Adding creator owner support to nfs4:mode simple.

Alexander Werth werth at linux.vnet.ibm.com
Wed Dec 5 09:49:06 MST 2012


Hi,

As far as I know the old patches will not apply cleanly to Samba 4.0.
I'm currently fixing this.

Cheers,
Alexander

On Wed, 2012-12-05 at 16:28 +0000, Orlando Richards wrote:
> Actually - I've just found a copy of the patch (thanks Internets!) and 
> uploaded it to the bugzilla entry.
> 
> 
> 
> On 05/12/12 16:22, Orlando Richards wrote:
> > Hi Alexander,
> >
> > I've submitted a bugzilla entry for this:
> >
> >   https://bugzilla.samba.org/show_bug.cgi?id=9467
> >
> > Would be great if you could attach your patch to that bug - and
> > follow/update it too if possible!
> >
> > --
> > Orlando.
> >
> >
> >
> >
> > On 21/09/12 14:40, Orlando Richards wrote:
> >> Hi,
> >>
> >> I've been working on the NFS4 ACL code recently.
> >> It turns out that while "creator owner" and "creator owner group" ACEs
> >> behave pretty much like nfs4 inheritonly special owner@ and group@ ACEs
> >> these nfs4 special id's are not used for that purpose by the current
> >> code.
> >>
> >> The current code uses these special id's in nfs4:mode special to encode
> >> the explicit user and group ACEs of the current file owner and group.
> >>
> >> I'd like to contribute the following patch which will use the special
> >> ids for the "creator" SIDs in nfs4:mode simple. Right now in mode simple
> >> the nfs4 special ids are interpreted as explicit ACEs of the current
> >> file owner and group. So it's interpreting the special ids as if they
> >> had been written in nfs4:mode special.
> >>
> >> This also points to a problem with the nfs4:mode special. Mapping the
> >> ACEs of the owner to nfs4 special ids will result in an inheritance
> >> behavior matching the "creator" aces and not the intended behavior of
> >> user aces. While this mapping to special id's is needed to get sensible
> >> posix mode bits the resulting inheritance behavior seams arbitrary and
> >> broken from a user point of view.
> >>
> >> Files written earlier with nfs4:mode special and read in nfs4:mode
> >> simple would now show an creator owner entry with these patches.
> >> That might be slightly confusing but the files actually already behave
> >> that way even in nfs4:mode special.
> >>
> >>
> >> The patch for adding creator owner support to nfs4:mode simple contains
> >> the following seperate commits:
> >> - Move params struct and reading of parameters up.
> >> - Change smbacl4_get_vfs_params to use connection_struct instead of fsp.
> >> - Add params parameter to smbacl4_nfs42win function
> >> - In nfs4:mode simple read nfs4 special owner@ and group@ ACEs as
> >> "creator owner" and "creator owner group".
> >> - In nfs4:mode simple write "creator owner" and "creator owner group" as
> >> nfs4 special owner@ and group@ ACEs.
> >>
> >> I'm also working on a modified version of mode special that does use the
> >> inherited special ids for creator owner and uses non inheriting aces for
> >> the posix mode bits which builds on this change.
> >>
> >> Please share your thoughts or concerns.
> >>
> >> Cheers,
> >> Alexander Werth
> >>
> >> -------------- next part --------------
> >> A non-text attachment was scrubbed...
> >> Name: simple-mode-with-creator.patch
> >> Type: text/x-patch
> >> Size: 15488 bytes
> >> Desc: not available
> >> URL:
> >> <http://lists.samba.org/pipermail/samba-technical/attachments/20120727/1aa4c985/attachment.bin>
> >>
> >>
> >>
> >
> >
> 
> 




More information about the samba-technical mailing list