RE: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready

 > > >> For a client that doesn't support the new attributes, a 
> > >> server can apply
> > >> the mask attributes to the ACL before returning it.  I suppose a
> > >> multi-protocol server would do the same for CIFS clients.
> > >> 
> > Since CIFS does not understand the semantics of permission 
> mask, does
> > the server enforce the mask when the access for the data comes from
> > a CIFS client ?
> 
> Yes, it does.  But it also only ever shows CIFS clients a 
> version of the
> ACL with the mask already applied, so CIFS clients see no 
> inconcistency.
> (In other words, if there's an "ALLOW bfields READ+WRITE" ACE, but the
> relevant mask only allows READ, then the CIFS client will see 
> a version
> of the ACL where that ACE only allows READ.)
> 
> See any reason why that won't work?

Let me see if I understand.

A POSIX ACL client sees ALLOW bfields READ+WRITE
A *nix client that only does perms sees r
A client that only does CIFS sees ALLOW bfields READ

If I have that right, this is like going straight to hell 
for a multi-protocol server company.  Does that qualify
as a reason for why this won't work?

Alan

===============================================================
Alan G. Yoder                                    agy@netapp.com
Technical Staff                           
Network Appliance, Inc.                            408-822-6919
===============================================================

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4