Adding creator owner support to nfs4:mode simple.

Orlando Richards orlando.richards at ed.ac.uk
Fri Sep 21 07:44:41 MDT 2012 

Alexander Werth wrote:
 > Hi,
>
> I've been working on the NFS4 ACL code recently. It turns out that
> while "creator owner" and "creator owner group" ACEs behave pretty
> much like nfs4 inheritonly special owner@ and group@ ACEs these nfs4
> special id's are not used for that purpose by the current code.
>
> The current code uses these special id's in nfs4:mode special to
> encode the explicit user and group ACEs of the current file owner and
> group.
>
> I'd like to contribute the following patch which will use the
> special ids for the "creator" SIDs in nfs4:mode simple. Right now in
> mode simple the nfs4 special ids are interpreted as explicit ACEs of
> the current file owner and group. So it's interpreting the special
> ids as if they had been written in nfs4:mode special.
>
> This also points to a problem with the nfs4:mode special. Mapping
> the ACEs of the owner to nfs4 special ids will result in an
> inheritance behavior matching the "creator" aces and not the intended
> behavior of user aces. While this mapping to special id's is needed
> to get sensible posix mode bits the resulting inheritance behavior
> seams arbitrary and broken from a user point of view.
>
> Files written earlier with nfs4:mode special and read in nfs4:mode
> simple would now show an creator owner entry with these patches. That
> might be slightly confusing but the files actually already behave
> that way even in nfs4:mode special.
>
>
> The patch for adding creator owner support to nfs4:mode simple
> contains the following seperate commits:
> - Move params struct and reading of parameters up.
 > - Change smbacl4_get_vfs_params to use connection_struct instead of fsp.
 > - Add params parameter to smbacl4_nfs42win function
> - In nfs4:mode simple read nfs4 special owner@ and group@ ACEs as
 > "creator owner" and "creator owner group".
> - In nfs4:mode simple write "creator owner" and "creator owner group"
> as nfs4 special owner@ and group@ ACEs.
>
> I'm also working on a modified version of mode special that does use
> the inherited special ids for creator owner and uses non inheriting
> aces for the posix mode bits which builds on this change.
>
> Please share your thoughts or concerns.
>
> Cheers, Alexander Werth


Hi Alexander,

This sounds great - we've got this problem just now, and your proposal 
sounds like a perfect fix!

Did you get any further with this patch proposal?

Cheers,
Orlando.



-- 
             --
    Dr Orlando Richards
   Information Services
IT Infrastructure Division
        Unix Section
     Tel: 0131 650 4994

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

More information about the samba-technical mailing list