EVERYONE@:read_data/execute::ALLOW and a starting mode of 0555. given a setattr of mode 4555 and no ACL, the new mode MUST become 4555, and the resulting ACL could legally be any of the following: (current algorithm) EVERYONE@:::ALLOW OWNER@:write_data/append_data::DENY OWNER@:read_data/write_xattr/execute/write_attributes/write_acl/ write_owner::ALLOW GROUP@:write_data/append_data::DENY GROUP@:read_data/execute::ALLOW EVERYONE@:write_data/append_data/write_xattr/write_attributes/ write_acl/write_owner::DENY EVERYONE@:read_data/read_xattr/execute/read_attributes/read_acl/ synchronize::ALLOW or (simple ALLOW-only-when-possible algorithm) OWNER@:read_data/execute::ALLOW GROUP@:read_data/execute::ALLOW EVERYONE@:read_data/execute::ALLOW or (unchanged -- this algorithm is smart enough to see that no change was necessary) EVERYONE@:read_data/execute::ALLOW _______________________________________________ nfsv4 mailing list nfsv4@ietf.org https://www1.ietf.org/mailman/listinfo/nfsv4
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Lisa Week
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… J. Bruce Fields
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Spencer Shepler
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… J. Bruce Fields
- RE: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… Noveck, Dave
- Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… J. Bruce Fields
- RE: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… Yoder, Alan
- Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… J. Bruce Fields
- RE: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… Yoder, Alan
- Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… J. Bruce Fields
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… J. Bruce Fields
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… J. Bruce Fields
- Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner