Server-side NFSv4 ACL support

[Christoph Hellwig]

On Tue, Aug 08, 2006 at 09:45:54PM -0500, Prasad P wrote:
>     The NFSv4 ACLs are implemented on few file systems (such as GPFS).
>     These ACLs resemble that of Windows NT's

Please stop spamming the list with requirements for propritary, illegal,
and out of tree filesystems.

>     All versions of NFS (server and client) support POSIX ACLs.  But, only
>     NFSv4 client supports NFSv4 ACLs.

That's wrong.  None of NFSv2/3/4 support POSIX ACLs out of the box.  There
is a side-band protocol defined by Sun to support them on NFSv2/3 that could
easily be adopted to NFSv4 although I don't know of any implementation that
supports them on NVFSv4 currently.  There is another sideband procotol
defined by SGI to support arbitrary extended attributes, which is only
implemented for IRIX as far as I know, although SGI released the reference
code for it under the GPL.  I wish we had support for it on Linux because
it would make life for SELinux and various desktop uses of xattrs a lot
easier.

> III. Design Considerations
> 
>     4. Map POSIX ACLs to NFSv4 ACLs

This is the only viable solution.  Having more than one different type ACL
creates lots of code and administrative horrors.

>         Pros: Minimal development time to verify the existing 
> implementation
>               and improve/correct where ever possible to reduce the
>               imperfectness.
>         Cons: Can not use full range of NFSv4 ACLs.  Weak access controls.

There is no "Weak access controls".  Posix draft ACLs are very well defined,
and used for years in practice without showing any theoretical or practical
weakness.