IETF Logo Mail Archive

[nfsv4] Re: [NFS] NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready

"J. Bruce Fields" <bfields@fieldses.org> Fri, 14 July 2006 17:59 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1Rwt-0004zt-KJ; Fri, 14 Jul 2006 13:59:35 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1Rws-0004zo-Ct for nfsv4@ietf.org; Fri, 14 Jul 2006 13:59:34 -0400
Received: from mail.fieldses.org ([66.93.2.214] helo=pickle.fieldses.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G1Rwq-0004JM-43 for nfsv4@ietf.org; Fri, 14 Jul 2006 13:59:34 -0400
Received: from bfields by pickle.fieldses.org with local (Exim 4.62) (envelope-from <bfields@fieldses.org>) id 1G1Rwo-0008GI-61; Fri, 14 Jul 2006 13:59:30 -0400
Date: Fri, 14 Jul 2006 13:59:30 -0400
To: nfsv4@ietf.org
Message-ID: <20060714175930.GD20999@fieldses.org>
References: <200607032310.15252.agruen@suse.de> <200607071355.30624.agruen@suse.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <200607071355.30624.agruen@suse.de>
User-Agent: Mutt/1.5.11+cvs20060403
From: "J. Bruce Fields" <bfields@fieldses.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 93238566e09e6e262849b4f805833007
Cc: Sam Falkner <Sam.Falkner@sun.com>, nfs@lists.sourceforge.net, Spencer Shepler <spencer.shepler@sun.com>, Brian Pawlowski <beepy@netapp.com>
Subject: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Errors-To: nfsv4-bounces@ietf.org

On Fri, Jul 07, 2006 at 01:55:30PM +0200, Andreas Gruenbacher wrote:
> On Monday, 3. July 2006 23:10, Andreas Gruenbacher wrote:
> > I have been thinking about the problems of interaction between NFSv4 ACLs
> > and POSIX, and particularly about the issue of masking permissions through
> > chmod and after creating files or directories.

So, omitting the details, the idea is to add 3 optional attributes
(owner_class_mask, group_class_mask, and other_class_mask) which limit
the permissions that an ACL can grant to different classes of entities.

For a client that doesn't support the new attributes, a server can apply
the mask attributes to the ACL before returning it.  I suppose a
multi-protocol server would do the same for CIFS clients.

For a server that doesn't support the new attributes, the client still
has available any of the current options: give up on non-destructive
chmod, or fall back on representing mask bits with DENIES.

When client and server support the new mask bits, we get a completely
non-destructive chmod without all the complicated DENY heuristics.

I agree that that would be an improvement.

--b.

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email