Re: FAT, NTFS, CIFS and DOS attributes

From: tridge
Date: Mon Jan 03 2005 - 21:52:59 EST

Next message: Matthew Wilcox: "Re: [PATCH][RFC] clean out old cruft from FD MCS driver"
Previous message: Paolo Ciarrocchi: "Re: starting with 2.7"
In reply to: Kyle Moffett: "Re: FAT, NTFS, CIFS and DOS attributes"
Next in thread: Kyle Moffett: "Re: FAT, NTFS, CIFS and DOS attributes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kyle,

> IMHO, it would be really nice (Although I realize this would be a
> humongous task) if there was a "Linux" ACL system supported by the
> VFS that is backwards compatible with UNIX perms, POSIX ACLs, and
> NTFS ACLs

The problem is that apps/users that care about posix ACLs and NT ACLs
tend to care about them being _exactly_ right, so half baked mappings
between the different systems don't really help much. We have learnt
this the hard way in Samba3, where we attempt to map NT ACLs to posix
ACLs on the fly, and we get a never ending stream of bug reports that
NT ACLs aren't working as expected for windows users. Thats why I
stuck the full NT ACL in an xattr for Samba4.

The plan for mapping between the systems in Samba4 goes like this:

- when a NT ACL is needed for access control, or the client asks for
the ACL via a query file info call, smbd first looks in the NTACL
xattr. If it finds it then all is well with the world.

- if the NTACL xattr isn't there, then it produces one using an
approximate mapping. The mapping for mode_t is in the function
pvfs_default_acl() in pvfs_acl.c. The mapping when there is an
existing posix ACL isn't done yet (we have a mapping for that in
Samba3, but it will be a bit different in Samba4).

- if its a file/directory create, then it also obeys the inheritance
rules, pulling the NTACL from the parent using the above method
then applying to the child.

I also plan to catch the posix ACL set call in the Samba LSM module,
and wipe the NTACL when that happens. In that case the NTACL will be
overridden by the new posix ACL.

Similarly, when a posix application asks to read the posix ACL, then a
reverse mapping would be supplied if there is a current NT ACL on the
file.

The important thing is that if your file access is either only from
unix apps that know about posix ACLs or only from windows apps that
know about NT ACLs, then you need to provide perfect lossless storage
of those native ACLs for those applications. It is only when you get a
transition from one scheme to the other on the one file that a mapping
should happen.

Cheers, Tridge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Matthew Wilcox: "Re: [PATCH][RFC] clean out old cruft from FD MCS driver"
Previous message: Paolo Ciarrocchi: "Re: starting with 2.7"
In reply to: Kyle Moffett: "Re: FAT, NTFS, CIFS and DOS attributes"
Next in thread: Kyle Moffett: "Re: FAT, NTFS, CIFS and DOS attributes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]