[nfsv4] NFSv4.1 SACL attribute and AUDIT ACE: what's required?
Mike Kupfer <mike.kupfer@oracle.com> Fri, 16 June 2017 18:01 UTC
Return-Path: <mike.kupfer@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59DCD1295A0 for <nfsv4@ietfa.amsl.com>; Fri, 16 Jun 2017 11:01:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.222
X-Spam-Level:
X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0myKul4vtpZZ for <nfsv4@ietfa.amsl.com>; Fri, 16 Jun 2017 11:01:01 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5C211294CC for <nfsv4@ietf.org>; Fri, 16 Jun 2017 11:01:01 -0700 (PDT)
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v5GI10Ip009756 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <nfsv4@ietf.org>; Fri, 16 Jun 2017 18:01:01 GMT
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id v5GI10bQ005175 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <nfsv4@ietf.org>; Fri, 16 Jun 2017 18:01:00 GMT
Received: from abhmp0019.oracle.com (abhmp0019.oracle.com [141.146.116.25]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id v5GI10Q4009764 for <nfsv4@ietf.org>; Fri, 16 Jun 2017 18:01:00 GMT
Received: from [10.132.144.95] (/10.132.144.95) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 16 Jun 2017 11:00:59 -0700
To: NFSv4 WG <nfsv4@ietf.org>
From: Mike Kupfer <mike.kupfer@oracle.com>
Organization: Oracle Corporation
Message-ID: <ff5b21d9-f2f0-2c8b-1335-56384d08dacb@oracle.com>
Date: Fri, 16 Jun 2017 11:00:54 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Source-IP: userv0022.oracle.com [156.151.31.74]
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/Vw6NsFl0Nh7m-MjNcg24lzZjiEA>
Subject: [nfsv4] NFSv4.1 SACL attribute and AUDIT ACE: what's required?
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jun 2017 18:01:04 -0000
I'm trying to make sense of the final paragraph in Section 6.2.1.2 of
RFC 5661, which reads
Support for any of the ACL attributes is optional (albeit
RECOMMENDED). However, a server that supports either of the new
ACL attributes (dacl or sacl) MUST allow use of the new ACL
attributes to access all of the ACE types that it supports. In
other words, if such a server supports ALLOW or DENY ACEs, then it
MUST support the dacl attribute, and if it supports AUDIT or ALARM
ACEs, then it MUST support the sacl attribute.
IIUC, this is forbidding a situation where (for example) the server
lists support for the dacl attribute and AUDIT ACEs but not support
for the sacl attribute.
If the server lists support for neither the dacl or sacl attributes,
it can still support AUDIT ACEs via the acl attribute.
Am I reading that correctly?
thanks,
mike
- [nfsv4] NFSv4.1 SACL attribute and AUDIT ACE: wha… Mike Kupfer
- Re: [nfsv4] NFSv4.1 SACL attribute and AUDIT ACE:… David Noveck
- Re: [nfsv4] NFSv4.1 SACL attribute and AUDIT ACE:… Mike Kupfer