Re: [SMB3][PATCH] add mount option to allow retrieving POSIX mode from special ACE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Jun 24, 2019 at 2:07 PM Pavel Shilovsky <piastryyy@xxxxxxxxx> wrote:
>
> Can't we use the existing idfromsid for this purpose? We already have
> a plenty of mount options and the list keeps growing.

That is a good question - and I am open to suggestions to remove some
mount options but
the general problem is that that mount option name could be very confusing -
"idsfromsid" doesn't really imply anything about how we handle
mode bits (we could save mode bits even if saving uid owner without
using the "idsfromsid"
mechanism) we want to allow:

1) query mode from special sid if present
or
2) query mode from ACL (only check for perms on the three
user-owner/group-owner/EVERYONE SIDs), in this case we may chose to
mount noperm
or
3) the default today - we set mode for files and directories to the
permissions supplied as "file_mode" and "dir_mode")
We by default do:
      vol->dir_mode = vol->file_mode = S_IRUGO | S_IXUGO | S_IWUSR;
and we can mount with noperm to disable the client perm checks if the
checks on the client are not useful
or
4) set the permissions (temporarily) locally only and cache them
(dynperm) - typically not recommended.

Where I would like to get to is that we focus strongly on only the
first two common use cases:
1) "client focused perm checks"   -  get/set mode from special SID
(server permission checks are not important in this case)
2) "server focused perm checks" - get/set the three ACEs
(user-owner/group-owner/EVERYONE) in the ACL

I would like to default to idsfromsid (setting the owner with  if
looking up owner from Winbind or SSSD or falling back
to S-1-22-1 (Unmapped user's special SID) or S-1-5-88-1  (MS-NFS and
Apple style unmapped user's special SID).

In a way I would like to remove "idsfromsid" (and do it by default),
and add the new mount point to distinguish between

"client centric" mode bit evaluation (special mode SID)
vs.
"server centric" ACL evaluation (where mode bits are mapped into the 3
usual ACEs - user/group/other)



> пн, 24 июн. 2019 г. в 00:20, Steve French <smfrench@xxxxxxxxx>:
> >
> > See e.g. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh509017(v=ws.10)
> >
> > where it describes use of an ACE with special SID S-1-5-88-3 to store the mode.
> >
> > Followon patches will add the support for chmod and query_info (stat)
> >
> >
> >
> > --
> > Thanks,
> >
> > Steve



-- 
Thanks,

Steve
[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux