On Tuesday, May 28, 2013 20:38:57 Frank S Filz wrote: > Jim Lieb <jlieb@xxxxxxxxxxx> wrote on 05/28/2013 05:57:31 PM: > > > Actually, ACLs are critical for Ganesha. Unless we decide to have > > separate > > > > attr validity bits for "stat" attributes and ACLs, Ganesha will have a > > > difficult time knowing if the ACL attribute is up to date (or even > > > available). > > > > True enough. But one of the pushbacks was the amount of work neededto > > get to > > > xattrs where acls live. One thing I heard that made not having acls on > > the > > > readdir+ pass was a status of some kind that indicated "I have acls..." > > The > > > readdir is a dir op and so 10k+ entries need to be minimal overhead. we > > already have the acls of the dir from the lookup. we don't need an > > entry's > > > acls until we do the lookup on it. at that time we can grab the acls. > > That > > > was the argument as I remember and I'm willing to accept it. IIRC, > > the client > > is going to send us a getattrs later. we can do it then. Is this > > reasonable? > > The ACL COULD be required on READDIR, though I would not expect any clients > to ask for ACL on READDIR (though it sure would be handy if Ganesha's PROXY > client could do so...). > > Fortunately we don't enforce ACE4_READ_ATTR, otherwise we WOULD need ACL on > any READDIR... That's an acl on the dir itself. If we carry this further, a recursive ls would readdir+ the top level dir, then lookup each dir in its list in order to get a handle for the next level of readdir+. At the time of the lookup is when we need the acl for that dir. If anywhere in the tree we have 5 dirs and 10k "other" files, regulars, symlinks etc., we only really need the acl above for the 5 dirs. We take the getattr (+get acls) hit 5 times at lookup time for that dir. The 10k other stuff is happy with name, ls -l stuff. > > If there are times when we get attrs without getting ACL, then we will need > a separate validity bit for ACL, otherwise we won't be able to tell if we > have current ACL for an entry or not. > > What would actually be helpful though, and make Ganesha a lot more > efficient is if we could actually get all the ACLs for a directory in one > fell swoop with some sort of "compression". Given that a large percentage > of files actually have the same ACL, we could get a the 1-4 ACLs that > apply, and then a bunch of entries, each indicating which of the 4 ACLs > they have. > > Frank -- Jim Lieb Linux Systems Engineer Panasas Inc. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
