[nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4

David Noveck <davenoveck@gmail.com> Fri, 26 July 2024 19:14 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF9BC151086 for <nfsv4@ietfa.amsl.com>; Fri, 26 Jul 2024 12:14:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5uzFJj2GknCE for <nfsv4@ietfa.amsl.com>; Fri, 26 Jul 2024 12:14:57 -0700 (PDT)
Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8515C14F69D for <nfsv4@ietf.org>; Fri, 26 Jul 2024 12:14:57 -0700 (PDT)
Received: by mail-qt1-x831.google.com with SMTP id d75a77b69052e-44fe106616eso5380561cf.1 for <nfsv4@ietf.org>; Fri, 26 Jul 2024 12:14:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722021296; x=1722626096; darn=ietf.org; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=KaM5y1uzxPJ577ZLoo2WRmXckB6PC+XYTD2/eylqVmo=; b=gUd5+rBgfiPsbSdbFthaBrDW3RG+WY6Y/6S7URXf/eicQsDFRUQP157V/RLhrYCcFd y19bOVWp32ZdXqCt/To26906vRUzyYmLQypTTXrQGN1t+QRU6E2nnfJCzMFtsajT3x9z SakrK1uZ5rND3I2oK3sn/RtUP6yHFIL0R5M3eS3txYn1ray6Evcl8K0NGaL3bTpq9AOy +r93wIuBVB6VoGtyRMOqAuuI8YESe5Te/dRAYDTPN+CXlA2bK6D7crbfBbfSBlYdAXF7 Ryogkj0otuMQ5EeRYicU1Rk6e37aPDvyoC/h4LMA6rIGYLTnRunX072PFLTaJbupApTA A7tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722021296; x=1722626096; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KaM5y1uzxPJ577ZLoo2WRmXckB6PC+XYTD2/eylqVmo=; b=eF4N1bSbrfrR3QADFttKRlEut3pTAbFEDxxNXtMj0oJaQlcTQqSe84m0KtVvI/GEhX f99+F+Y2DrPv+QM/2YkBV/vC7bUtAlu3WeDgtO5ZkZBz4oJ1qtED5C8ldk+X5EPE34Ox ftbfubCtp5liz3rHM7LdvxbQT6WL5lNo+qapPBeVm08MqBWeApdYQEpeeH7RZsNJCmxf l2nAtA9Hkv8HJEnam4xIyyjwbN6IpIwoPdNzgqxZdzOK07OAtr7IJnVKAtdPMAzrO1Ak idVozWbNwIwfYMW5wWxhbnDLuptaQh5vL6keOEU04Kw8LqHUaBkRSxLE4PH3153xQy9c tYtg==
X-Forwarded-Encrypted: i=1; AJvYcCUxkquzFwIXx4acN84OrBsQP2vb7FNRLnBFVI9HzBQ9A7CAU9wdjpvOY52acbbZDPjfXKuFoAe9oPVw1wRq2A==
X-Gm-Message-State: AOJu0YzD5PjNsCMLSSvhygeoZ3ECUb3Y2kicOmYz69Y8Ea4dDcn7sC7+ zxFQcO7/SGRGq/LvKjRIr+lMBYzVU7h7kZ0ezyYC1N3//+q+91ZDNatS1XnlmrWHOYPus/ccoVc 6Q3c7HC8Fs2wtzI45xnmVNrD3uQFNt0Zg
X-Google-Smtp-Source: AGHT+IEmV7J9xikvdj860XAm2venrgIxH0ClmQ6To5MTnQSQhJWSt0+cmC3EXwWq+nxiCfU6tOCdvjlEoYVQezk0dTQ=
X-Received: by 2002:a05:6214:1303:b0:6b5:e886:d8a9 with SMTP id 6a1803df08f44-6bb55a1692dmr10523586d6.29.1722021296494; Fri, 26 Jul 2024 12:14:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6214:2b0b:b0:6b5:7c7d:352c with HTTP; Fri, 26 Jul 2024 12:14:55 -0700 (PDT)
In-Reply-To: <CAM5tNy5Md1c=GLzuW8vrzJ1j0U+-x5VLD-kLUBvETv6x9uu_vw@mail.gmail.com>
References: <CADaq8jdvZ5pcFNN5zjuVHLTO30v9=2kYKzFdRxxbkTmHYZdTdA@mail.gmail.com> <CAM5tNy7Fw954gCzYHCTjRg7th_njSHhxznni48Zz4xsSXT631A@mail.gmail.com> <53DAEF45-2A4D-4066-97C2-7B09018DE99B@oracle.com> <CAM5tNy6a4ZG90i2ugXzuPqQ1zrsK9m8jLRKmv9VpnFG6m_Pqew@mail.gmail.com> <DD250FBD-A434-4294-818A-5728757CE032@oracle.com> <d1c538065728c17df66a6f9e79e55d90849fc866.camel@gmail.com> <D352FEB9-A487-4B3E-9BC8-DB2C1896F941@oracle.com> <8efc39289ecef97624622cfc431f890736b579a0.camel@hammerspace.com> <33FA1D6E-73B3-43A1-B65C-D806156E39A5@oracle.com> <cf8a48e517210512755455dd78352ae5b64f7949.camel@hammerspace.com> <449AF448-1471-47CD-B5C5-3A3A5FB9FB12@oracle.com> <2e32694382df3e70a93edcf40434a41729031e55.camel@hammerspace.com> <83c39a7b12c05b0f1a0fa6e069b08e399864277a.camel@hammerspace.com> <CADaq8jfw1FVH3dxOEJAZLrw_S5y2F6eaGkcfpha4X8BBNWgRSQ@mail.gmail.com> <6903782a95875541489844e33541114f0bf01acb.camel@hammerspace.com> <CADaq8jdFYo_DtRxS3h17dyQSFqXeoR60OjsjMM=o35HDg8ZnNg@mail.gmail.com> <855662e75c4433042fd9875c2c9c5d0244c929da.camel@hammerspace.com> <CADaq8jdZzqt-bXB4YsO=R2qpT9MNfwvSAJyBJng1qjGFTn2tbw@mail.gmail.com> <CAM5tNy5oVnyP66fzZsQXnNQcTYtpQaR59Q6io92F4LX74gPivQ@mail.gmail.com> <7FAE51A2-6E14-412F-8B0A-AC617AE4173B@oracle.com> <CADaq8je9VqYoe8StfezCNjYPD3-dGmbz-zNSO51RBmfzCPcgeA@mail.gmail.com> <CAM5tNy5Md1c=GLzuW8vrzJ1j0U+-x5VLD-kLUBvETv6x9uu_vw@mail.gmail.com>
From: David Noveck <davenoveck@gmail.com>
Date: Fri, 26 Jul 2024 15:14:55 -0400
Message-ID: <CADaq8jcn72LER7duMQxdQ0ympBMrjHNtTdGTstiW4=+7Ek-zDw@mail.gmail.com>
To: Rick Macklem <rick.macklem@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000ac661a061e2b53a8"
Message-ID-Hash: Z3SP7EGVMQK7XTR3ARXZYX3JJSBIX45B
X-Message-ID-Hash: Z3SP7EGVMQK7XTR3ARXZYX3JJSBIX45B
X-MailFrom: davenoveck@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Trond Myklebust <trondmy@hammerspace.com>, Bruce Fields <bfields@fieldses.org>, "nfsv4@ietf.org" <nfsv4@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/QwFur3ClR_u8jBdpHLm5hdBBtLg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>

