IETF Logo Mail Archive

[nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4

Rick Macklem <rick.macklem@gmail.com> Fri, 05 July 2024 20:09 UTC

Return-Path: <rick.macklem@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 725D8C1654EB for <nfsv4@ietfa.amsl.com>; Fri, 5 Jul 2024 13:09:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YaBNl1MXBp2e for <nfsv4@ietfa.amsl.com>; Fri, 5 Jul 2024 13:09:53 -0700 (PDT)
Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16D03C157927 for <nfsv4@ietf.org>; Fri, 5 Jul 2024 13:09:53 -0700 (PDT)
Received: by mail-pf1-x42f.google.com with SMTP id d2e1a72fcca58-70af8062039so1448032b3a.0 for <nfsv4@ietf.org>; Fri, 05 Jul 2024 13:09:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720210192; x=1720814992; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=nk/uQUYS6fENRhVzKH2+KCyu9fnYF2n3oIsFhffVYvI=; b=XGqukLYEpkUvzx1WaDelxVd+GZ5hJgzTRAenfrWyTwPz2e71hbVT2FvPpBRSvWOx1Y UKbTLysL73I5Ysj9YdLzscEfZ8JyVANIMV+zytfzbDvKGudoQYdaI7h3e4pRgP94rh/F xYAd2VqoiPeLXLQ8cUZxv5k0WRsU6I/fTOFohJ3Vr/gR3lZ3LaKWwIzlk9JuPHc9EoXo VfZJJRDRH4YFYl0BuunG/yUf2mewROB0R5cP8VW1nVUNHZxb2MyfTGUfEKR52etRNZVT Q4b1HX6KohjiWouOrgcWnrecx0bL9VGdRjg3cheEmYcAfWhiTHCLwoUolcrdVrXIYtct f7NA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720210192; x=1720814992; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nk/uQUYS6fENRhVzKH2+KCyu9fnYF2n3oIsFhffVYvI=; b=L55Xdjn/2qNhdRGNvIpraQ/rcGofvINhDgotQTcZdWmNAmvkTifyh0tyacnqz3dHGk nwIo+wlCm1DyiYwar5gD/Z/qwIjWNlQV77o4Va/dGSTCvwpE1Ot5N8kshPg1NTBjmxS9 sGEcKJAv+PCIyGFK4lXn0vRDCjgaLWun9l739B861eZGFvYzKbgXT/WrAQSL0Yh1FIVz VjsYbD62eCTI+QTyFCbNAOhH0f1I+1lkuQ4xXk9wjdwC+XOinCx+3i6n3/MOHEnXw+nR cGp77LLuVR/YE41k1PfP4hGR1QepR84vlUoircCwI8oIhaGy72ErqgplPWpnoJZqgvCM UfTw==
X-Gm-Message-State: AOJu0YxXTmb7H+Hc0hLoW8qLKGljZTRPts1zi49B3SR3JACQrmdkT/er 1luSJFIiF+rbx1EAhdDYsCD8kVW/Y0UKCyca+MdWcrVTgr+ikikNe0p/GBbEjjjvfcNuhMPku4h mpCKAkbXMMEDQic3+4mQUpjfWew==
X-Google-Smtp-Source: AGHT+IGCEGud0FbirCK11ilawlB8wn01aVv+EZpYtMioOoJxcPA/dmSzHYVfs5BRzWDDjKsYhQc5LOKCcEku84mYS6I=
X-Received: by 2002:a05:6a21:1698:b0:1bd:25ac:a08a with SMTP id adf61e73a8af0-1c0cc729cc5mr5391897637.12.1720210192198; Fri, 05 Jul 2024 13:09:52 -0700 (PDT)
MIME-Version: 1.0
References: <CADaq8jdvZ5pcFNN5zjuVHLTO30v9=2kYKzFdRxxbkTmHYZdTdA@mail.gmail.com>
In-Reply-To: <CADaq8jdvZ5pcFNN5zjuVHLTO30v9=2kYKzFdRxxbkTmHYZdTdA@mail.gmail.com>
From: Rick Macklem <rick.macklem@gmail.com>
Date: Fri, 05 Jul 2024 13:09:40 -0700
Message-ID: <CAM5tNy7Fw954gCzYHCTjRg7th_njSHhxznni48Zz4xsSXT631A@mail.gmail.com>
To: David Noveck <davenoveck@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: LQAE6EBQDGRRNQF64O3E6PFP6R5E5CBO
X-Message-ID-Hash: LQAE6EBQDGRRNQF64O3E6PFP6R5E5CBO
X-MailFrom: rick.macklem@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: NFSv4 <nfsv4@ietf.org>, "J. Bruce Fields" <bfields@fieldses.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/StWvVZlCkW20UXlRWH01AbZcycY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>

On Thu, Jul 4, 2024 at 5:22 AM David Noveck <davenoveck@gmail.com> wrote:
>
> I'd appreciate it if you took a look at what I've done to better support draft POSIX ACLs in NFSv4.1 and let me know your thoughts.
I have glanced at it. I think my opinion is already well known,
however it does not matter..
Why?
Because Trond will decide what goes in the Linux NFSv4 client and
NFSv4 server implementors will do
whatever the Linux NFSv4 client wants/needs.
I have encouraged Trond to comment. Until he does, I do not see any
reason to proceed further w.r.t. POSIX draft ACLs vs NFSv4 ACLs.

W.r.t. servers that implement a subset of NFSv4 ACLs natively, I will
comment on nfsv4@ietf.org if/when I have a
chance to look at what your draft proposes and compare that with what
OpenZFS currently does.
(I doubt the OpenZFS ACL semantics can change, but ??)

rick

>
> There is a lot of work directed toward such support in acls-04.   It takes a different approach than your earlier proposal to create two new acl attributes in that it treats the issues within the framework of the existing ACL model, albeit with some major conceptual restructuring (but leaving the existing XDR pretty much intact.).
>
> I am still open to approaches that strive to be more draft-POSIX-ACL-oriented as discussed in my Appendix C.1 but feel those will have to wait until NFSv4.2.   It would be good if we can discuss those and  get enough agrrement to start implementation work on a common approach to these issues.
>
> Right now, I'm prototyping the draft-POSIX-ACL support described within acls-04 and I have no immediate plans to try anything in Appendix C. However, if you have plans for client implementation work for draft-POSIX-ACL-related implementation work, I could look at doing some v4.2 prototype to match.   I think we could do this before drafting a proposed v4.2 extension.

v2.46.0 | Report a Bug | By Email | System Status