Current approaches to ACL handling
Alexander Werth
werth at linux.vnet.ibm.com
Mon Oct 8 05:23:25 MDT 2012
On Wed, 2012-10-03 at 13:36 -0700, Jeremy Allison wrote:
> On Wed, Oct 03, 2012 at 04:29:02PM -0400, J. Bruce Fields wrote:
> > On Wed, Oct 03, 2012 at 02:48:00PM -0500, Christopher R. Hertel wrote:
> > > On 10/03/2012 08:48 AM, J. Bruce Fields wrote:
> > > >On Mon, Oct 01, 2012 at 02:36:20PM -0500, Christopher R. Hertel wrote:
> > > >>On 10/01/2012 02:27 PM, Scott Lovenberg wrote:
> > > >>:
> > > >>>While we're all playing this game, I'll chime in with performance of a
> > > >>>userland database versus in kernel structures and extra context
> > > >>>switching. :)
> > > >>
> > > >>Hey, you get RichACLs into the kernel and we'll be happy to use 'em. :)
> > > >>
> > > >>Even if EA's in are in the file system, we still need to read them
> > > >>out and process them in userland. I think there are a few small
> > > >>dragons to be dealt with there, particularly across a cluster.
> > > >
> > > >As there are for the actual file data and normal attributes. Yes, there
> > > >may well be bugs, but they're filesystem bugs....
> > >
> > > I meant that enforcing ACLs that are stored in EAs requires reading
> > > them into userspace and enforcing them there. It's not a filesystem
> > > issue, it's a problem of synchronizing the interpretation of the
> > > meta-data between multiple processes (possibly across multiple
> > > machines) and the kernel(s).
> >
> > I thought Samba depended on the posix acl for enforcement? Or does it
> > do both?
>
> It can deny based on the Windows ACL entry, but currently
> then relies on the POSIX ACL underneath. We don't (yet)
> allow a Windows ACL allow to override POSIX. We might
> do that at some point.
>
> Jeremy.
>
In think an override of the kernel checks is necessary to get better ACL
compatibility. That's because the some of the posix operations samba
uses to execute a specific cifs call require more permissions by the
kernel than the cifs call they implement.
And the situation will get worse with the fine grained Rich ACL support
in the kernel.
For example the permission to read the permissions might not be granted
on a file but Samba will expect to be able to read and evaluate the
permissions for an open call nevertheless.
Alexander Werth
More information about the samba-technical
mailing list