Server-side NFSv4 ACL support

Trond Myklebust trond.myklebust at fys.uio.no
Wed Aug 9 14:19:25 EDT 2006 

On Wed, 2006-08-09 at 17:25 +0100, Christoph Hellwig wrote:

> >     All versions of NFS (server and client) support POSIX ACLs.  But, only
> >     NFSv4 client supports NFSv4 ACLs.
> 
> That's wrong.  None of NFSv2/3/4 support POSIX ACLs out of the box.  There
> is a side-band protocol defined by Sun to support them on NFSv2/3 that could
> easily be adopted to NFSv4 although I don't know of any implementation that
> supports them on NVFSv4 currently.  There is another sideband procotol
> defined by SGI to support arbitrary extended attributes, which is only
> implemented for IRIX as far as I know, although SGI released the reference
> code for it under the GPL.  I wish we had support for it on Linux because
> it would make life for SELinux and various desktop uses of xattrs a lot
> easier.

That won't help us deal with servers that implement the full NFSv4 acl
set, though. Neither will it help us deal with Windoze servers...

> > III. Design Considerations
> > 
> >     4. Map POSIX ACLs to NFSv4 ACLs
> 
> This is the only viable solution.  Having more than one different type ACL
> creates lots of code and administrative horrors.

Mapping creates worse horrors, though. There is a workshop going on in
order to work out what we need in the protocol in order to get posix
acls right.
We will _not_ be implementing another sideband protocol to NFSv4. If
posix acls cannot be integrated into the protocol somehow, then support
for them will be dropped.

> >         Pros: Minimal development time to verify the existing 
> > implementation
> >               and improve/correct where ever possible to reduce the
> >               imperfectness.
> >         Cons: Can not use full range of NFSv4 ACLs.  Weak access controls.
> 
> There is no "Weak access controls".  Posix draft ACLs are very well defined,
> and used for years in practice without showing any theoretical or practical
> weakness.

...but they are currently not supported by the NFSv4 protocol except
with very hairy mappings that weaken the ACL when you do a
read-modify-write.
One of the main issues we have is dealing with the mask (which has no
NFSv4 equivalent). The sort of hair-brained mappings that you have to
make in order to emulate its effects does make the current
posix-acls-over-NFSv4 weaker than the posix draft specification.

Cheers,
  Trond

More information about the NFSv4 mailing list