On Thu, Aug 29, 2024 at 10:24:42AM GMT, Miklos Szeredi wrote: > On Thu, 18 Jul 2024 at 21:12, Aleksandr Mikhalitsyn > <aleksandr.mikhalitsyn@xxxxxxxxxxxxx> wrote: > > > This was a first Christian's idea when he originally proposed a > > patchset for cephfs [2]. The problem with this > > approach is that we don't have an idmapping provided in all > > inode_operations, we only have it where it is supposed to be. > > To workaround that, Christian suggested applying a mapping only when > > we have mnt_idmap, but if not just leave uid/gid as it is. > > This, of course, leads to inconsistencies between different > > inode_operations, for example ->lookup (idmapping is not applied) and > > ->symlink (idmapping is applied). > > This inconsistency, really, is not a big deal usually, but... what if > > a server does UID/GID-based permission checks? Then it is a problem, > > obviously. > > Is it even sensible to do UID/GID-based permission checks in the > server if idmapping is enabled? It really makes no sense. > > If not, then we should just somehow disable that configuration (i.e. > by the server having to opt into idmapping), and then we can just use > the in_h.[ugi]d for creates, no? Fwiw, that's what the patchset is doing. It's only supported if the server sets "default_permissions".
