Add option to sort dacl into canonical order in nfs4_acls
Andrew Walker
awalker at ixsystems.com
Tue Aug 27 14:49:19 UTC 2019
There are many ways that applications can write NFS4 ACL entries in a
non-canonical order per MS-DTYP 2.4.5. It would be nice to have the option
to automatically sort these into canonical order so that Windows doesn't
complain when viewing these. I'm honestly a bit torn regarding the best
path forward with this. It's easy to say "you're doing it wrong - fix your
ACLs", but I imagine that some admins would want a "stop nagging me" option.
Example of some operations resulting out-of-order ACEs:
# file: /mnt/dozer/share/inherited
# owner: root
# group: smbuser
user:smbuser:rwxpDdaARWcCos:-------:allow
owner@:rwxpDdaARWcCos:fd----I:allow
group@:rwxpDdaARWcCos:fd----I:allow
everyone@:--------------:fd----I:allow
root at freenas[/mnt/dozer]# setfacl -m u:root:full_set:fd:allow
/mnt/dozer/share/inherited
root at freenas[/mnt/dozer]# getfacl /mnt/dozer/share/inherited
# file: /mnt/dozer/share/inherited
# owner: root
# group: smbuser
user:root:rwxpDdaARWcCos:fd-----:allow
user:smbuser:rwxpDdaARWcCos:-------:allow
owner@:rwxpDdaARWcCos:fd----I:allow
group@:rwxpDdaARWcCos:fd----I:allow
everyone@:--------------:fd----I:allow
root at freenas[/mnt/dozer]# chmod 777 /mnt/dozer/share/inherited
root at freenas[/mnt/dozer]# getfacl /mnt/dozer/share/inherited
# file: /mnt/dozer/share/inherited
# owner: root
# group: smbuser
user:root:rwxpDdaARWcCos:fd-----:allow
user:smbuser:rwxpDdaARWcCos:-------:allow
owner@:rwxpDdaARWcCos:fdi---I:allow
group@:rwxpDdaARWcCos:fdi---I:allow
everyone@:--------------:fdi---I:allow
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:rwxp--a-R-c--s:-------:allow
-------------- next part --------------
A non-text attachment was scrubbed...
Name: add_sort_aces.patch
Type: text/x-patch
Size: 1398 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190827/02244f23/add_sort_aces.bin>
More information about the samba-technical
mailing list