On Thu, 18 Jul 2024 at 21:12, Aleksandr Mikhalitsyn <aleksandr.mikhalitsyn@xxxxxxxxxxxxx> wrote: > This was a first Christian's idea when he originally proposed a > patchset for cephfs [2]. The problem with this > approach is that we don't have an idmapping provided in all > inode_operations, we only have it where it is supposed to be. > To workaround that, Christian suggested applying a mapping only when > we have mnt_idmap, but if not just leave uid/gid as it is. > This, of course, leads to inconsistencies between different > inode_operations, for example ->lookup (idmapping is not applied) and > ->symlink (idmapping is applied). > This inconsistency, really, is not a big deal usually, but... what if > a server does UID/GID-based permission checks? Then it is a problem, > obviously. Is it even sensible to do UID/GID-based permission checks in the server if idmapping is enabled? If not, then we should just somehow disable that configuration (i.e. by the server having to opt into idmapping), and then we can just use the in_h.[ugi]d for creates, no? Thanks, Miklos
