[PATCH] nfs4acl: Fix owner mapping with ID_TYPE_BOTH
Andrew Bartlett
abartlet at samba.org
Fri Sep 16 21:12:58 UTC 2016
On Fri, 2016-09-16 at 14:07 -0700, Jeremy Allison wrote:
> On Fri, Sep 16, 2016 at 10:45:31AM -0700, Christof Schmitt wrote:
> >
> >
> > The requirement here was to keep the owner mapping to the special
> > user
> > entry, since that has a special meaning in the gpfs file system
> > (the
> > POSIX modebits are derived from the special entries).
>
> The above does make more sense, and is more the way
> users "expect" it to work.
I agree. When I did the @owner mapping work with Alexander Worth, that
was the intention. It looks like it just has a bad interaction with
the IDMAP_BOTH stuff.
> >
> > SID history is also a topic that keeps popping up. This would
> > require
> > having the entry stored for a gid to allow access from the old and
> > new
> > SID. In theory we could get there by mapping an entry for the owner
> > SID
> > to two entries in NFS4: special user and a group entry. I am not
> > yet
> > sure what implications that would have.
>
> We do need more tests. Don't know currently what they'd
> look like right now though.
Look at posixacl.py. What we should do is set a specific NT ACL and
then assert the underlying NFSv4 (faked with the dummy implementation
then backed with tdb) ACL that is stored by unparsing it with NDR.
I'm surprised I didn't add such a test, as I was really passionate
about testing this code that way around then, and it is the natural
next step after doing the work to be able to store it as NDR...
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list