Adding creator owner support to nfs4:mode simple.

Orlando Richards orlando.richards at ed.ac.uk
Wed Dec 5 09:22:03 MST 2012 

Hi Alexander,

I've submitted a bugzilla entry for this:

  https://bugzilla.samba.org/show_bug.cgi?id=9467

Would be great if you could attach your patch to that bug - and 
follow/update it too if possible!

--
Orlando.




On 21/09/12 14:40, Orlando Richards wrote:
> Hi,
>
> I've been working on the NFS4 ACL code recently.
> It turns out that while "creator owner" and "creator owner group" ACEs
> behave pretty much like nfs4 inheritonly special owner@ and group@ ACEs
> these nfs4 special id's are not used for that purpose by the current code.
>
> The current code uses these special id's in nfs4:mode special to encode
> the explicit user and group ACEs of the current file owner and group.
>
> I'd like to contribute the following patch which will use the special
> ids for the "creator" SIDs in nfs4:mode simple. Right now in mode simple
> the nfs4 special ids are interpreted as explicit ACEs of the current
> file owner and group. So it's interpreting the special ids as if they
> had been written in nfs4:mode special.
>
> This also points to a problem with the nfs4:mode special. Mapping the
> ACEs of the owner to nfs4 special ids will result in an inheritance
> behavior matching the "creator" aces and not the intended behavior of
> user aces. While this mapping to special id's is needed to get sensible
> posix mode bits the resulting inheritance behavior seams arbitrary and
> broken from a user point of view.
>
> Files written earlier with nfs4:mode special and read in nfs4:mode
> simple would now show an creator owner entry with these patches.
> That might be slightly confusing but the files actually already behave
> that way even in nfs4:mode special.
>
>
> The patch for adding creator owner support to nfs4:mode simple contains
> the following seperate commits:
> - Move params struct and reading of parameters up.
> - Change smbacl4_get_vfs_params to use connection_struct instead of fsp.
> - Add params parameter to smbacl4_nfs42win function
> - In nfs4:mode simple read nfs4 special owner@ and group@ ACEs as
> "creator owner" and "creator owner group".
> - In nfs4:mode simple write "creator owner" and "creator owner group" as
> nfs4 special owner@ and group@ ACEs.
>
> I'm also working on a modified version of mode special that does use the
> inherited special ids for creator owner and uses non inheriting aces for
> the posix mode bits which builds on this change.
>
> Please share your thoughts or concerns.
>
> Cheers,
> Alexander Werth
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: simple-mode-with-creator.patch
> Type: text/x-patch
> Size: 15488 bytes
> Desc: not available
> URL:
> <http://lists.samba.org/pipermail/samba-technical/attachments/20120727/1aa4c985/attachment.bin>
>
>


-- 
             --
    Dr Orlando Richards
   Information Services
IT Infrastructure Division
        Unix Section
     Tel: 0131 650 4994

The University of Edinburgh is a charitable body, registered in 
Scotland, with registration number SC005336.

More information about the samba-technical mailing list