Adding creator owner support to nfs4:mode simple.

Orlando Richards orlando.richards at ed.ac.uk
Wed Dec 5 09:28:41 MST 2012 

Actually - I've just found a copy of the patch (thanks Internets!) and 
uploaded it to the bugzilla entry.



On 05/12/12 16:22, Orlando Richards wrote:
> Hi Alexander,
>
> I've submitted a bugzilla entry for this:
>
>   https://bugzilla.samba.org/show_bug.cgi?id=9467
>
> Would be great if you could attach your patch to that bug - and
> follow/update it too if possible!
>
> --
> Orlando.
>
>
>
>
> On 21/09/12 14:40, Orlando Richards wrote:
>> Hi,
>>
>> I've been working on the NFS4 ACL code recently.
>> It turns out that while "creator owner" and "creator owner group" ACEs
>> behave pretty much like nfs4 inheritonly special owner@ and group@ ACEs
>> these nfs4 special id's are not used for that purpose by the current
>> code.
>>
>> The current code uses these special id's in nfs4:mode special to encode
>> the explicit user and group ACEs of the current file owner and group.
>>
>> I'd like to contribute the following patch which will use the special
>> ids for the "creator" SIDs in nfs4:mode simple. Right now in mode simple
>> the nfs4 special ids are interpreted as explicit ACEs of the current
>> file owner and group. So it's interpreting the special ids as if they
>> had been written in nfs4:mode special.
>>
>> This also points to a problem with the nfs4:mode special. Mapping the
>> ACEs of the owner to nfs4 special ids will result in an inheritance
>> behavior matching the "creator" aces and not the intended behavior of
>> user aces. While this mapping to special id's is needed to get sensible
>> posix mode bits the resulting inheritance behavior seams arbitrary and
>> broken from a user point of view.
>>
>> Files written earlier with nfs4:mode special and read in nfs4:mode
>> simple would now show an creator owner entry with these patches.
>> That might be slightly confusing but the files actually already behave
>> that way even in nfs4:mode special.
>>
>>
>> The patch for adding creator owner support to nfs4:mode simple contains
>> the following seperate commits:
>> - Move params struct and reading of parameters up.
>> - Change smbacl4_get_vfs_params to use connection_struct instead of fsp.
>> - Add params parameter to smbacl4_nfs42win function
>> - In nfs4:mode simple read nfs4 special owner@ and group@ ACEs as
>> "creator owner" and "creator owner group".
>> - In nfs4:mode simple write "creator owner" and "creator owner group" as
>> nfs4 special owner@ and group@ ACEs.
>>
>> I'm also working on a modified version of mode special that does use the
>> inherited special ids for creator owner and uses non inheriting aces for
>> the posix mode bits which builds on this change.
>>
>> Please share your thoughts or concerns.
>>
>> Cheers,
>> Alexander Werth
>>
>> -------------- next part --------------
>> A non-text attachment was scrubbed...
>> Name: simple-mode-with-creator.patch
>> Type: text/x-patch
>> Size: 15488 bytes
>> Desc: not available
>> URL:
>> <http://lists.samba.org/pipermail/samba-technical/attachments/20120727/1aa4c985/attachment.bin>
>>
>>
>>
>
>


-- 
             --
    Dr Orlando Richards
   Information Services
IT Infrastructure Division
        Unix Section
     Tel: 0131 650 4994

The University of Edinburgh is a charitable body, registered in 
Scotland, with registration number SC005336.

More information about the samba-technical mailing list