[nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4

David Noveck <davenoveck@gmail.com> Sat, 27 July 2024 11:01 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 419B0C17C884 for <nfsv4@ietfa.amsl.com>; Sat, 27 Jul 2024 04:01:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D14vioMNBzip for <nfsv4@ietfa.amsl.com>; Sat, 27 Jul 2024 04:01:23 -0700 (PDT)
Received: from mail-oo1-xc2e.google.com (mail-oo1-xc2e.google.com [IPv6:2607:f8b0:4864:20::c2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73305C14F71E for <nfsv4@ietf.org>; Sat, 27 Jul 2024 04:01:23 -0700 (PDT)
Received: by mail-oo1-xc2e.google.com with SMTP id 006d021491bc7-5d5c7f24372so900664eaf.0 for <nfsv4@ietf.org>; Sat, 27 Jul 2024 04:01:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722078082; x=1722682882; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=trxEFRIdfu0uEVxxD1o582Xq0N7Zp9f3EkflnS1dWwg=; b=cHfVZk8pFrbvwcwgOLp6UXNwclwf+Vjq/bOSJaQaACwy1DrBYvLw7rQIFb0wdD+Ne+ 0gMKcF8xdI/T2OBlo3hwJJWdfX3U9gF4bcTHBeQTG5rGxIt8AfE5PpdCK2eto8wZC7th 66tSRjWSNlCFdRvz4x/17v6d7vrzDp/3teSDu0yzXncusXB9GL/FGo741KYqzHFSydtL LnYm/3e5EAuxqz5qWRf3v5WEkOGMdj2GOfdGCIIddHO0x7nP4IfAmCVl6Rp8MxQa38DF rbwHgzZOAiOdQTqW/0KFU1XIsqRfki0fHTfu0dHFdaLPMMjOrWwrC9m2WFaWlQLBCsJE cqpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722078082; x=1722682882; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=trxEFRIdfu0uEVxxD1o582Xq0N7Zp9f3EkflnS1dWwg=; b=hgGLakejuthIbIJhXCsGMcZBVSu5QuvyAI0p+ZFvRRf3VazRdaAT0B6LH7uBD3juRW /GOOC3JUKy8b2Dkrid1RI0yBOEzJojY3n2KobzKy9XUc/IStjsvZTVMNJpPIKprU/Dgk TDOkOPrUH7YtFeglDhQPoldx6mcD6nZMhGoEQxoJoCJG8KZwOg+UyLO3y+y6xkSa0Sey oMvdwKYkSDuvwxV7MfhY1iDp7CZRWglfkminPr4Smaa7hxVhMv3R9qxkcFLxqRW7L6U0 YbJDQ7A5RworBMDlMTwg3WOscHseT9LFGAfkV3ERbu0mVxFYGbm4qCUwNITL5uxM9NjS eWNA==
X-Forwarded-Encrypted: i=1; AJvYcCVP7JQ7KD8/fsEKONaaFkOhKdaRLSbcU3GrJLDKjsHbs1NPIDrwn9/Zhg6pWbfAk92q7tgfuw==@ietf.org
X-Gm-Message-State: AOJu0YxMNlLDA9eJD6HopgY1qwNH8bgH0A0C4J5FdKhMNrEsfnTn0e3N On/r0/HI8ixbQirfo3T+ui8XEMs2/oQ/CHFLRK3yBWfU5CnD/Ae/gU2/+C7I3PwwXH6vXUsscyz /9ham0NTMXTxOmeFT0bx8u8yvhzc=
X-Google-Smtp-Source: AGHT+IEHVOBln1HYT/CYJBPlhbVtONxmAgSQt+HRtp3fxSdttf5419SmaxhqB/8yRglvQVLStFT96xoxt8uJ0WIcHds=
X-Received: by 2002:a05:6358:9106:b0:1ac:671a:db58 with SMTP id e5c5f4694b2df-1adf1e2a313mr270583855d.19.1722078082118; Sat, 27 Jul 2024 04:01:22 -0700 (PDT)
MIME-Version: 1.0
References: <CADaq8jdvZ5pcFNN5zjuVHLTO30v9=2kYKzFdRxxbkTmHYZdTdA@mail.gmail.com> <CAM5tNy7Fw954gCzYHCTjRg7th_njSHhxznni48Zz4xsSXT631A@mail.gmail.com> <53DAEF45-2A4D-4066-97C2-7B09018DE99B@oracle.com> <CAM5tNy6a4ZG90i2ugXzuPqQ1zrsK9m8jLRKmv9VpnFG6m_Pqew@mail.gmail.com> <DD250FBD-A434-4294-818A-5728757CE032@oracle.com> <d1c538065728c17df66a6f9e79e55d90849fc866.camel@gmail.com> <D352FEB9-A487-4B3E-9BC8-DB2C1896F941@oracle.com> <8efc39289ecef97624622cfc431f890736b579a0.camel@hammerspace.com> <33FA1D6E-73B3-43A1-B65C-D806156E39A5@oracle.com> <cf8a48e517210512755455dd78352ae5b64f7949.camel@hammerspace.com> <449AF448-1471-47CD-B5C5-3A3A5FB9FB12@oracle.com> <2e32694382df3e70a93edcf40434a41729031e55.camel@hammerspace.com> <83c39a7b12c05b0f1a0fa6e069b08e399864277a.camel@hammerspace.com> <CADaq8jfw1FVH3dxOEJAZLrw_S5y2F6eaGkcfpha4X8BBNWgRSQ@mail.gmail.com> <6903782a95875541489844e33541114f0bf01acb.camel@hammerspace.com> <CADaq8jdFYo_DtRxS3h17dyQSFqXeoR60OjsjMM=o35HDg8ZnNg@mail.gmail.com> <855662e75c4433042fd9875c2c9c5d0244c929da.camel@hammerspace.com> <CADaq8jdZzqt-bXB4YsO=R2qpT9MNfwvSAJyBJng1qjGFTn2tbw@mail.gmail.com> <CAM5tNy5oVnyP66fzZsQXnNQcTYtpQaR59Q6io92F4LX74gPivQ@mail.gmail.com> <7FAE51A2-6E14-412F-8B0A-AC617AE4173B@oracle.com> <CADaq8je9VqYoe8StfezCNjYPD3-dGmbz-zNSO51RBmfzCPcgeA@mail.gmail.com> <F7648EA3-E6A1-4741-85EF-C73801E703D0@oracle.com> <CAM5tNy5=hQktYRB6Lvcgr=r3-L68DgXO=TX9dME0ZjeQKf+QSQ@mail.gmail.com>
In-Reply-To: <CAM5tNy5=hQktYRB6Lvcgr=r3-L68DgXO=TX9dME0ZjeQKf+QSQ@mail.gmail.com>
From: David Noveck <davenoveck@gmail.com>
Date: Sat, 27 Jul 2024 07:01:09 -0400
Message-ID: <CADaq8jfNpM=bxDFiKuozRdA2GQL3oq2UJNC8wMy5Pzcs9_P6yQ@mail.gmail.com>
To: Rick Macklem <rick.macklem@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000005c41b6061e388c5d"
Message-ID-Hash: XP7C4JNUDIIBXL423GVI3QOW56NMUCXO
X-Message-ID-Hash: XP7C4JNUDIIBXL423GVI3QOW56NMUCXO
X-MailFrom: davenoveck@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Trond Myklebust <trondmy@hammerspace.com>, Bruce Fields <bfields@fieldses.org>, "nfsv4@ietf.org" <nfsv4@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/vlemekktqNrA1ChCn55NmIXxcK8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>

