Re: [nfsv4] Constructing a NFSv4 ACL from POSIX mode bits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 24, 2012 at 3:09 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote:
> But Tom was asking above only about ACE4_WRITE_ACL.  And possibly only
> in the legacy case.  (Does ZFS have a real ACE4_WRITE_ACL bit?)

Ah, oops.  That's trickier.  The examples don't say (or I'm not seeing
it).  IMO the most reasonable thing to do is to make chmod mask away
the ACE4_WRITE_ACL bits of non-OWNER@/non-owner-user ACEs, but
subsequent ACL writes can restore ACE4_WRITE_ACL without contributing
to the w group or world bits of mode.

That is: to make aclmode=mask most natural and usable a chmod must
have the expected POSIX behavior of taking away or granting access,
but never granting anything like ACE4_WRITE_ACL to non-owners, while
an ACL write should should be able to grant much more access than
chmod and it should compute a new mode that is as close as possible to
the new ACL.  This requires storing a mode, an ACL, and one bit to
indicate whether the ACL was set after the mode or the mode after the
ACL.

Nico
--
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux