NTVFS vs S3 file server
Andrew Tridgell
tridge at samba.org
Thu Dec 8 03:25:41 MST 2011
Hi Metze,
Thanks for the summary.
One more thing in the s4 ntvfs file server that I think should be
brought into the s3 file server (at least as an option), is the
"raceless override" code. That is the code that allows s4 to safely
allow for full NT ACLs in userspace.
The basic idea is that if a file/directory has a NT ACL on it stored in
a form that is not understood by the underlying filesystem, and that NT
ACL would allow an operation, but the operation fails as the currently
connected user, then the ntvfs backend can choose to 'override' the
filesystem and allow the operation anyway. The key is to do this in a
way that doesn't open up race conditions.
Normally doing ACLs in user space is very prone to symlink races, but it
is in fact possible to do operations in a raceless fashion, as long as
the OS supports a couple of modern system calls (eg. fchown, fchmod and
O_NOFOLLOW on open). That is what is implemented in
ntvfs/posix/pvfs_sys.c.
The big advantage of this approach is that it makes it possible to
correctly implement NT ACLs without filesystem support, and without
having to set the underlying file permissions very broadly (eg. without
having to set "create mask = 777").
To avoid the races you do need to do quite a few extra system calls, but
as its only called on a "slow path" where the operation as the connected
user has failed, it doesn't really hurt performance.
Cheers, Tridge
More information about the samba-technical
mailing list