Adding creator owner support to nfs4 vfs modules

Nimrod Sapir NIMRODS at il.ibm.com
Wed Dec 26 02:41:41 MST 2012 

Alexander Werth <werth at linux.vnet.ibm.com> wrote on 26/12/2012 01:18:05:

> From: Alexander Werth <werth at linux.vnet.ibm.com>
> To: samba-technical at lists.samba.org, 
> Cc: Orlando Richards <orlando.richards at ed.ac.uk>, Nimrod Sapir/
> Israel/IBM at IBMIL
> Date: 26/12/2012 01:17
> Subject: Adding creator owner support to nfs4 vfs modules
> 
> Hello,
> 
> A while ago I proposed a patch to support creator owner ACEs on nfs4.
> 
> Later Orlando Richards created a bugzilla describing an inheritance
> issue with the current nfs4:mode special that had been pointed out in
> the initial patch submission:
> https://bugzilla.samba.org/show_bug.cgi?id=9467
> 
> I'm now proposing four patch sets addressing the inheritance issue and
> the missing creator owner support. These patches are already attached to
> the bugzilla entry.
> Feedback is of course welcome. In particular feedback regarding what
> would be necessary to bring these patches into master.
> 
> The patch for adding creator owner support to nfs4:mode simple contains
> the following seperate commits:
> - Move params struct and reading of parameters up.
> - Change smbacl4_get_vfs_params to use connection_struct instead of fsp.
> - Add params parameter to smbacl4_nfs42win function
> - In nfs4:mode simple read nfs4 special owner@ and group@ ACEs as
> "creator owner" and "creator owner group".
> - In nfs4:mode simple write "creator owner" and "creator owner group" as
> nfs4 special owner@ and group@ ACEs.
> 
> 
> The patch for adding a new nfs4 mode that combines the ideas of mode
> special with creator owner support
> - Add new nfs4:mode specialcreator on reading parameters.
> - Add specialcreator to nfs4acls.txt readme
> - Add smbacl4_expand_special function for mode specialcreate
> - Add function smbacl4_substitute_special.
> - Remove inlined special substitution of mode special.
> - Rewrite ACL with special entries for the owner and group.
> - Only rewrite acl on mode specialcreator.
> - Add smb_create_file_nfs4 to vfs_fn_pointers.
> 
> 
> A patch to add a nfs4:readmode parameter to allow online migration of
> filesystems.
> - Add readmode to nfs4 readme.
> - Add readmode to smbacl4_get_vfs_params.
> - Use new readmode parameter in smb_create_file_nfs4.
> 
> 
> And a patch with an optimization that skips an unnecessary
> transformation from nfs4 to security descriptor and back.
> - Optimize adjustment of specialcreator ACLs within nfs4_acls.c.
> - Add create_file hook to rewrite ACL on file creation for GPFS module.

Hi Alexander

I've been using the first patch attached to the bug report. based on Samba 
3.6.10 code base (with ctdb and gpfs) for a while now, and I'm quite happy 
with it. The "special" mode indeed creates an implicit translation of the 
special Unix bits, which can lead to weird results. I prefer the more 
explicit way used in the simple mode, although it is a bit confusing 
(since the "creater owner" user is hardly ever used on Windows 
environments) - but this is what you get when you mix Unix and Windows...

Two more questions:

With all the four patches, do you see any other disadvantages of using the 
simple mode besides the ugly use of the non-standard windows users?
Would the three other patches fit the 3.6.10 code? Will they significantly 
change the behavior on those flows?

Sorry if I'm repeating myself, this topic is a bit hard to grasp...

Thanks
Nimrod Sapir
IBM - XIV, Israel

More information about the samba-technical mailing list