IETF Logo Mail Archive

Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready

"J. Bruce Fields" <bfields@fieldses.org> Tue, 11 July 2006 00:28 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G0674-0007wp-2r; Mon, 10 Jul 2006 20:28:30 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G0673-0007wk-2P for nfsv4@ietf.org; Mon, 10 Jul 2006 20:28:29 -0400
Received: from mail.fieldses.org ([66.93.2.214] helo=pickle.fieldses.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G0671-0002hV-Pg for nfsv4@ietf.org; Mon, 10 Jul 2006 20:28:29 -0400
Received: from bfields by pickle.fieldses.org with local (Exim 4.62) (envelope-from <bfields@fieldses.org>) id 1G0670-0000vG-AN; Mon, 10 Jul 2006 20:28:26 -0400
Date: Mon, 10 Jul 2006 20:28:26 -0400
To: Andreas Gruenbacher <agruen@suse.de>
Subject: Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Message-ID: <20060711002826.GB1440@fieldses.org>
References: <200607032310.15252.agruen@suse.de> <B0F5507F-A317-44F7-B6A3-A5005542A631@Sun.COM> <20060710141541.GA978@fieldses.org> <200607110201.43319.agruen@suse.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <200607110201.43319.agruen@suse.de>
User-Agent: Mutt/1.5.11+cvs20060403
From: "J. Bruce Fields" <bfields@fieldses.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
Cc: Lisa Week <Lisa.Week@sun.com>, nfsv4@ietf.org, Sam Falkner <Sam.Falkner@sun.com>, nfs@lists.sourceforge.net, Spencer Shepler <spencer.shepler@sun.com>, Brian Pawlowski <beepy@netapp.com>
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Errors-To: nfsv4-bounces@ietf.org

On Tue, Jul 11, 2006 at 02:01:42AM +0200, Andreas Gruenbacher wrote:
> The issue is that you sometimes want to give the owning group fewer perissions 
> than say, user:bfields in the above example. You can only do that by 
> separating the owning group and mask permissions.
> 
> For this aspect of the problem (actually for all aspects except for those that 
> the DENY entries cause because they are sometimes difficult or impossible to 
> uniquely tell from other "ordinary" entries) it is totally irrelevant whether 
> the mask is represented as a mask:: acl entry as in POSIX ACLs, as a series 
> of DENY ACL entries, or as NFSv4 attributes.
> 
> (POSIX ACLs only need one mask entry because they can never grant more than 
> rwx permissions anyway, and so the owner and other permissions are always 
> identical to the owner and other file mode permission bits. That's no longer 
> true with POSIX ACLs, and so there we also need mask entries for the owner 
> and for others.)

So you need this if and only if you want to be able to set OWNER@
permissions other than read, write, or execute, *and* want to be able to
recover from a chmod?

The argument for the reversibility of chmod seems a lot stronger when
the information that could be lost is a long list of users and
permissions than when it's just a few bits for the owner.

--b.

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email