IETF Logo Mail Archive

Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready

"J. Bruce Fields" <bfields@fieldses.org> Fri, 14 July 2006 18:44 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1Se3-0001Qh-Qd; Fri, 14 Jul 2006 14:44:11 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1Se2-0001OX-B8 for nfsv4@ietf.org; Fri, 14 Jul 2006 14:44:10 -0400
Received: from mail.fieldses.org ([66.93.2.214] helo=pickle.fieldses.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G1Se1-0008Nk-0g for nfsv4@ietf.org; Fri, 14 Jul 2006 14:44:10 -0400
Received: from bfields by pickle.fieldses.org with local (Exim 4.62) (envelope-from <bfields@fieldses.org>) id 1G1Sdz-0000Ua-UI; Fri, 14 Jul 2006 14:44:07 -0400
Date: Fri, 14 Jul 2006 14:44:07 -0400
To: wurzl_mario@emc.com
Subject: Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Message-ID: <20060714184407.GH20999@fieldses.org>
References: <20060714175930.GD20999@fieldses.org> <75852864BAD9684FBF5DCF4289DE4076014CD118@CORPUSMX30B.corp.emc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <75852864BAD9684FBF5DCF4289DE4076014CD118@CORPUSMX30B.corp.emc.com>
User-Agent: Mutt/1.5.11+cvs20060403
From: "J. Bruce Fields" <bfields@fieldses.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Cc: Sam.Falkner@sun.com, nfsv4@ietf.org
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Errors-To: nfsv4-bounces@ietf.org

On Fri, Jul 14, 2006 at 02:38:41PM -0400, wurzl_mario@emc.com wrote:
> >> -----Original Message-----
> >> From: J. Bruce Fields [mailto:bfields@fieldses.org] 
> >> Sent: Friday, July 14, 2006 14:00
> >> To: nfsv4@ietf.org
> >> Cc: Sam Falkner; nfs@lists.sourceforge.net; Spencer Shepler; 
> >> Brian Pawlowski
> >> Subject: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interaction / 
> >> mask,draft-ietf-nfsv4-acls-00 not ready
> >> 
> >> 
> >> For a client that doesn't support the new attributes, a 
> >> server can apply
> >> the mask attributes to the ACL before returning it.  I suppose a
> >> multi-protocol server would do the same for CIFS clients.
> >> 
> Since CIFS does not understand the semantics of permission mask, does
> the server enforce the mask when the access for the data comes from
> a CIFS client ?

Yes, it does.  But it also only ever shows CIFS clients a version of the
ACL with the mask already applied, so CIFS clients see no inconcistency.
(In other words, if there's an "ALLOW bfields READ+WRITE" ACE, but the
relevant mask only allows READ, then the CIFS client will see a version
of the ACL where that ACE only allows READ.)

See any reason why that won't work?

--b.

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email