Current approaches to ACL handling

J. Bruce Fields bfields at fieldses.org
Wed Oct 17 07:19:22 MDT 2012


On Wed, Oct 17, 2012 at 05:57:47AM -0700, Jeremy Allison wrote:
> On Tue, Oct 16, 2012 at 10:58:02AM -0400, J. Bruce Fields wrote:
> > On Mon, Oct 08, 2012 at 02:53:36PM -0500, Christopher R. Hertel wrote:
> > > If I understood Alexander's suggestion, it was to implement Windows
> > > ACLs in the filesystem/kernel.  That would mean that Samba would no
> > > longer need to adapt because the semantics would be what we'd
> > > expect.
> > > 
> > > On the other hand, how would the kernel go about enforcing some of
> > > the more obscure permissions for non-Samba processes?  How would NFS
> > > interpret the ACLs?  What about local processes?  Which permissions
> > > would be exposed to the local user and which would not?  The
> > > adaptations would have to move, probably into the kernel with the
> > > new ACL type.
> > 
> > I think this is the most recent posting of the richacl patches:
> > 
> > 	http://thread.gmane.org/gmane.linux.kernel/1206630/
> > 
> > It includes enforcement of new permission bits; e.g., write attributes:
> > 
> > 	http://thread.gmane.org/gmane.linux.kernel/1206630/focus=1206636
> > 
> > delete and delete child:
> > 
> > 	http://thread.gmane.org/gmane.linux.kernel/1206630/focus=1206638
> > 
> > file vs directory creation:
> > 
> > 	http://thread.gmane.org/gmane.linux.kernel/1206630/focus=1206642
> > 
> > So they are of course intended to be exposed and enforced consistently
> > against local, NFS, and Samba users.
> > 
> > Review is welcome; if you see anything specific missing, please let us
> > know.
> 
> So the last comment on this patchset was from Christoph Hellwig,
> which stated:
> 
> > Please as a first thing submit the various small cleanups indepent
> > of the other changes.  If you can't even those in there's no point
> > in trying. 
> 
> then:
> 
> > I also really hate all the duplication - I want to see a really good
> > reason why all this code needs to be duplicated.  Just look at
> > the mess done to check_acl and the ACL caching in the inode and
> > any normal person would throw up.  There is absolutely no reason
> > to not implement Posix ACLs as a subset of the NFSv4 ACL (not actually
> > a subset in the strict mathematical sense, but close enough).
> 
> which never got done. I think it's possible to re-do
> POSIX ACLs as a subset of RichACLs but that's a re-write
> of the patchset.

Yes, absolutely, it needs at least one more revision, and we've got no
volunteer for that right now.

--b.


More information about the samba-technical mailing list