[PATCH] vfs module for VxFS
Abhidnya_Joshi at symantec.com
Mon Sep 1 02:58:21 MDT 2014
Please find answers as below:
1. In your system, is there any protection to ensure that only Samba is modifying this xattr, given it has moved from the protected namespace?
-> We have restricted access to filesystem, with only CIFS and NFS.
2. If that ACL is changed, but not the ACL on the children, what happens?
->It's copy-on-write, so parent makes its own copy. All the children keep old copy of ACL, not shared with parent. Its filesystem specific, though and hence users are not affected.
Please let me know your views.
Thanks and Regards
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Monday, September 01, 2014 5:19 AM
To: Abhidnya Joshi
Cc: samba-technical at samba.org
Subject: Re: [PATCH] vfs module for VxFS
On Wed, 2014-08-27 at 05:32 -0700, Abhidnya Joshi wrote:
> Hi List,
> As part of our NAS product, we are using Samba on top of Symantec File System (VxFS).
> We are making use of acl_xattr module to interpret and store NTACLs.
> This module tries to fix 2 issues:
> 1. Presently VxFS does not support security namespace for named attrs thus, NTACLs have to be stored under user.NTACL.
In your system, is there any protection to ensure that only Samba is modifying this xattr, given it has moved from the protected namespace?
> 2. In VxFS, typically newly created file will share POSIX ACLs of its parent unless explicit ACL set call is made. POSIX ACLs are stored as an extended attr of a file/dir which uses separate inode.
> That means if there is sharing of ACLs, lesser number of Inodes. With acl_xattr, it is always explicit set ACL call after file/dir create. Thus inode number doubles!
> Our idea here is, do not set ACLs if existing POSIX ACLs are same with whatever Samba calculated as far as possible.
If that ACL is changed, but not the ACL on the children, what happens?
> Please find attached patch which adds new module for VxFS which can handle this.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical