[nfsv4] Re: RFC: atomically acquiring some attributes for the posix-acls extension

David Noveck <davenoveck@gmail.com> Thu, 08 August 2024 23:58 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B9FFC15108C for <nfsv4@ietfa.amsl.com>; Thu, 8 Aug 2024 16:58:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KVMa9Zf6Al6I for <nfsv4@ietfa.amsl.com>; Thu, 8 Aug 2024 16:58:27 -0700 (PDT)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C21CDC14F703 for <nfsv4@ietf.org>; Thu, 8 Aug 2024 16:58:27 -0700 (PDT)
Received: by mail-ot1-x32d.google.com with SMTP id 46e09a7af769-70949118d26so1066266a34.0 for <nfsv4@ietf.org>; Thu, 08 Aug 2024 16:58:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723161507; x=1723766307; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=pSfHOoDn2v9UAixfLQxVYyv28g3z95q+NF4torR1kIg=; b=X3mOaPdhFrIOhCaSnbOk8/h7iIMnGbmZtpr0LC1ULqydHpRh8vTB3p4cAxA23p/vWK ZRGAGvkbYWLEtDZ7rUPC8MaFHX+tt/vgB2bgAuQAfKizI5Oo2uOvwnObU59vbvI2BNPs nKz6jPWc4+THta8l46Ue2tof+vMVoj7p0ErrL9q7SA1dq3EvBgzRLzbh+LpKy5Zov/nU DWUsvzfFRsOwcLL+gtwIGhpc8RIxGgu03O0zZnycm9qZQ0/tw1O4sT+eAwHznd6kxPF+ z4HbLgg8Jy25v2VchxUP84gSAIf8YxQtrpyAL+GCt3pTYd2/WJKLjKnmxGnJC/ebhX4W C8OQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723161507; x=1723766307; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pSfHOoDn2v9UAixfLQxVYyv28g3z95q+NF4torR1kIg=; b=bcUAL/EHOUOErNswx5WFQHpR9fNwsP7tYdCkg6q0L+dRv6dmNS19uXd7sjwTprjpcD rbFSBsKF4emi7XmSL1KTppFwb+18ndK9iM52KoYl2P4eLiwYEw7sDN0jhciBlX4gp8qN nyqK4Q1SzQuDrVynJUB3rLC5ShyU2CjA6nM9Cep/P8qOuRehlKDVQcyX70MILzeCtWNV utGmp9HkyhVeC1RFT+Iw6Wjc0Z8xdfpQ2CQfnmseu/k+jYjkaL9cXcvXBwvV0iUuvPdR Nwbwh2IHR+UDnaChEMMIYApD730hVbn/f4Vp3+CsOMkS+36r+AvU0ZZmgM/f/DbnzHTI Qjjw==
X-Gm-Message-State: AOJu0YzBqo2ibL+xYomF+jIt8YNbxX5beDnrf1dMg+BiauT41puKBKGi 3tKbUeIdvpWfI5GKHyQXIElleR5nR8TVgg66ijn2lpZCMlX6uDluLm5oBZD8fKBeQQw3sDCGVGQ mRDAwRg6wfWvIqVxkXuL8gm36+j4=
X-Google-Smtp-Source: AGHT+IFf8ky61CLxb9sRFShPE/wiE+/hO/1Vlf134WC4Sz9uLqarTvKdemfczenkq8iZx0GWESezfjPoNsdVcy+86Fo=
X-Received: by 2002:a05:6830:3689:b0:704:470d:a470 with SMTP id 46e09a7af769-70b4fcadbf7mr4537375a34.28.1723161506748; Thu, 08 Aug 2024 16:58:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAM5tNy5OHG2qjtuZeuK2ZYtrKbrOq_wmYFwRHBcdm7PSH7s3qA@mail.gmail.com>
In-Reply-To: <CAM5tNy5OHG2qjtuZeuK2ZYtrKbrOq_wmYFwRHBcdm7PSH7s3qA@mail.gmail.com>
From: David Noveck <davenoveck@gmail.com>
Date: Thu, 08 Aug 2024 19:58:16 -0400
Message-ID: <CADaq8jdnAv3BqjaChNp05a5sFcGujPP=RvNtkhLvNKFqO0agdw@mail.gmail.com>
To: Rick Macklem <rick.macklem@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000802235061f34cd55"
Message-ID-Hash: NATNCREKQNIES45JIMK35ICRCMPIIDNO
X-Message-ID-Hash: NATNCREKQNIES45JIMK35ICRCMPIIDNO
X-MailFrom: davenoveck@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: NFSv4 <nfsv4@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nfsv4] Re: RFC: atomically acquiring some attributes for the posix-acls extension
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/UNsfJ3fxUxce5m50n9y4a2ML2gI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>

On Thu, Aug 8, 2024, 4:15 PM Rick Macklem <rick.macklem@gmail.com> wrote:

> Hi,
>
> As some will already know, I am working on a draft that
> proposes an extension to 4.2 related to POSIX ACLs which
> adds 4 new attributes.
>
> I have run into a case where specifying the GETATTR return
> some ACL related attributes "atomically". By atomically, I
> mean that no SETATTR by another client is permitted to change
> any on the attributes during the GETATTR.
>
> Some background:
> true form - Is the kind of ACL stored on the file object and
>             used for access permissions. A new attribute called
>             acl_trueform indicates what the true form is.
>             It can be ACL_MODEL_NFS4, ACL_MODEL_POSIX_DRAFT or
>             ACL_MODEL_NONE.
> posix_access_acl, posix_default_acl - New attributes for the POSIX
>             access and default ACLs.
>
> Now, assume a file system on a server supports all of the
> acl, posix_access_acl, posix_default_acl and acl_trueform
> attributes.
>
> If a client does a:
> GETATTR of acl, posix_access_acl, posix_default_acl and acl_trueform.
> If this GETATTR is guaranteed to be "atomic" (as in no SETATTR is allowed
> to change any of these attributes), then the reply gives the client
> exactly what it needs.
> --> The acl_trueform tells the client whether the acl attribute or
>     posix_access_acl/posix_default_acl attributes are what is actually
>     being stored for the file object and used for permission checking.
>
> However, without the atomicity guarantee, a SETATTR of
> acl/posix_access_acl/
> posix_default_acl done by another client could "gum up the works" and
> result in a weird/inconsistent reply.
>
> So, it requiring this atomicity guarantee for these attributes a
> reasonable thing for the extension, if the server chooses to support
> the extension?
>

Yes.


> Now, for SETATTR, it would be nice if a client could set a POSIX ACL,
> but only if no NFSv4 ACL is already stored on the file object.
> The following compound could "almost" do this:
>     NVERIFY acl_trueform ACL_MODEL_NFS4
>     SETATTR posix_access_acl
> The "almost" is because there is no atomicity guarantee for operations
> in compounds, but that will be my next email.
>
> Thanks in advance for any opinions w.r.t. the GETATTR atomicity guarantee,
> rick
>
>
> _______________________________________________
> nfsv4 mailing list -- nfsv4@ietf.org
> To unsubscribe send an email to nfsv4-leave@ietf.org
>