On Tue, 2009-03-24 at 18:15 -0400, J. Bruce Fields wrote: > On Tue, Mar 24, 2009 at 05:44:07PM -0400, Trond Myklebust wrote: > > On Tue, 2009-03-24 at 16:10 -0400, J. Bruce Fields wrote: > > > On Tue, Mar 24, 2009 at 02:56:25AM +0100, Alex Bremer wrote: > > > > >> How do other people share public files with NFS4? If there is no other > > > > >> way than setting the users's umask to 002, this would practically > > > > >> limit the use of NFS4 to private shares like home directories. > > > > > > > > > > I don't understand why--can't you use the user-private-group trick?: > ... > > > > - we actually have directories where files should only be group readable. > > > > > > I don't get it--why not set an inheritable acl on those directories that > > > permits only read to the group? > > > > That only works if the client actually respects the acl... > > I don't understand. ACL enforcement and inheritance are both done on > the server side. > > The problem is just that the umask is applied on the client side. But > if the umask is 002, and an inheritable ACL permits only read, then the > result of inheritance and umask-application will be an ACL that permits > reads (and only reads) to the group owner (and to any named users and > groups). The client currently always sends a mode. My interpretation of RFC3530 is that this will always override the inherited ACL (see the discussion in OP_OPEN and OP_CREATE w.r.t. the createattrs field). -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@xxxxxxxxxx www.netapp.com -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
