IETF Logo Mail Archive

Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready

Sam Falkner <Sam.Falkner@Sun.COM> Tue, 11 July 2006 12:29 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G0HMm-0000AM-DY; Tue, 11 Jul 2006 08:29:28 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G0HMk-0000A8-Rx for nfsv4@ietf.org; Tue, 11 Jul 2006 08:29:26 -0400
Received: from brmea-mail-2.sun.com ([192.18.98.43]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G0HMj-0001WJ-4M for nfsv4@ietf.org; Tue, 11 Jul 2006 08:29:26 -0400
Received: from fe-amer-01.sun.com ([192.18.108.175]) by brmea-mail-2.sun.com (8.13.6+Sun/8.12.9) with ESMTP id k6BCTOka002741 for <nfsv4@ietf.org>; Tue, 11 Jul 2006 06:29:24 -0600 (MDT)
Received: from conversion-daemon.mail-amer.sun.com by mail-amer.sun.com (Sun Java System Messaging Server 6.2-4.02 (built Sep 9 2005)) id <0J2800401NTSRQ00@mail-amer.sun.com> (original mail from Sam.Falkner@Sun.COM) for nfsv4@ietf.org; Tue, 11 Jul 2006 06:29:24 -0600 (MDT)
Received: from [132.219.16.161] by mail-amer.sun.com (Sun Java System Messaging Server 6.2-4.02 (built Sep 9 2005)) with ESMTPSA id <0J2800071O0ZVMW0@mail-amer.sun.com>; Tue, 11 Jul 2006 06:29:24 -0600 (MDT)
Date: Tue, 11 Jul 2006 08:29:21 -0400
From: Sam Falkner <Sam.Falkner@Sun.COM>
Subject: Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
In-reply-to: <200607111005.22200.agruen@suse.de>
To: Andreas Gruenbacher <agruen@suse.de>
Message-id: <67359DB9-6E3E-49E7-A8F6-3FB34DCC3440@Sun.COM>
MIME-version: 1.0
X-Mailer: Apple Mail (2.752.2)
Content-type: text/plain; format="flowed"; delsp="yes"; charset="US-ASCII"
Content-transfer-encoding: 7bit
References: <200607032310.15252.agruen@suse.de> <200607110215.53496.agruen@suse.de> <3E4B637E-57AC-4E2B-A2C8-EDCFF35A5D84@Sun.COM> <200607111005.22200.agruen@suse.de>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 92df29fa99cf13e554b84c8374345c17
Cc: Lisa Week <Lisa.Week@Sun.COM>, nfsv4@ietf.org, "J. Bruce Fields" <bfields@fieldses.org>, nfs@lists.sourceforge.net, Spencer Shepler <spencer.shepler@Sun.COM>, Brian Pawlowski <beepy@netapp.com>
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Errors-To: nfsv4-bounces@ietf.org

On Jul 11, 2006, at 4:05 AM, Andreas Gruenbacher wrote:

> On Tuesday, 11. July 2006 07:42, Sam Falkner wrote:
>>>> I think having chmod be functional, i.e. chmod 770 gives write
>>>> permission to the owning group, and an "ls -l" shows "rwxrwx---",
>>>> would be best by far.
>>>
>>> It screws you when you want to give the owning group fewer  
>>> permissions
>>> than other users in the File Group Class. This can be worked  
>>> around by
>>> creating a dummy group with no members, or one group that only  
>>> contains
>>> a single user for each user, and changing the owning group of  
>>> files, but
>>> the owning group already has other defined uses in POSIX (think  
>>> of SETGID
>>> for files and directories), and so it's not desirable and not always
>>> possible to change the owning group to such a dummy group.
>>
>> No -- if you want owning group to have fewer permissions than other
>> users, you're using an ACL.  You use tools that manipulate ACLs.
>
> Sorry, but while this may look like a good idea at first, it  
> doesn't work very
> well. Let's look at an example:
>
> 	OWNER@:READ_DATA/WRITE_DATA::ALLOW
> 	GROUP@:READ_DATA/WRITE_DATA::ALLOW
> 	user@domain:READ_DATA/WRITE_DATA::ALLOW
> 	EVERYONE:READ_DATA::ALLOW
>
> The mode is rw-rw-r--. Now we use ACL tools to change the ACL to  
> give the
> owning group fewer permissions than user@domain as you say:
>
> 	OWNER@:READ_DATA/WRITE_DATA::ALLOW
> 	GROUP@:READ_DATA::ALLOW
> 	user@domain:READ_DATA/WRITE_DATA::ALLOW
> 	EVERYONE:READ_DATA::ALLOW

> The mode must still be rw-rw-r-- because otherwise, user@domain  
> wouldn't have
> WRITE_DATA access. Now a nasty, evil POSIX application that doesn't  
> know
> anything about ACLs comes along and does a chmod(file, 0600), chmod 
> (file,
> 0664). What should be the appropriate result? If changing the group  
> file mode
> permission bits writes through to the GROUP@ entry as you say, then  
> we would
> end up with the following *effective* permissions:
>
> 	OWNER@:READ_DATA/WRITE_DATA::ALLOW
> 	GROUP@:READ_DATA/WRITE_DATA::ALLOW
> 	user@domain:READ_DATA/WRITE_DATA::ALLOW
> 	EVERYONE:READ_DATA::ALLOW

That's not how Solaris works either.  Sorry, I should have explained  
it better.  In Solaris using POSIX-draft ACLs, chmod() changes both  
the group permissions and the mask, simultaneously.  I now understand  
why you were hesitant to have chmod affect the group permissions, but  
having it affect both mask and group solves both problems.

I realize that I'm talking about POSIX-draft ACLs, but the same  
design principles work for NFSv4 ACLs.  chmod() affects the GROUP@  
permissions directly, and also affects the mask, no matter how the  
mask is implemented.

- Sam

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email