Native NFSv4 ACLs on Linux
agruen at suse.de
Fri Jul 14 14:37:36 GMT 2006
This is to announce a prototype that implements NFSv4 ACLs natively on Linux.
So far, the implementation supports NFSv4 ACLs on Ext3 filesystems. The code
is functional, but hasn't seen a whole lot of testing so far.
This is relevant to Samba, because CIFS ACLs are very close to NFSv4 ACLs, and
so this will allow Samba to store CIFS ACLs more or less unchanged, and have
the kernel enforce the ACL model. Native POSIX applications will interact
nicely with Windows applications; the prototype is POSIX compliant.
NFSv4 ACLs per se do not map to the POSIX permission model and the extension
mechanisms that POSIX allows very well. Different designs to extend the
definition of NFSv4 ACLs in order to make them map better to POSIX have been
proposed. A conclusion which design to adopt for NFSv4 Minor Version 1 has
not been reached so far. See the nfsv4 at ietf.org mailing list
(http://www1.ietf.org/mailman/listinfo/nfsv4) for discussions.
This prototype features a design that is relatively close to POSIX 1003.1e
draft 17 ACLs as implemented on many flavors of UNIX. Until a formal design
document is available, please refer to the discussion in the following two
threads on the nfsv4 at ietf.org mailing list, and read the code:
NFSv4 ACL and POSIX interaction / mask
NFSv4 ACL and POSIX interaction / mask, draft-ietf-nfsv4-acls-00 not ready
The prototype itself is available at http://www.suse.de/~agruen/nfs4acl/,
along with some more information.
Andreas Gruenbacher <agruen at suse.de>
Novell / SUSE Labs
More information about the samba-technical