vfs_acl_[xattr|tdb] and timestamp in ACL hash

Andrew Bartlett abartlet at samba.org
Fri Dec 18 20:34:13 UTC 2020

On Fri, 2020-12-18 at 16:31 +0100, Ralph Boehme wrote:
> Hi Jeremy,
> hi Andrew,
> here comes another question related to vfs_acl_xattr.
> This is triggered by a customer request who is storing xattrs in some 
> kind of database (external to Samba) and they're trying to leverage 
> xattr deduping.
> They have a xattr dedupe feature in their backend such then when to 
> files have the same xattr it's only stored once in the backend.
> But when using this with vfs_acl_xattr they stumbled upon the fact that 
> we skew the ACL blob bash with timestamp, so even if two files have an 
> identical ACL, they will have a different timestamp so the overall xattr 
> blob will be different.

This is what I wrote at the time:

commit 25526ed3f590e4fa90c237a37f08bb23f449dd8c
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed Oct 10 16:36:47 2012 +1100

    vfs: Implement an improved vfs_acl_common that uses the hash of the system ACL
    Where supported by the system ACL backend, this avoids hashing the
    result of the ACL mapping, instead hashing the original ACL,
    For maximum robustness, the hash of the NT and system ACL are stored,
    along with the time and a description of the system ACL.  This variety
    of extra metadata may assist some future implementation in determining
    which hash to validate.
    Andrew Bartlett
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Christian Ambach <ambi at samba.org>

So there isn't a current, concrete reason for the time, just a thought
that one might want to somehow work out if the ACL in the xattr was
'recent' or 'current' somehow later.

Andrew Bartlett

Andrew Bartlett (he/him)        https://samba.org/~abartlet/
Samba Team Member (since 2001)  https://samba.org
Samba Developer, Catalyst IT    https://catalyst.net.nz/services/samba

More information about the samba-technical mailing list