On Thu, 2013-05-09 at 21:34 +0400, Vyacheslav Dubeyko wrote: > On May 9, 2013, at 9:01 PM, Myklebust, Trond wrote: > > [snip] > > > > How does this make sense? There is no lossless mapping of NFSv4 acls > > into POSIX acls; the latter doesn't have any equivalent of the DENY aces > > so you cannot represent the full set of acls that can be set using MacOS > > on the same filesystem. > > > > Shouldn't you rather be looking at the richacl patch sets? > > > > Yes, I understand the nature of such mapping and impossibility of mapping NFSv4 ACLs to POSIX ACLs in some cases. But, as I understand, the richacl patch set is not mainline yet. And even if it will be in mainline then a user can have choice to use POSIX ACLs or richacls. So, we need to map NFSv4 ACLs <-> POSIX ACLs in hfsplus for the case of using POSIX ACLs model. I think that to have such mapping is better than to have nothing. Moreover, a user can use HFS+ filesystem with using POSIX ACLs only under Linux. Thereby, the generalization of mapping NFSv4 ACLs <-> POSIX ACLs makes sense, from my viewpoint. No, there is no requirement that you must support the POSIX acl interface in addition to NFSv4/richacls. No, supporting a POSIX mapping is not necessarily "better than nothing" if it cannot faithfully represent the original NFSv4 acl. Do you at least enforce the original acl in permissions checks? -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@xxxxxxxxxx www.netapp.com -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
