[PATCH] Add tests for our NFSv4 ACL code

[Alexander Werth]

On Mon, 2013-04-29 at 08:18 +1000, Andrew Bartlett wrote:
> Can you please add clear documentation as to what specialcreator is,
> what it does differently to simple and special.  I take it that the
> migration patches are still separate, but in those we should also
> include details on how you can migrate to it?
I just realized that I've forgot to cherry-pick the README.nfs4acl
patches describing that option.
Also the README could contain a much more extensive documentation than
the man page for vfs_gpfs for example which also needs an update.
Both should be very clear that there is one recommended mode (either
nfs4:mode simple or specialcreator) which is the default.
Personally I would tend to recommend nfs4:mode simple because the mode
specialcreator can be quite slow while creating files unless the NFS4
ACL to Security Descriptor to NFS4 ACL conversion there is optimized
out.

> I'm still a little lost as to what all the different modes do, so I
> think others would be similarly confused.  I still think we should be
> able to figure out a way to just do this correctly, but that will take
> further thought and examples.
I don't think there is a correct way to do this. We are limited by the
nfs4 specs and the implementations and we have to work around this or we
limit our use cases.
If we don't have an option in samba then the only other option to get
reasonable mode bits would be an option in the nfs4 filesystems to
toggle between various nfs4 to mode bit mappings.


In either case I'm posting some wip, collecting the pro and cons of the
various nfs4:mode settings:

nfs4:mode simple

Pro
- Working inheritance
- Creator owner support with new code
- No overhead on file creation.
- Owner changes have no side effect on the ACL with the exception of a
not rewritten creator owner entry.
- Recommended option for SMB only file servers.

Con
- No Posix mode bits for file owner and group.
- Files with creator owner or creator group entries do have mode bits
after file creation but lose them by rewriting the ACL through SMB.
- Files lose mode bits applied through chmod by rewriting the ACL with
SMB.


nfs4:mode specialcreator

Pro
- Working inheritance
- Creator owner support with new code.
- Expected Posix mode bits on all files created with SMB.
- Files keep mode bits applied through chmod when rewriting the ACL with
SMB.
- Mode bit's on files created through SMB can be controlled with creator
owner and creator group entries.
- Recommended for mixed SMB/NFS file servers.

Con
- Slow file creation without special optimizations skipping the UID/GID
2 SID 2 UID/GID conversion. Maybe we could use a VFS call to read and
write nfs4 ACLs instead of using a callback?
- Additional system calls are required after file creation to update the
ACL with the mode bits. There's a slight chance that someone changes the
ACL between these calls. Relatively low risk since the rewritten ACL is
the one from before and the access with that ACL could be gained anyway
by opening thefile before the other process changes the ACL.
- Files created on nfs with inheriting ACLs might not have the expected
mode bits but could get them after rewriting the ACL through SMB.
- Additional code necessary to handle owner changes through SMB well.


nfs4:mode special

Pro
- Posix mode bits on files.
- Files keep mode bits applied through chmod when rewriting the ACL with
SMB.
- No overhead on file creation
- Compatibility: Required to read ACLs written with mode special in a
way that the written ACL and the read ACL matches.

Con
- Inheritance of ACL entries for the file owner and file group is
broken.
- Can't support creator owner and creator group entries.
- Owner changes through SMB doesn't work.


Regards,
Alexander Werth