RE: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES

From: Khan, Saadia (Saadia.Khan@netapp.com)
Date: 12/16/04-05:40:24 PM Z

• Next message: Khan, Saadia: "RE: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES"
• Previous message: J. Bruce Fields: "Re: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES"
• Maybe in reply to: Halevy, Benny: "RE: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES"
• Next in thread: J. Bruce Fields: "Re: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES"
• Reply: J. Bruce Fields: "Re: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES"

Subject: RE: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES
Date: Thu, 16 Dec 2004 15:40:24 -0800
Message-ID: <482A3FA0050D21419C269D13989C611306682EA2@lavender-fe.eng.netapp.com>
From: "Khan, Saadia" <Saadia.Khan@netapp.com>



> -----Original Message-----
> From: J. Bruce Fields [mailto:bfields@fieldses.org] 
> Sent: Thursday, December 16, 2004 3:19 PM
> To: Lisa Week
> Cc: Sam.Falkner@Sun.COM; Halevy, Benny; Gordon Waidhofer; 
> nfsv4@ietf.org
> Subject: Re: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES
> 
> 
> On Thu, Dec 16, 2004 at 04:00:51PM -0700, Lisa Week wrote:
> > J. Bruce Fields wrote:
> > >On Thu, Dec 16, 2004 at 11:42:26AM -0800, Gordon Waidhofer wrote:
> > >
> > >>The question of NFSV4_{READ|WRITE}_NAMED_ATTRIBUTES
> > >>should be deferred for as long as possible, certainly
> > >>in the near term. Why? Simply because there is unspoken discord 
> > >>about what a named attribute is.
> > >
> > >I agree about the {READ|WRITE}_NAMED_ATTRIBUTES bits.
> > >
> > 
> > Just to be clear...What are we actually saying with "The question of
> > NFSV4_{READ|WRITE}_NAMED_ATTRIBUTES should be deferred for 
> as long as 
> > possible"?  Go with the I-D interpretation?  Leave them 
> unspecified? 
> > Something else?
> 
> I think we should recommend that on posix->nfsv4 translation, 
> we create acls with neither bit set in any allow or deny ace. 

So if a server has decided that not having a bit set in the access mask
means denying it, then it will always deny read and write of named
attributes? I don't believe that NFSV4_READ_NAMED_ATTRIBUTE is something
that should be allowed to everyone.


>  On nfsv4->posix translation we should ignore that bit 
> whenever possible, that is, whenver it doesn't force us into 
> a lie.  (A Linux server, for example, will reject an acl that 
> explicitly denies WRITE_NAMED_ATTRIBUTES when WRITE is 
> explicitly allowed.)
> 
> I think that's approximately what we already agreed on?
> 
> The point is that if clients follow the current I-D then they 
> force a certain permissions model onto servers, which is 
> probably a mistake.
> 
> --b.
> 
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www1.ietf.org/mailman/listinfo/nfsv4
> 

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

• Next message: Khan, Saadia: "RE: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES"
• Previous message: J. Bruce Fields: "Re: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES"
• Maybe in reply to: Halevy, Benny: "RE: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES"
• Next in thread: J. Bruce Fields: "Re: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES"
• Reply: J. Bruce Fields: "Re: [nfsv4] NFSv4 ACLs: {READ,WRITE}_NAMED_ATTRIBUTES"

This archive was generated by hypermail 2.1.2 : 03/04/05-02:13:49 AM Z CST