[nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4

Chris Inacio <inacio@cert.org> Wed, 24 July 2024 19:37 UTC

Return-Path: <inacio@cert.org>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BD5DC14F71B for <nfsv4@ietfa.amsl.com>; Wed, 24 Jul 2024 12:37:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zTsiL88Z8lua for <nfsv4@ietfa.amsl.com>; Wed, 24 Jul 2024 12:37:08 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0057.outbound.protection.office365.us [23.103.208.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A6FCC14F706 for <nfsv4@ietf.org>; Wed, 24 Jul 2024 12:37:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=tMum26Hp2s0qIWO7kHub8U9h/If1OzoxEUhsW8juxcYY8scxfCtBoSuUyUgVsy5OBF6DoD4ucgrAeJpoH/fGNlsy7p3iOTY9NnqBELsRaQJBY7c8/braepWTOfOVMfWQlRDyQpy/iYPQJfpXfpVKV2ae3q0om/fyJLAhhaCo1kSuA3201OW6akbKKzfWgP/EQDxHgBvSI9XurMNgOVQA8rq3v9tjbeDPvmMpxauh+oQFEPvHFn0qCO4ZoKL4sQ8Lybgz+SzqFQ0cqV+ytiUqcEzeJf5GkE6eRfnhz1PWmzTPtkTNOHb07Hqzgxrc834UR2mPYWY09OCK6ZOltd7gGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IJQZyL8vCLyVJorvwBZMp920S5Rm0S2NR2TlDYMtAUQ=; b=J2mMW0PSwGKIkpLrswJCmzQm8lwPUMtqNJVPJYVVKhr7mco1qjKeALVkz6F1mtDuInM4dO/hAY7zh0PH9iljizpehZLOMHyMDd8egOwpICA4vrMs2jS5PHzkYl7sIKQloKYKt7W++OCG9OLPNyhlSRAs8qwARGoVEg7vcqmCNm6L7ywBZafW/8ft8Gk3XSK2mXkUMwKtfF0WBDtnOXxZZ3i503MzO6meM10MuJe+jcC7KsHADfTLaLcTvtBT2gHsWtZ60ujWdmEUXMGPnN3qvd9aiZbhTMbiwEMDlfn/U1bRTtpZLkdTNAgOVkwA0UEtC5tF3rSLQd2P6TycjmageA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IJQZyL8vCLyVJorvwBZMp920S5Rm0S2NR2TlDYMtAUQ=; b=aPa75eP2435/PpthnMeg4cxvty8LwhaJyiv/b3bn94v3uC+g0LYNpej1lSDUuHSODT/ENReCFyxR1sV0fJ/27n2kxE7SIoC16mlKiKMCO3EXbsFngXaFC1+xI2fp7UgTbj9gNpWKWwj6+w2vGc/Jbd2sPYHN/Cq5OJxWFF0Jfko=
Received: from SA1P110MB0975.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:172::5) by SA1P110MB1072.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:170::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.20; Wed, 24 Jul 2024 19:37:05 +0000
Received: from SA1P110MB0975.NAMP110.PROD.OUTLOOK.COM ([fe80::8aff:57ad:83e3:4567]) by SA1P110MB0975.NAMP110.PROD.OUTLOOK.COM ([fe80::8aff:57ad:83e3:4567%7]) with mapi id 15.20.7784.017; Wed, 24 Jul 2024 19:37:05 +0000
From: Chris Inacio <inacio@cert.org>
To: Chuck Lever III <chuck.lever@oracle.com>
Thread-Topic: [nfsv4] Our different approaches to draft POSIX ACL support in NFSv4
Thread-Index: AQHa3doYhCA9qeJOrUWLiTYshzp/2bIGRfgA
Date: Wed, 24 Jul 2024 19:37:05 +0000
