From: Sam Falkner (Sam.Falkner@Sun.COM)
Date: 12/16/04-02:23:41 PM Z
Date: Thu, 16 Dec 2004 13:23:41 -0700
From: Sam Falkner <Sam.Falkner@Sun.COM>
Subject: Re: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES
Message-id: <ii7y8fydmb6.fsf@central.sun.com>
"Halevy, Benny" <bhalevy@panasas.com> writes:
> Lisa Week wrote:
>>
>> J. Bruce Fields wrote:
>> > On Wed, Dec 15, 2004 at 03:46:36PM -0500, Halevy, Benny wrote:
>> >
>> >>Thinking about this again, the following model
>> >>makes even more sense to me:
>> >>
>> >>- everyone can always read named attributes.
>> >>- the owner can always write named attributes.
>> >>- anyone that has permission to write the file
>> >> has permission to write its named attributes.
>> >>
>> >>- permission to write named attributes applies
>> >>to the contents of named attributes as well
>> >>as to creating, removing, and renaming named
>> >>attributes.
>> >
>> >
>> > I don't know whether that makes sense.
>>
>> Agreed, those semantics don't make sense to us either.
>> For the following reasons:
>> 1.) In Solaris, it is not the default that everyone read
>> named attributes
>> 2.) The owner can't always write named attributes (if they don't have
>> write permissions on the attribute, they can't modify it)
>
> I like the model of having permissions/ACLs on the named attributes
> themselves. In Solaris what do {READ,WRITE}_NAMED_ATTRIBUTES
> control?
A Solaris server using UFS as its filesystem only has POSIX-draft
ACLs. ACE4_{READ,WRITE}_NAMED_ATTRIBUTES aren't represented at all in
these ACLs. Mapping between these two different ACL models is what
the I-D describes.
But we've taken ACE4_{READ,WRITE}_NAMED_ATTRS to mean the ability to
read or write extended attributes, as manipulated by the runat command
in Solaris.
- Sam & Lisa
_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4
This archive was generated by hypermail 2.1.2 : 03/04/05-02:13:48 AM Z CST