[nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4

Trond Myklebust <trondmy@gmail.com> Tue, 23 July 2024 14:28 UTC

Return-Path: <trondmy@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1948C1D4CEF for <nfsv4@ietfa.amsl.com>; Tue, 23 Jul 2024 07:28:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dBe8MvzfCpUN for <nfsv4@ietfa.amsl.com>; Tue, 23 Jul 2024 07:28:07 -0700 (PDT)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA559C1CAF2C for <nfsv4@ietf.org>; Tue, 23 Jul 2024 07:28:07 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id d75a77b69052e-447fd75f9aeso27995001cf.1 for <nfsv4@ietf.org>; Tue, 23 Jul 2024 07:28:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721744887; x=1722349687; darn=ietf.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=9VUlJVg4TDImGZubJUVYwb7gTzDn6hHq3I7ZFbCsV/U=; b=D7KjATDSn+U2beu0sNbfSaCIAkuE5xQRr7h1gJX5KC+cq9xAwSfO1kAeRCegbE/ZNu Om8WwAxC2LyZhltGQsDm7pPx7uliGe3v/nRl/Jpzxioyqz126xssOwBeREdIP5G4lRJB A23pTU7/BUumxUgrCD/lI3txRjvuG0cR01t1LDFyzf22WPwjUzyDEqn1YZGNsX59Dk18 pjoKHjfzyflfJtXlAByi7HBS8ar/yJtdnS5yk8cFSQYIB01uHAKnc3ln8ISPFCtrMihC tRj20Vy0I/52GrqfxJmVbtb3mgWMxIogzzQi07ZQmPxR1nkYe3YDpIx3+LsKDbFmtJ7G QthA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721744887; x=1722349687; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=9VUlJVg4TDImGZubJUVYwb7gTzDn6hHq3I7ZFbCsV/U=; b=q6B8yrh9cucoW5TpKWcq/r88BVqPQvYc69O14LZsqiMCmcOHzApDPvRUHgVSv6oyoe eiDtd721z4MDOFdYJQlEdOxBXjHTVOaE+fdkMVFyFyifZCRWxUV1b181psPIJMFU00T3 xEcF0nVRSJp4DtHm0v41fcbJRdMrnfB9wJNTw7cSxqYkPLxGEE4GqGetC+DpWyCr4aby XVZlnjsOYH3R/7WrBBM87uNEacE/r5tV2LZHsCL3Dv4yv9BYzz4myRqu1TPfHhPoKq2+ 0to1EKLVt8JLS6bTuzOFtFqZfNcZhRWakNdRI91Tt8zWYl8LB5qstW1Zi4P9Ru5rx+sJ QjzQ==
X-Gm-Message-State: AOJu0YwugsqrsxbcGAsIj+WWmX15qq+A8E7HYPZBhHeWA/IIkIUs5Ysj jFoG8PY8DA/tZOs2WNprpRnoI9yo7EL4b3JtEkO+JqZgjmLRvvI=
X-Google-Smtp-Source: AGHT+IEv0jOl7PkwPgZAk3IsjxNRgZzoLzeBuXB1NQZ6ZdDDC4aV8WgYSymsidk3bLDG+NZfGu8UhA==
X-Received: by 2002:a05:622a:1912:b0:447:ede4:c6fe with SMTP id d75a77b69052e-44fa525db31mr150596431cf.9.1721744886656; Tue, 23 Jul 2024 07:28:06 -0700 (PDT)
Received: from [192.168.75.138] ([204.8.116.104]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-44f9cbf28f0sm44733691cf.19.2024.07.23.07.28.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jul 2024 07:28:06 -0700 (PDT)
Message-ID: <d1c538065728c17df66a6f9e79e55d90849fc866.camel@gmail.com>
From: Trond Myklebust <trondmy@gmail.com>
To: Chuck Lever III <chuck.lever=40oracle.com@dmarc.ietf.org>, Rick Macklem <rick.macklem@gmail.com>
Date: Tue, 23 Jul 2024 10:27:35 -0400
In-Reply-To: <DD250FBD-A434-4294-818A-5728757CE032@oracle.com>
References: <CADaq8jdvZ5pcFNN5zjuVHLTO30v9=2kYKzFdRxxbkTmHYZdTdA@mail.gmail.com> <CAM5tNy7Fw954gCzYHCTjRg7th_njSHhxznni48Zz4xsSXT631A@mail.gmail.com> <53DAEF45-2A4D-4066-97C2-7B09018DE99B@oracle.com> <CAM5tNy6a4ZG90i2ugXzuPqQ1zrsK9m8jLRKmv9VpnFG6m_Pqew@mail.gmail.com> <DD250FBD-A434-4294-818A-5728757CE032@oracle.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.52.3 (3.52.3-1.fc40)
MIME-Version: 1.0
Message-ID-Hash: CHPSYW6Z4KJOO2LNPZXPKOOTHH4PTSI3
X-Message-ID-Hash: CHPSYW6Z4KJOO2LNPZXPKOOTHH4PTSI3
X-MailFrom: trondmy@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: NFSv4 <nfsv4@ietf.org>, Bruce Fields <bfields@fieldses.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/lR0fgZIpnxULl9kEIZTRYA1cePM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>

On Tue, 2024-07-23 at 13:54 +0000, Chuck Lever III wrote:
> 
> > On Jul 22, 2024, at 7:13 PM, Rick Macklem <rick.macklem@gmail.com>
> > wrote:
> > 
> > I just looked at opensolaris/usr/src/head/rpcsvc/nfs_acl.x
> > which I think is the closest thing there is to a spec. for NFSACL.
> > (FreeBSD does not implement this protocol and all I know about it
> > is what this little .x file indicates.)
> 
> That's excellent, thanks for finding it.
> 
> My concern about this is that the cited .x file falls under
> CDDL, and thus cannot be used directly by a GPL-encumbered
> OS like Linux, nor can it be contributed to the IETF in its
> current form.
> 
> This is clearly prior art.
> 
> My question then is whether we should endeavor to produce
> an Informational document that describes NFSACL without
> encumbrance -- ie, get Sun-Oracle to contribute that work
> so that it might be used openly.
> 

Why do we care?

The goal of this group should be to make a version that is appropriate
for NFSv4. That would need to be a new protocol extension for NFSv4
that is separate from the existing ACL attribute.

Even the XDR format of the ACEs will need to be different due to the
adoption of name@domain format user and group descriptions that replace
the uid/gid format.
So there is little overlap with the existing nfsacl.x file (which
existed as a file with no valid licence description in the glibc rpc
implementation for many years prior to the existence of the CDDL).

-- 
Trond Myklebust 
CTO, Hammerspace Inc 
1900 S Norfolk St, Suite 350 - #45 
San Mateo, CA 94403 
​
www.hammerspace.com