Adding creator owner support to nfs4:mode simple.

Alexander Werth werth at linux.vnet.ibm.com
Thu Oct 18 06:21:30 MDT 2012 


On Thu, 2012-10-18 at 12:15 +0200, Nimrod Sapir wrote:
> > From: Nimrod Sapir/Israel/IBM 
> > To: Alexander Werth <werth at linux.vnet.ibm.com>, 
> > Cc: samba-technical at lists.samba.org 
> > Date: 18/10/2012 11:00 
> > Subject: Re: Adding creator owner support to nfs4:mode simple. 
> > 
> > 
> > > On Tue, 2012-10-16 at 17:49 +0200, Nimrod Sapir wrote:
> > > > Hi Alexander 
> > > > 
> > > > I am trying to understand the benefit of the patch you provided.
> > > > Ideally, I would expect that the "special:owner@" entry in gpfs
> will
> > > > be translated into "CREATOR OWNER" when querying permissions
> using
> > > > Windows, and vice-versa. If I understand correctly (based on
> what you
> > > > have written and some tests I've done with the patch). The
> behavior
> > > > I've seen, when using the patch, is that adding "CREATOR OWNER"
> > > > permission through the windows explorer is translated If you do
> have a
> > > > into "special:owner@" on gpfs and behaves accordingly, but still
> > > > appears as user ACE in windows explorer (although subfolders or
> files
> > > > with different owner will receive permissions to the actual
> owner).
> > > > The behavior before the patch seems more unpredictable. 
> > > 
> > > > Is this is the expected behavior with the patch? If so, is there
> a
> > > > plan to improve the behavior so that full translation of
> "CREATOR
> > > > OWNER" to "special:owner" will be done? 
> > > > 
> > > No, this isn't the intended behavior.
> > > An creator owner acl that is applied to subfolders and files
> should be
> > > stored as an special@:owner acl that's inheritonly and appear as a
> > > creator owner acl in the explorer.
> > > 
> > > What's your setting for the parameter nfs4:mode?
> > > It sounds like you have that set to special instead of simple.
> > > 
> > > In that case the creator owner entries are mapped to the
> special:owner@
> > > entries since they do have the correct semantics which is a slight
> > > improvement over dropping them at all. They are displayed as
> inherited
> > > user entries right now but don't follow the semantics which is a
> bug in
> > > the nfs4:mode special.
> > > 
> > > > Thanks! 
> > > > Nimrod Sapir 
> > > > IBM - XIV, Israel 
> > > > NAS Development Team 
> > > > Office: +972-3-689-7763 
> > > > Cell:   +972-54-7726-320 
> > > > 
> > > 
> > > 
> 
> > Yes, this is indeed the case. I will re-try this flow with in the 
> > simple mode. Sorry for your trouble. 
> > 
> > Thanks! 
> > Nimrod 
> 
> Alexander. 
> 
> After initial testing, it seems that using simple mode indeed resolves
> the issue. According to the documentation, special mode should give
> better translation of special windows ACL. However, it seems that
> after the patch the translation is done better when using the standard
> mode (assuming the desired result is the translation being as close as
> possible to Windows->Windows sharing behavior). Do you still see any
> flows in which the special mode will give better translation when
> using the patched code? Also, is this patch expected to be added to
> the stream (3.x? 4.0?). 
> 
Hi, the special mode is still useful to get somewhat sensible unix mode
bits for an ACL on the files and folders. I'm still working on that.
Also I'm working on some smbtorture tests to verify the patches further.
And I don't think this would be included into the 3.x branches.

Cheers,
Alexander

More information about the samba-technical mailing list