[nfsv4] RFC: atomically acquiring some attributes for the posix-acls extension

Rick Macklem <rick.macklem@gmail.com> Thu, 08 August 2024 20:14 UTC

Return-Path: <rick.macklem@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74294C14F61A for <nfsv4@ietfa.amsl.com>; Thu, 8 Aug 2024 13:14:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z1OowHTlmo3Z for <nfsv4@ietfa.amsl.com>; Thu, 8 Aug 2024 13:14:54 -0700 (PDT)
Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DBB4C14F603 for <nfsv4@ietf.org>; Thu, 8 Aug 2024 13:14:54 -0700 (PDT)
Received: by mail-pf1-x42d.google.com with SMTP id d2e1a72fcca58-70d1a74a43bso1181646b3a.1 for <nfsv4@ietf.org>; Thu, 08 Aug 2024 13:14:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723148093; x=1723752893; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Rp3pDzMVuTBe01TXJLZE8Fnzh8Al6qkS/cTtFHxj+/Y=; b=HmrAcgWGj4gn1IqMWDjG661uEZpZfAIACkXHY0yH0yfjnD3CSGXMPp7RPQ4RvSQu0g zo0fb1iQpM3k9gRmALiRKBRWuyz9nnxC7kbituTxkbUr9N6utsuUWhOprlqX8/pcgoHq YovesGRhtbtc2FXLFDJkN5e1rpgzAMsY7gosvlPP+VExIP3SRKbsF9+sZ4iRsZhtNeDG r+Zye/fgbBUYnl4vpoLukXeuT01KeoTo4r4AcgeXpZSX0e0vFMElDImdBvmR1swGxX4y 3I9EVRveMfC6SKKXpQRYD4EDUkzm7Cr5rym7ADnr5beIpufzRZM2fveYmQ/zq9iziKxW B9yA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723148093; x=1723752893; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Rp3pDzMVuTBe01TXJLZE8Fnzh8Al6qkS/cTtFHxj+/Y=; b=cIUT/qKnMlXjE5X4vo7OEeXXnRVOhNXVubX5wd+GpoKCFQCn3lw3ncl+xS6nztuCVG K3j5eVc7qqedjLXnXxxz3SRM/0n71PXBXxIpZimGaoaObE7PpWOQhK8qorvTHaMgukNB phYl5R7+3/SfB7CAyh+q8K4ERpSA4eivPREqLBMH8SZqCf1O1hQwKKp6xuR7ej2sQKYL s0A2SrqUf+7Xd/0zUJD1U7HuH8QZiOW0iDvHlEpOxq/eS2muMsXqEnM0ul2J4IbUpVP2 aLyon2as/E1ftJGUxbiiSLbaVummBFc7zU5BOWJ4qcQseKfva8vTwIpdT5knVswwlcaK 9Oqw==
X-Gm-Message-State: AOJu0YzIQgq0Y3C0PeHpTAldwUKW7WYfpPTVPc0W+mYYtyvuKo4g/8Hr 7wFJois/Qz5aVhl+uc/88bgWnpscUtWwYkneK07W62uKfo29CWCpj+ERtgdy7Pjz1/fkdYbh5QK RgOStZozqigrMh07XfRy14m6+GW9J
X-Google-Smtp-Source: AGHT+IG0aCew7VNYBs6fxS1V9LWgB3CT2PV5OhiFheTdxOJGadfDYi/cHidMDHQLptp/KzG5jWDe70NI23lc9jKMVe0=
X-Received: by 2002:a05:6a00:1311:b0:705:b0c0:d7d7 with SMTP id d2e1a72fcca58-710cad6aaa9mr3004671b3a.7.1723148093178; Thu, 08 Aug 2024 13:14:53 -0700 (PDT)
MIME-Version: 1.0
From: Rick Macklem <rick.macklem@gmail.com>
Date: Thu, 08 Aug 2024 13:14:43 -0700
Message-ID: <CAM5tNy5OHG2qjtuZeuK2ZYtrKbrOq_wmYFwRHBcdm7PSH7s3qA@mail.gmail.com>
To: NFSv4 <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fd4af1061f31ad90"
Message-ID-Hash: QW2S5AO7OHGKR4BUBUSL6ZQE537DGKXF
X-Message-ID-Hash: QW2S5AO7OHGKR4BUBUSL6ZQE537DGKXF
X-MailFrom: rick.macklem@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nfsv4] RFC: atomically acquiring some attributes for the posix-acls extension
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/KnOi_UnBPy0h12kbOnKXeaRuTik>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>

Hi,

As some will already know, I am working on a draft that
proposes an extension to 4.2 related to POSIX ACLs which
adds 4 new attributes.

I have run into a case where specifying the GETATTR return
some ACL related attributes "atomically". By atomically, I
mean that no SETATTR by another client is permitted to change
any on the attributes during the GETATTR.

Some background:
true form - Is the kind of ACL stored on the file object and
            used for access permissions. A new attribute called
            acl_trueform indicates what the true form is.
            It can be ACL_MODEL_NFS4, ACL_MODEL_POSIX_DRAFT or
            ACL_MODEL_NONE.
posix_access_acl, posix_default_acl - New attributes for the POSIX
            access and default ACLs.

Now, assume a file system on a server supports all of the
acl, posix_access_acl, posix_default_acl and acl_trueform
attributes.

If a client does a:
GETATTR of acl, posix_access_acl, posix_default_acl and acl_trueform.
If this GETATTR is guaranteed to be "atomic" (as in no SETATTR is allowed
to change any of these attributes), then the reply gives the client
exactly what it needs.
--> The acl_trueform tells the client whether the acl attribute or
    posix_access_acl/posix_default_acl attributes are what is actually
    being stored for the file object and used for permission checking.

However, without the atomicity guarantee, a SETATTR of acl/posix_access_acl/
posix_default_acl done by another client could "gum up the works" and
result in a weird/inconsistent reply.

So, it requiring this atomicity guarantee for these attributes a
reasonable thing for the extension, if the server chooses to support
the extension?

Now, for SETATTR, it would be nice if a client could set a POSIX ACL,
but only if no NFSv4 ACL is already stored on the file object.
The following compound could "almost" do this:
    NVERIFY acl_trueform ACL_MODEL_NFS4
    SETATTR posix_access_acl
The "almost" is because there is no atomicity guarantee for operations
in compounds, but that will be my next email.

Thanks in advance for any opinions w.r.t. the GETATTR atomicity guarantee,
rick