vfs_acl_[xattr|tdb] and timestamp in ACL hash
abartlet at samba.org
Fri Dec 18 20:34:13 UTC 2020
On Fri, 2020-12-18 at 16:31 +0100, Ralph Boehme wrote:
> Hi Jeremy,
> hi Andrew,
> here comes another question related to vfs_acl_xattr.
> This is triggered by a customer request who is storing xattrs in some
> kind of database (external to Samba) and they're trying to leverage
> xattr deduping.
> They have a xattr dedupe feature in their backend such then when to
> files have the same xattr it's only stored once in the backend.
> But when using this with vfs_acl_xattr they stumbled upon the fact that
> we skew the ACL blob bash with timestamp, so even if two files have an
> identical ACL, they will have a different timestamp so the overall xattr
> blob will be different.
This is what I wrote at the time:
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Oct 10 16:36:47 2012 +1100
vfs: Implement an improved vfs_acl_common that uses the hash of the system ACL
Where supported by the system ACL backend, this avoids hashing the
result of the ACL mapping, instead hashing the original ACL,
For maximum robustness, the hash of the NT and system ACL are stored,
along with the time and a description of the system ACL. This variety
of extra metadata may assist some future implementation in determining
which hash to validate.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Christian Ambach <ambi at samba.org>
So there isn't a current, concrete reason for the time, just a thought
that one might want to somehow work out if the ACL in the xattr was
'recent' or 'current' somehow later.
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
More information about the samba-technical