Adding creator owner support to nfs4 vfs modules

Alexander Werth werth at
Tue Dec 25 16:18:05 MST 2012


A while ago I proposed a patch to support creator owner ACEs on nfs4.

Later Orlando Richards created a bugzilla describing an inheritance
issue with the current nfs4:mode special that had been pointed out in
the initial patch submission:

I'm now proposing four patch sets addressing the inheritance issue and
the missing creator owner support. These patches are already attached to
the bugzilla entry.
Feedback is of course welcome. In particular feedback regarding what
would be necessary to bring these patches into master.

The patch for adding creator owner support to nfs4:mode simple contains
the following seperate commits:
- Move params struct and reading of parameters up.
- Change smbacl4_get_vfs_params to use connection_struct instead of fsp.
- Add params parameter to smbacl4_nfs42win function
- In nfs4:mode simple read nfs4 special owner@ and group@ ACEs as
"creator owner" and "creator owner group".
- In nfs4:mode simple write "creator owner" and "creator owner group" as
nfs4 special owner@ and group@ ACEs.

The patch for adding a new nfs4 mode that combines the ideas of mode
special with creator owner support
- Add new nfs4:mode specialcreator on reading parameters.
- Add specialcreator to nfs4acls.txt readme
- Add smbacl4_expand_special function for mode specialcreate
- Add function smbacl4_substitute_special.
- Remove inlined special substitution of mode special.
- Rewrite ACL with special entries for the owner and group.
- Only rewrite acl on mode specialcreator.
- Add smb_create_file_nfs4 to vfs_fn_pointers.

A patch to add a nfs4:readmode parameter to allow online migration of
- Add readmode to nfs4 readme.
- Add readmode to smbacl4_get_vfs_params.
- Use new readmode parameter in smb_create_file_nfs4.

And a patch with an optimization that skips an unnecessary
transformation from nfs4 to security descriptor and back.
- Optimize adjustment of specialcreator ACLs within nfs4_acls.c.
- Add create_file hook to rewrite ACL on file creation for GPFS module.

More information about the samba-technical mailing list