Patchset to add asynchronous open/close to master
Jeremy Allison
jra at samba.org
Wed Jun 20 11:04:21 MDT 2012
On Wed, Jun 20, 2012 at 12:53:57PM -0400, simo wrote:
>
> Sorry I do not understand how this works properly.
>
> A) what assures you have the right to actually create the file in the
> directory if you are not setting the whole credentials (uid,gid and all
> secondary gids) as the process credentials for the open ?
We already check this in the CreateFile() path.
We won't even try and create the file unless we've
checked that we have the rights to do so. If
we have no create rights we've already returned
ACCESS_DENIED.
> B) Why do you have a comment that Posix ACL inheritance doesn't apply ?
> Is it because we assume that all additional ACLs are properly set and we
> need to care exclusively about setting the right user/group owner ?
Yes. That's how POSIX ACL inheritance works.
> I just need to understand how do you know the open will always
> succeed/fail properly given the parent directory ACL and the user's
> group memberships, if the open my happen in a different user context,
> what am I missing ?
As I mention above, we've already checked. Yes,
there's a race condition in that someone could
be simultaneously modifying the directory ACL
at the same time, but the CreateFile path is
inherently racy for many conditions. The only
way to prevent such races is to have a kernel
CreateFile call.
Jeremy.
More information about the samba-technical
mailing list