Adding creator owner support to nfs4:mode simple.

Orlando Richards orlando.richards at ed.ac.uk
Thu Nov 29 05:28:25 MST 2012 

On 21/09/12 14:44, Orlando Richards wrote:
> Alexander Werth wrote:
>  > Hi,
>>
>> I've been working on the NFS4 ACL code recently. It turns out that
>> while "creator owner" and "creator owner group" ACEs behave pretty
>> much like nfs4 inheritonly special owner@ and group@ ACEs these nfs4
>> special id's are not used for that purpose by the current code.
>>
>> The current code uses these special id's in nfs4:mode special to
>> encode the explicit user and group ACEs of the current file owner and
>> group.
>>
>> I'd like to contribute the following patch which will use the
>> special ids for the "creator" SIDs in nfs4:mode simple. Right now in
>> mode simple the nfs4 special ids are interpreted as explicit ACEs of
>> the current file owner and group. So it's interpreting the special
>> ids as if they had been written in nfs4:mode special.
>>
>> This also points to a problem with the nfs4:mode special. Mapping
>> the ACEs of the owner to nfs4 special ids will result in an
>> inheritance behavior matching the "creator" aces and not the intended
>> behavior of user aces. While this mapping to special id's is needed
>> to get sensible posix mode bits the resulting inheritance behavior
>> seams arbitrary and broken from a user point of view.
>>
>> Files written earlier with nfs4:mode special and read in nfs4:mode
>> simple would now show an creator owner entry with these patches. That
>> might be slightly confusing but the files actually already behave
>> that way even in nfs4:mode special.
>>
>>
>> The patch for adding creator owner support to nfs4:mode simple
>> contains the following seperate commits:
>> - Move params struct and reading of parameters up.
>  > - Change smbacl4_get_vfs_params to use connection_struct instead of fsp.
>  > - Add params parameter to smbacl4_nfs42win function
>> - In nfs4:mode simple read nfs4 special owner@ and group@ ACEs as
>  > "creator owner" and "creator owner group".
>> - In nfs4:mode simple write "creator owner" and "creator owner group"
>> as nfs4 special owner@ and group@ ACEs.
>>
>> I'm also working on a modified version of mode special that does use
>> the inherited special ids for creator owner and uses non inheriting
>> aces for the posix mode bits which builds on this change.
>>
>> Please share your thoughts or concerns.
>>
>> Cheers, Alexander Werth
>
>
> Hi Alexander,
>
> This sounds great - we've got this problem just now, and your proposal
> sounds like a perfect fix!
>
> Did you get any further with this patch proposal?
>

Hi Samba-Technical,

I'm thinking that opening a bug ticket for this issue might be useful - 
any objections to me doing so?

Cheers,
Orlando



-- 
             --
    Dr Orlando Richards
   Information Services
IT Infrastructure Division
        Unix Section
     Tel: 0131 650 4994

The University of Edinburgh is a charitable body, registered in 
Scotland, with registration number SC005336.

More information about the samba-technical mailing list