[PATCH] vfs_acl_xattr: avoid setting POSIX acls if "ignore system acls" is set

Uri Simchoni uri at samba.org
Tue Mar 22 19:31:06 UTC 2016

On 03/22/2016 09:19 PM, Richard Sharpe wrote:
> On Tue, Mar 22, 2016 at 12:03 PM, Uri Simchoni <uri at samba.org> wrote:
>> On 03/22/2016 05:14 PM, Richard Sharpe wrote:
>>> Can you also remove that stupid time value that was added? It screws
>>> up ACL deduplication if you have a file system that can do that.
>>> At least it should be configurable.
>>  From brief look into the code I can't understand the purpose of the time
>> stamp (only idea that comes to mind is for extra-debugging info). I'll look
>> through the history but if someone can tell me please do so.
>> Same goes for "description" which seems (again, brief look) to be a place
>> holder for something.
>>> Actually, it should also be possible to configure V3 vs V4 formats as
>>> well.
>> Cannot see the use case for that -
>> v4 seems to be more efficient for write-once-read-many which is the common
>> case. If there's a file system in which fetching the NT ACL is faster than
>> fetching the POSIX ACL (and hence v3 would be faster for read), then I
>> suppose it is not a POSIX-like file system and should not be using
>> vfs_acl_xattr in the first place.
> I am not sure I understand this. We are using vfs_acl_xattr to store
> SDs. That it also does stuff with Posix ACLs is unwelcome from our
> point of view, however, we can live with the unused extra 64-bytes of
> has info if the time field goes away and with your extension of ignore
> system acls is adopted.
What I meant was:
1. if my extension is adopted, and ignore-system-acls is used - only v3, 
no time stamps, no description, no posix ACLs, Windows-only use-case 
happy, dedup happy.
2. What I wrote about v3 vs v4 and the need for "configurable" therefore 
relates only to the case where system ACLs are NOT ignored, and what's 
the best algorithm to sync the two - seems to me like v4 is better 
(except for the time stamp which I don't understand) and therefore 
should always be used - can't see why it should be configurable.

One other question that may come to mind is - why stop there and not use 
v1 instead, if system ACLs are ignored, that is why waste 64 bytes. The 
original reason I did it that way was some (mis-?)perception that v1 and 
v2 are "legacy" or obsolete. But even after second examination, I think 
using v3 is a way to reset the NT ACL if one later chooses to not-ignore 
system ACLs.

Hope that clears things up,

More information about the samba-technical mailing list