[RFC 00/39] Richacls (2)

Steve French smfrench at gmail.com
Sun Apr 12 21:40:39 MDT 2015 

On Sun, Apr 12, 2015 at 10:34 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Fri, 2015-03-27 at 17:49 +0100, Andreas Gruenbacher wrote:
>> Hello,
>>
>> here is an update to the richacl patch queue.  The changes since the last
>> posting (https://lwn.net/Articles/634870/) include:
>>
>> * The ACL4_ and ACE4_ prefixes used for various richacl flags were renamed
>>   to RICHACL_ and RICHACE_.  The flag values are still identical with NFSv4
>>   for flags that exist in NFSv4.
>>
>> * The code is now uid/gid namespace aware.
>>
>> * The nfs server now uses richacls as its internal acl representation;
>>   struct nfs4_acl is gone.  On the underlying file system, it uses either POSIX
>>   ACLs or richacls depending on what that file system supports.
>>
>> * The nfs client now exports NFSv4 acls as richacls in the "system.richacl"
>>   attribute instead of the nfs-specific "system.nfs4_acl" attribute, just like
>>   local file systems.
>>
>> Note that the richacl xattr format has changed from the previous version and is
>> incompatible.
>>
>>
>> The git version is available here:
>>
>>   git://git.kernel.org/pub/scm/linux/kernel/git/agruen/linux-richacl.git \
>>       richacl-2015-03-27
>>
>> For comparison, the previous version is available here:
>>
>>   git://git.kernel.org/pub/scm/linux/kernel/git/agruen/linux-richacl.git \
>>       richacl-2015-02-26
>>
>>
>> Things still to be done, or which I'm not entirely happy with:
>>
>>  * We may need to add back support for the "system.nfs4_acl" attribute
>>    on nfs mounts for backwards compatible.  Is anyone actually using that
>>    attribute?
>
> Just a heads-up, mostly for the Samba Team (hence dropping a pile of
> CC).  Samba has code that tries to use a system.nfs4acl attribute, and
> stores our own implementation of an NFSv4 ACL, using NDR in that
> attribute.  It isn't intended to be used in real systems however, I
> wrote it to then be layered on top of a fake xattr layer, for use in our
> testsuite.
>
> If at all possible, we should implement the new richacls format in IDL,
> and then change to system.richacl, as then users may be able to use this
> module in a real-world situation.
>
>>  * It would make sense for CIFS to expose Windows ACLs as richacls as well.
>>    Steve maybe?
>
> That would be really, really cool.

Yes - I plan to do this as I have time (I think it is very important,
more so for SMB3, but also for CIFS) and have also pinged Shirish
about it.



-- 
Thanks,

Steve

More information about the samba-technical mailing list