Message-ID: <46897779-93DF-4A33-90A7-94AD55CD76E1@cert.org>
References: <CADaq8jdvZ5pcFNN5zjuVHLTO30v9=2kYKzFdRxxbkTmHYZdTdA@mail.gmail.com> <CAM5tNy7Fw954gCzYHCTjRg7th_njSHhxznni48Zz4xsSXT631A@mail.gmail.com> <53DAEF45-2A4D-4066-97C2-7B09018DE99B@oracle.com> <CAM5tNy6a4ZG90i2ugXzuPqQ1zrsK9m8jLRKmv9VpnFG6m_Pqew@mail.gmail.com> <DD250FBD-A434-4294-818A-5728757CE032@oracle.com> <d1c538065728c17df66a6f9e79e55d90849fc866.camel@gmail.com> <D352FEB9-A487-4B3E-9BC8-DB2C1896F941@oracle.com> <8efc39289ecef97624622cfc431f890736b579a0.camel@hammerspace.com> <33FA1D6E-73B3-43A1-B65C-D806156E39A5@oracle.com> <cf8a48e517210512755455dd78352ae5b64f7949.camel@hammerspace.com> <449AF448-1471-47CD-B5C5-3A3A5FB9FB12@oracle.com> <2e32694382df3e70a93edcf40434a41729031e55.camel@hammerspace.com> <83c39a7b12c05b0f1a0fa6e069b08e399864277a.camel@hammerspace.com> <CADaq8jfw1FVH3dxOEJAZLrw_S5y2F6eaGkcfpha4X8BBNWgRSQ@mail.gmail.com> <6903782a95875541489844e33541114f0bf01acb.camel@hammerspace.com> <CADaq8jdFYo_DtRxS3h17dyQSFqXeoR60OjsjMM=o35HDg8ZnNg@mail.gmail.com> <111D8D84-CFA9-4823-A5FD-A7B58045356C@oracle.com>
In-Reply-To: <111D8D84-CFA9-4823-A5FD-A7B58045356C@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.600.62)
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1P110MB0975:EE_|SA1P110MB1072:EE_
x-ms-office365-filtering-correlation-id: 535603d9-0348-475a-8aed-08dcac17ff9c
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|41320700013|38070700018;
x-microsoft-antispam-message-info: XqHddXUFRjoSP48FI7yiLcnx7WnLfW1cXIbS5+ZZvTG7PqfJQKtGHHzhvsf1DKOwxH7VQ1goTeUTL7ZjXtMhihTx6JhWwpW5INHypa7/ej1UaWCDMTAR5t56/1PqKD2t9vDrCTwfEhT9YBA6kdIijpZwpPdHIagwHn/jUTF7L/4eoKhuJuQhpmX5pqjOivP/AcMjxVJ5H1a+t2OTu/NqSsXbkFl12SJXtKTV0CxoAnQleBZ9C4bvtzhuF/IAeK+ZkoSF9fuT+t+jBillBsFaPwNpwKoc3SbTnzonMWKxKacP0h+bCu1Iyh/vO+KxIwVY5RvLocpHGoiW/XVUOL9GtBuGjfIYQe9ToG7lxgT/cGbHxud6DoC7P9sK3lmvCetiaoa6LOBZNcgkvIQryYi5l8lwQMxHLAMMm64rOwfRqtQCPf1Ay4TbyszR3bJbWNRid9Fn8xQSQzJEn6kFCF7toDheYn4V+W9ZR566uLcH3/LwLC3ExAhKi9Gmabfo/9lOsmN4lrTM2OFNY0pBCD93hu6gMt2myz1NU03tI20ytmH8CBoem3PYTblbYpzjI7XdPjKg85P06uXr8pY0Nho6hhmAjq2JssHCHkBG2v7+yl1R4talOEjLw8D9mf299niWdmsJi27O/fXL0zkF1QHPiqsLrq7qDYb3xJHrSHjpOx+cxveA8vGMUjE3b3Hr6dkgE5uHPyui7RRaE1uo3HLdGVMCAtpoZpWjEn6N9WvQSR5l/SyY+xhSasX2neXzuTfVez59RfY1IRzPPaPHdVG7Zg2fc9MaHo+p4A3tES02OKnMGz18GsnbTeFlf6DOwB9VP0OhJfjp2gnbC8ucC9ECdN2Q5vQJTGn7/K5HjRdjHC7lnhnYii6rhagudLwGQRXip/OHR2FTB8SlxmiqnQouG/I2ezKpt6KEkmAyyrOb1HWf0HrppQXZHPIZEyPI1Dz3FmRvNzphz9DcC9l688WNBO+OY7o2HLyLUKfQEx82Beb/Rj1Klgw/Z2gS7cjDhfDo2YHMWFtoDxGWrbHR1oasaRyGwBll5Jj0APkxF7HZ6+ecUXoYk5N+s8GL8AHcn4joPG7g0ezHpNDEiGbn3Wk/NEtNBxvbClr3UaXODfUihX8oFQvhKgHoDSy6082vAQAvfb5tGAGkEYRFSZZCWfiwFy9WQlxz7VZ8ARjLamFFRVU9RZ2AG+FXn5dYd8eqeJr+3F+ccRrrJel4Atq8+tTuexxGnGjQZBwae9UovG4BDoaeu8i+tMSNdsi7Ri7Uy/e8+PPY55ImI4OFPe88n7MObHw2xzgQn6ILUN678coo3PWlRxHj8WRQmGkYU/wh/xD+LdZ7ZHgDE8hbrRm8VAwovzkOPpI+aAjbQe1ZmlK+3fglBbztbKRDtdRaOwBAGSf30Wcq/j9RDePTrV96MjOW3A==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1P110MB0975.NAMP110.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(41320700013)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: vNx4Ik3YipRPms4sHzXuyVU0XvLBZgPxzRDf9H3G6+wdmwR3wm3yiluP4C8iAw2AJ0jDx7jPQJpE285jHKIHlEMjsheM3h8b5xDkWIu5cvTCjdmIXzG0ycZvgi49p0jXzaHSRBsw7ztrfLiSLjeUZ/1EYRdcZ6/WiVNL1D4pHvnz+zpFBQ3+Pk7zBH4damdkSoQVf8Y8O5UKIv9EMW36Bx+0Ny8PjlyQuhWkHGELcht//DC3cKU0iGCXhpV4vIDJdIDxUiIu1yFjH7Ndsg30SefQGEoRiPOD63iH/QJNtG7JEWfXl9UaVfjQjKVdpYasy0ksP38tgI8VqBIKz2W+MJxQE1FO+vIADi4UyIxSGx/FqG9rRcvN1jHhwItbYK+ZAPc4Oy8/ybNRNDhRrOutbqKg7og37thNlAzSjt0LjbMswutQ035IugoARgnrR1fEmg3dDAAdOU0lHd/ZIi/bEydZCQRN7TGHI3i6Br5WfK+DgsAFFk7N6CK75yRhajbQrGtRGaMzhMzMkGLsMc1SzeDVYwsz32k8vZkZ7FWtvN/0dm0UrHKZ5MzwRK76bZVt+aLW631rhEBPs6R/pTpx5yFB3SMDytudJ1+ST79osTzep6TCsTux1f68HkFtUoKDDS3U9g1AX0OYbxR6QwrJos1Y8VrzrN7/0Fhigq2kHrWr9QYLpqVuUoBe3BZSscLvfJJhrhJmPvx/n+fFbKHZQE0eV9mHm8kHxjsIHSQ3f7kWsVbfyGDaU3sBq17uGA2ytyd4ZBwyjG29JrpqecbkJS10wZ0y4cz9m9UXTNgDUK8fjGQKrD60RGB0o6aW4lmrPp8BvTCDAL1wzTGD8WzeqzCHczfw3AVds3hh4We14xTYrPiGtzTnYqukgzELeBGKdzwSYkGHwDayfTRDnGQtzNTCsltod+9EYfqkuZWQiIlluoJuLwkd5hyFpy/Z+z5K1JnYOSk6WGl9sjhvOZvf5h8Tj8tZpucKiLKRW5J+CZ6z3qkDMqf3P+EZAozuSvscgACCZLZMuMspEmbOAYvDV8WknJaTekV6VRqgYq57bqesF1uqoccuz+lVc8g4+9WOjiWg9l130GLybCq5yBJvnSrAWMT50onidrabjgT66CCCkM0YbBm8gowDqH45PpbyUk65R2sxtKGW0dUSlyba/B33LHdYoY7V6HepiKyNNk/LneijeIphUMlzbuEBe9XxYnDUnIM5zEBL+J9UnjWuvyg52S4+ZshksmikinbPd8seTUpk0V63B4jaZH+c7TvvzRhAPp5I/2UCGX5xvzRRhAOYRvt/7t3kQxeupbt7RQR5+tLNlmqYRzXnZ/m0GK0jl+05IKBJ30ijvaOzsJ9e+lEPQJuK92yX5gQ2raIvFU7oAzveStWIgbWW94QU7nVqikGMNlSTps2/d7rtnIo+WNIlUNXaI1n8iHCkSmksVhzgfA7g65AOXd5juEBzG0MLJQOn+Cr+91vfrv4EHgDr6u1/rYO5WyPkRL4ZPVbeOGXMNU4IhEmW9GeQfkqG+vzS
Content-Type: text/plain; charset="utf-8"
Content-ID: <DBB709BA9CA74841B3E25AC7855E932E@NAMP110.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1P110MB0975.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 535603d9-0348-475a-8aed-08dcac17ff9c
