IETF Logo Mail Archive

Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready

"J. Bruce Fields" <bfields@fieldses.org> Tue, 11 July 2006 13:46 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G0IZU-0003gD-Ft; Tue, 11 Jul 2006 09:46:40 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G0IZT-0003fr-AR for nfsv4@ietf.org; Tue, 11 Jul 2006 09:46:39 -0400
Received: from mail.fieldses.org ([66.93.2.214] helo=pickle.fieldses.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G0IZS-0008GO-1b for nfsv4@ietf.org; Tue, 11 Jul 2006 09:46:39 -0400
Received: from bfields by pickle.fieldses.org with local (Exim 4.62) (envelope-from <bfields@fieldses.org>) id 1G0IZP-0003Io-D7; Tue, 11 Jul 2006 09:46:35 -0400
Date: Tue, 11 Jul 2006 09:46:35 -0400
To: Sam Falkner <Sam.Falkner@Sun.COM>
Subject: Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Message-ID: <20060711134635.GA11586@fieldses.org>
References: <200607032310.15252.agruen@suse.de> <200607110215.53496.agruen@suse.de> <3E4B637E-57AC-4E2B-A2C8-EDCFF35A5D84@Sun.COM> <200607111005.22200.agruen@suse.de> <67359DB9-6E3E-49E7-A8F6-3FB34DCC3440@Sun.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <67359DB9-6E3E-49E7-A8F6-3FB34DCC3440@Sun.COM>
User-Agent: Mutt/1.5.11+cvs20060403
From: "J. Bruce Fields" <bfields@fieldses.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 93238566e09e6e262849b4f805833007
Cc: Lisa Week <Lisa.Week@Sun.COM>, nfsv4@ietf.org, nfs@lists.sourceforge.net, Spencer Shepler <spencer.shepler@Sun.COM>, Brian Pawlowski <beepy@netapp.com>, Andreas Gruenbacher <agruen@suse.de>
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Errors-To: nfsv4-bounces@ietf.org

On Tue, Jul 11, 2006 at 08:29:21AM -0400, Sam Falkner wrote:
> That's not how Solaris works either.  Sorry, I should have explained  
> it better.  In Solaris using POSIX-draft ACLs, chmod() changes both  
> the group permissions and the mask, simultaneously.  I now understand  
> why you were hesitant to have chmod affect the group permissions, but  
> having it affect both mask and group solves both problems.

I think you're missing the point of his example.  The point is that a
chmod-using application may expect the sequence chmod(600) chmod(664) on
a file with mode 664 to be a no-op.

But if chmod() changes both group and mask bits ("owning group" and
"group file class" bits) then this sequence isn't a no-op any more in
his example.  It gives GROUP@ write permissions.

So Andreas is trying to ensure the property that any sequence of chmod's
that leaves the mode bits the same also leaves the ACL the same.  I
agree that that's a nice property.

What I'm not convinced of yet is that this is really worth caring about
much.  Is this common application behavior?  Have there been complaints
about this from people using Solaris's ACLs?

--b.

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email