RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
"Noveck, Dave" <Dave.Noveck@netapp.com> Wed, 19 July 2006 01:49 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G31BV-0005cw-6T; Tue, 18 Jul 2006 21:49:09 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G31BU-0005cr-4c for nfsv4@ietf.org; Tue, 18 Jul 2006 21:49:08 -0400
Received: from mx2.netapp.com ([216.240.18.37]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G31BS-0000ix-QD for nfsv4@ietf.org; Tue, 18 Jul 2006 21:49:08 -0400
Received: from smtp1.corp.netapp.com ([10.57.156.124]) by mx2.netapp.com with ESMTP; 18 Jul 2006 18:49:02 -0700
X-IronPort-AV: i="4.06,256,1149490800"; d="scan'208"; a="393829227:sNHT22434708"
Received: from svlexc02.hq.netapp.com (svlexc02.corp.netapp.com [10.57.157.136]) by smtp1.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id k6J1mvru002618; Tue, 18 Jul 2006 18:48:57 -0700 (PDT)
Received: from exsvlrb02.hq.netapp.com ([10.56.8.63]) by svlexc02.hq.netapp.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 18 Jul 2006 18:48:57 -0700
Received: from exnane01.hq.netapp.com ([10.97.0.61]) by exsvlrb02.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 18 Jul 2006 18:48:56 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Date: Tue, 18 Jul 2006 21:48:54 -0400
Message-ID: <C98692FD98048C41885E0B0FACD9DFB8029EFFAD@exnane01.hq.netapp.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
Thread-Index: Acaqtr2wBQP/EAvCQmy6HT9rx5bgkwAHW7pQ
From: "Noveck, Dave" <Dave.Noveck@netapp.com>
To: Sam Falkner <Sam.Falkner@Sun.COM>
X-OriginalArrivalTime: 19 Jul 2006 01:48:56.0969 (UTC) FILETIME=[7F73CF90:01C6AAD5]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1b0e72ff1bbd457ceef31828f216a86
Cc: Lisa Week <Lisa.Week@Sun.COM>, nfsv4@ietf.org, "J. Bruce Fields" <bfields@fieldses.org>, nfs@lists.sourceforge.net, Spencer Shepler <spencer.shepler@Sun.COM>, "Pawlowski, Brian" <beepy@netapp.com>, Andreas Gruenbacher <agruen@suse.de>
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Errors-To: nfsv4-bounces@ietf.org
It seems like this is what most users would want. It doesn't seem to match what is specified in section 3.16.6.3 of draft-03. That says the acl is modified when you change the mode. What does solaris do if you do a chmod specifying a numeric mode whose value is the same as would be set by doing a chomod +s? Does that change the ACL? -----Original Message----- From: Sam Falkner [mailto:Sam.Falkner@Sun.COM] Sent: Tuesday, July 18, 2006 6:09 PM To: Noveck, Dave Cc: J. Bruce Fields; Lisa Week; nfsv4@ietf.org; nfs@lists.sourceforge.net; Spencer Shepler; Pawlowski, Brian; Andreas Gruenbacher Subject: Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready On Jul 16, 2006, at 7:10 AM, Noveck, Dave wrote: > What does Solaris do about chmod +s? Does it modify the ACL? No -- chmod +s leaves the ACL (if any) alone, and only affects the setuid bit. - Sam > -----Original Message----- > From: Sam Falkner [mailto:Sam.Falkner@Sun.COM] > Sent: Saturday, July 15, 2006 9:56 AM > To: J. Bruce Fields > Cc: Lisa Week; nfsv4@ietf.org; nfs@lists.sourceforge.net; Spencer > Shepler; Pawlowski, Brian; Andreas Gruenbacher > Subject: Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction / > mask,draft-ietf-nfsv4-acls-00 not ready > > On Jul 11, 2006, at 9:46 AM, J. Bruce Fields wrote: > >> On Tue, Jul 11, 2006 at 08:29:21AM -0400, Sam Falkner wrote: >>> That's not how Solaris works either. Sorry, I should have explained >>> it better. In Solaris using POSIX-draft ACLs, chmod() changes both >>> the group permissions and the mask, simultaneously. I now >>> understand > >>> why you were hesitant to have chmod affect the group permissions, >>> but > >>> having it affect both mask and group solves both problems. >> >> I think you're missing the point of his example. The point is that a >> chmod-using application may expect the sequence chmod(600) chmod >> (664) on >> a file with mode 664 to be a no-op. >> >> But if chmod() changes both group and mask bits ("owning group" and >> "group file class" bits) then this sequence isn't a no-op any more in >> his example. It gives GROUP@ write permissions. > > Okay, understood. > >> So Andreas is trying to ensure the property that any sequence of >> chmod's that leaves the mode bits the same also leaves the ACL the >> same. I agree that that's a nice property. > > Perhaps, but I think having chmod unable to set the mode to be a much > more undesirable property, to put it mildly. > >> What I'm not convinced of yet is that this is really worth caring >> about much. Is this common application behavior? Have there been >> complaints about this from people using Solaris's ACLs? > > I did some more research, and found that the Solaris chmod() system > call does pretty much what Linux does -- the group permissions of > chmod() affect the mask, not the group permission bits. > Originally, the > chmod command did the chmod() system call, and not much else. > > There were many complaints about this. So many that the chmod command > line was changed to do the chmod() system call, and then, in the > presence of an ACL, fix the permission bits. In other words, the bug > was fixed. > > I have found no complaints about the current Solaris behavior, where > chmod affects group permissions. > > - Sam > > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://www1.ietf.org/mailman/listinfo/nfsv4 > > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://www1.ietf.org/mailman/listinfo/nfsv4 _______________________________________________ nfsv4 mailing list nfsv4@ietf.org https://www1.ietf.org/mailman/listinfo/nfsv4
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Lisa Week
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… J. Bruce Fields
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Spencer Shepler
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… J. Bruce Fields
- RE: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… Noveck, Dave
- Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… J. Bruce Fields
- RE: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… Yoder, Alan
- Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… J. Bruce Fields
- RE: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… Yoder, Alan
- Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… J. Bruce Fields
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- RE: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Noveck, Dave
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… J. Bruce Fields
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… J. Bruce Fields
- Re: [nfsv4] Re: [NFS] NFSv4 ACL and POSIX interac… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Andreas Gruenbacher
- Re: [nfsv4] Re: NFSv4 ACL and POSIX interaction /… Sam Falkner