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2024 19:37:05.1886 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1P110MB1072
Message-ID-Hash: FV75IHXKB65FGZV2DX3TBH7PPXJNRYXU
X-Message-ID-Hash: FV75IHXKB65FGZV2DX3TBH7PPXJNRYXU
X-MailFrom: inacio@cert.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Trond Myklebust <trondmy@hammerspace.com>, Bruce Fields <bfields@fieldses.org>, "nfsv4@ietf.org" <nfsv4@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/EP1PpOZNKbsnbFz177ENaoMEKbI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>

I’ll be consulting with IETF legal this afternoon on how to do this.  In the most general case, the IETF participation rules put the onerous on the IP owner to make a declaration.  After a declaration is made, then the WG can know what that declaration covers.

Again, I’ll be consulting the IETF lawyers this afternoon to get guidance on this.


> On Jul 24, 2024, at 7:59 AM, Chuck Lever III <chuck.lever@oracle.com> wrote:
> 
> Warning: External Sender - do not click links or open attachments unless you recognize the sender and know the content is safe.
> 
> 
> Hi -
> 
>> On Jul 24, 2024, at 8:43 AM, David Noveck <davenoveck@gmail.com> wrote:
>> 
>> Rick has discussed the possibility of a v4.2 extension but using new attributes has not committed to writing it up.   I'm worried that he might lose interest given the possibility of IP horrors, but I really don't know. From my point of view, the weakness in Rick's approach is that it does not address migration and coexistence issues.  I think that is essential given the history here but many files with ACLs exist on file systems and I think it's important to address the issues of how the existing model and a new one will interact.
> 
> Hence my concern about how POSIX ACLs might appear to clients
> that access them via NFSv3's NFSACL versus how they might
> appear to clients that access them via a putative NFSv4 POSIX
> ACL facility. NFSv3 remains a widely-deployed protocol and I
> believe users would be surprised if there were compatibility
> issues.
> 
> If there are no issues here, great! If there are, IMO new
> documents should help implementers and users understand and
> cope with any differences.
> 
> Given that you believe "it's important to address the issues
> of how the existing model and the new one interact" I hope
> you will provide some guidance in this area in acls-0? or
> follow-on documents. :-)
> 
> 
> --
> Chuck Lever
> 
>