IETF Logo Mail Archive

RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready

"Noveck, Dave" <Dave.Noveck@netapp.com> Sun, 16 July 2006 13:11 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G26Ok-0001uq-IK; Sun, 16 Jul 2006 09:11:02 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G26Ok-0001ul-4O for nfsv4@ietf.org; Sun, 16 Jul 2006 09:11:02 -0400
Received: from mx2.netapp.com ([216.240.18.37]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G26Oi-0002zc-Qa for nfsv4@ietf.org; Sun, 16 Jul 2006 09:11:02 -0400
Received: from smtp2.corp.netapp.com ([10.57.159.114]) by mx2.netapp.com with ESMTP; 16 Jul 2006 06:11:00 -0700
X-IronPort-AV: i="4.06,247,1149490800"; d="scan'208"; a="393332618:sNHT21563760"
Received: from svlexc03.hq.netapp.com (svlexc03.corp.netapp.com [10.57.156.149]) by smtp2.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id k6GDAleC022642; Sun, 16 Jul 2006 06:10:47 -0700 (PDT)
Received: from exsvlrb01.hq.netapp.com ([10.56.8.62]) by svlexc03.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.0); Sun, 16 Jul 2006 06:10:46 -0700
Received: from exnane01.hq.netapp.com ([10.97.0.61]) by exsvlrb01.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 16 Jul 2006 06:10:45 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Date: Sun, 16 Jul 2006 09:10:43 -0400
Message-ID: <C98692FD98048C41885E0B0FACD9DFB8029EFB06@exnane01.hq.netapp.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Thread-Index: AcaoFoXLO1mBXLrVTvOnjxgaYifklgAwlXXg
From: "Noveck, Dave" <Dave.Noveck@netapp.com>
To: Sam Falkner <Sam.Falkner@Sun.COM>, "J. Bruce Fields" <bfields@fieldses.org>
X-OriginalArrivalTime: 16 Jul 2006 13:10:46.0242 (UTC) FILETIME=[400A3C20:01C6A8D9]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e8a67952aa972b528dd04570d58ad8fe
Cc: Lisa Week <Lisa.Week@Sun.COM>, nfsv4@ietf.org, nfs@lists.sourceforge.net, Spencer Shepler <spencer.shepler@Sun.COM>, Brian Pawlowski <beepy@netapp.com>, Andreas Gruenbacher <agruen@suse.de>
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Errors-To: nfsv4-bounces@ietf.org

What does Solaris do about chmod +s?  Does it modify the ACL? 

-----Original Message-----
From: Sam Falkner [mailto:Sam.Falkner@Sun.COM] 
Sent: Saturday, July 15, 2006 9:56 AM
To: J. Bruce Fields
Cc: Lisa Week; nfsv4@ietf.org; nfs@lists.sourceforge.net; Spencer
Shepler; Pawlowski, Brian; Andreas Gruenbacher
Subject: Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /
mask,draft-ietf-nfsv4-acls-00 not ready

On Jul 11, 2006, at 9:46 AM, J. Bruce Fields wrote:

> On Tue, Jul 11, 2006 at 08:29:21AM -0400, Sam Falkner wrote:
>> That's not how Solaris works either.  Sorry, I should have explained 
>> it better.  In Solaris using POSIX-draft ACLs, chmod() changes both 
>> the group permissions and the mask, simultaneously.  I now understand

>> why you were hesitant to have chmod affect the group permissions, but

>> having it affect both mask and group solves both problems.
>
> I think you're missing the point of his example.  The point is that a 
> chmod-using application may expect the sequence chmod(600) chmod
> (664) on
> a file with mode 664 to be a no-op.
>
> But if chmod() changes both group and mask bits ("owning group" and 
> "group file class" bits) then this sequence isn't a no-op any more in 
> his example.  It gives GROUP@ write permissions.

Okay, understood.

> So Andreas is trying to ensure the property that any sequence of 
> chmod's that leaves the mode bits the same also leaves the ACL the 
> same.  I agree that that's a nice property.

Perhaps, but I think having chmod unable to set the mode to be a much
more undesirable property, to put it mildly.

> What I'm not convinced of yet is that this is really worth caring 
> about much.  Is this common application behavior?  Have there been 
> complaints about this from people using Solaris's ACLs?

I did some more research, and found that the Solaris chmod() system call
does pretty much what Linux does -- the group permissions of
chmod() affect the mask, not the group permission bits.  Originally, the
chmod command did the chmod() system call, and not much else.

There were many complaints about this.  So many that the chmod command
line was changed to do the chmod() system call, and then, in the
presence of an ACL, fix the permission bits.  In other words, the bug
was fixed.

I have found no complaints about the current Solaris behavior, where
chmod affects group permissions.

- Sam

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email