On Friday, July 26, 2024, Rick Macklem <rick.macklem@gmail.com> wrote:

>
>
> On Thu, Jul 25, 2024 at 12:36 PM David Noveck <davenoveck@gmail.com>
> wrote:
>
>>
>>
>> On Thursday, July 25, 2024, Chuck Lever III <chuck.lever@oracle.com>
>> wrote:
>>
>>>
>>>
>>> > On Jul 25, 2024, at 9:44 AM, Rick Macklem <rick.macklem@gmail.com>
>>> wrote:
>>> >
>>> > Christoph pointed out to me that having multiple ACLs on a file is not
>>> > reasonable.  The draft I am writing will require a server to only
>>> support
>>> > one ACL model/file. (I think it needs to be a server choice and could
>>> be
>>> > indicated to the client by which attributes are supported for the
>>> fiile.
>>> > (This is related to the last point.  I'll leave the rest for others.)
>>>
>>> I agree there should be one per file,
>>
>>
>> Definitely.
>>
>>>
>>> and that the server's
>>> local file system should determine which type of ACL it can
>>> support.
>>
>>
>> I would think it determines the set of types  it  an support.  This can
>> be ofen will be a singleton or the null set.
>>
>> (I don't envision a scenario where one file system
>>> could support multiple types of ACLs).
>>
>>
>> I consider it unfortunate that your vision is so limited.
>>
>> I expect to face the issue in the near future since Netapp supports a
>> considerable portion of the NFSv4 ACL model and will want to support the
>> draft POSIX ACL.
>>
>> I don't think it is reasonable to tell users that they have to get rid of
>> their existing ACLs in order to allow them to use draft POSIX ACLs.
>>
> If you are referring to the granularity of whether a
> NFSv4 ACL or POSIX draft ACL is applied, I do not see
> a problem with "per file" granularity, which is what I
> had planned for the draft I am writing (in progress).
> (My limited vision comes from the fact that FreeBSD uses
> a "per file system" mount option to define which ACL model
> is used.)
>
> However, if you are suggestion that a file object could
> have both a NFSv4 ACL and a POSIX draft ACL, then I do
> envision problems.
>

I see problems also, and having two different ACls controlling
authorization is not needed or wanted.

However, I think we can see a sacl and a dacl  together and the dacl could
be replaced by a draft POSIX ACL.

I would also see the case of setting a draft POSIX ACL and being able to
interrogate using multiple attributes.  This might look to some as if there
were two ACLs but in reality there would be only one.  I discuss the
details in Appendix C of acls-05, coming to the data tracker in the next
few weeks.

-> How would the server check access?

>     - By checking both ACLs and only allow access if both
>       ACLs allowed access?
>       --> That would cause confusion for users on clients
>           that only see one of the ACLs, when the ACL the
>           client sees allows access, but the server replies
>           NFS4ERR_ACCES, since the other ACL does not allow
>           access.
>
> rick
>
>
>
>>
>>
>>>
>>> > It would be nice if, somehow, the Linux folk could determine how often
>>> > the mapped NFSv4 ACLs are used on the Linux NFSv4 servers?
>>>
>>> As far as I am aware, NFSD does not use mapped ACLs, but I
>>> haven't done an in-depth look.
>>>
>>>
>>> --
>>> Chuck Lever
>>>
>>>
>>>