Server-side NFSv4 ACL support
J. Bruce Fields
bfields at fieldses.org
Wed Aug 16 00:22:58 EDT 2006
On Tue, Aug 08, 2006 at 09:45:54PM -0500, Prasad P wrote:
> Requirements and Design Considerations for Server-side NFSv4 ACL support
So I think there's two things to work on here:
1. hooking up nfsd to Andreas' prototype implementation of native
NFSv4 ACLs. This will get us:
- the best possible support for NFSv4 ACLs, and
- better integration with Samba;
but it also
- may take a while to get mainstream acceptance, and
- may take a while to migrate people with existing
filesystems using posix acls.
So I'm still interested in
2. improving support for native posix backends. This will also
make it easier for us to migrate the client-side tools to
native nfsv4 acl tools; currently we're forced to recommend
our hacked-up posix acl-setting tools since those are the only
tools that can reliably set acls on our (overly picky) NFSv4
server.
Anyone interested in working on number 1 needs to talk to Andreas for
details; I think he's hacking away on this right now.
I've actually got some code for number 2 (very new and as yet
untested...), in the nfsd-acl branch of my git repository, at
git://linux-nfs.org/~bfields/linux.git
Or if you don't want to fool with git you can browse the patches at
http://linux-nfs.org/cgi-bin/gitweb.cgi?p=bfields-2.6.git;a=shortlog;h=nfsd-acl
I could use any help testing and debugging it.
Also, it might be worth porting the new mapping code to the client at
some point, to replace the mapping we're doing in the libacl patches
available from
http://www.citi.umich.edu/projects/nfsv4/linux/
Though maybe that's not a high priority--it's easier to just tell people
to move to a native nfsv4 acl editor on the client.
In general we could probably use better testing--tests of how acls are
enforced, how they're inherited, etc.
--b.
More information about the NFSv4
mailing list