On Mon, Oct 5, 2009 at 11:31 AM, Andreas Gruenbacher <agruen@xxxxxxx> wrote: > On Wednesday 02 September 2009 22:22:06 J. Bruce Fields wrote: >> On Wed, Sep 02, 2009 at 01:56:23PM -0500, Steve French wrote: >> > In the meantime we don't even have a generalized system interface to >> > set/get nfsv4/cifs/ntfs acls >> >> The current client is using raw xdr-formatted v4 acls in an extended >> attribute. We could consider some other interface if that would be more >> useful to other projects. (Andreas' patches have a different >> xattr-based interface which might serve as another example.) > > Yes, the current nfsv4 client exposes NFSv4 ACLs with "user@domain" and > "group@domain" identifiers in xattrs. Users and groups of local processes and > files are are identified by ID though, so the kernel would have to map between > "user@domain" and "group@domain" identifiers and IDs even for local accesses. > This doesn't make sense. The native NSFv4 ACL prototype [1] uses IDs in its > xattr format instead; all the ID mapping logic remains in NFSv4 (and in Samba > for CIFS). > > [1] http://www.suse.de/~agruen/nfs4acl/ Recently I looked through NFSv4.1 spec, and it seems to address some ACL incompatibilities (with CIFS) by extending the NFSv4 ACL model. Should we be aiming for an eventual interface that would work for NFSv4.1 or limiting it to current NFSv4? Any idea on the state of NFSv4.1 it seems to be stuck for almost a year? -- Thanks, Steve -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