On Fri, Jul 26, 2024 at 9:40 PM Rick Macklem <rick.macklem@gmail.com> wrote:

>
>
> On Fri, Jul 26, 2024 at 9:05 AM Chuck Lever III <chuck.lever@oracle.com>
> wrote:
>
>>
>>
>> > On Jul 25, 2024, at 3:36 PM, David Noveck <davenoveck@gmail.com> wrote:
>> >
>> > On Thursday, July 25, 2024, Chuck Lever III <chuck.lever@oracle.com>
>> wrote:
>> >
>> >> I agree there should be one per file,
>> >
>> > Definitely.
>> >
>> >> and that the server's
>> >> local file system should determine which type of ACL it can
>> >> support.
>> >
>> > I would think it determines the set of types  it  an support.  This can
>> be ofen will be a singleton or the null set.
>> >
>> >> (I don't envision a scenario where one file system
>> >> could support multiple types of ACLs).
>> >>
>> > I consider it unfortunate that your vision is so limited.
>> >
>> > I expect to face the issue in the near future since Netapp supports a
>> considerable portion of the NFSv4 ACL model and will want to support the
>> draft POSIX ACL.
>> >
>> > I don't think it is reasonable to tell users that they have to get rid
>> of their existing ACLs in order to allow them to use draft POSIX ACLs.
>>
>> Hopefully this can shed a little light on the use case
>> that Linux NFSD might prefer -- I'm not denigrating any
>> other usage scenarios.
>>
>> For Linux NFSD, its local file systems can store only
>> POSIX ACLs.
>>
>> In order to provide broad compatibility with existing
>> and new clients, I'm thinking that NFSD will provide
>> GET/SETATTR capabilities that allow clients to see both
>> a mapped NFSv4 ACL and a POSIX ACL per file; the mapped
>> ACL will be created from the stored POSIX ACL to satisfy
>> GETATTR requests, and access authorization decisions will
>> be based on the stored POSIX ACL, as I believe NFSD does
>> today.
>>
> That sounds reasonable to me.  I will note that I thought
> (maybe I misinterpreted his comment) Christoph thought the
> above was a very bad idea.
>
> I am thinking that there might be use for an additional
> new attribute that tells the client which type of ACL is
> actually being stored.
> That way the client might choose to Setattr that type of
> ACL to avoid mapping, while allowing the server to provide
> both the acl and posix_acl attributes (doing mapping for the
> type not being stored in the server's file system).
>
> Another fun corner
>

Fun indeed :-)


> is handling of inheritance. POSIX draft
> ACLs allow a separate (and possibly different) ACL for
> inheritance (called the default) than the one for access.
>

In acls-04, I attempt to unify those two within the NFSv4 model, treating
default acl as made up of inheritable aces, that each have a further
visibility flag that makes them appear only in the default acl.

 FWIW, I think that approach is better than the one picked up from
windows.  I would like to be able to define default sacls, for example. I
am thinking about proposing that as v4.2 extension at some point.


> rick
>
>
>> NFSD will map incoming NFSv4 ACLs to POSIX ACLs before
>> storing them. Storing either type of ACL will wholly
>> replace the POSIX ACL that is already there.
>>
>>
>> --
>> Chuck Lever
>>
>>
>>