Return-Path: linux-nfs-owner@vger.kernel.org Received: from hapkido.dreamhost.com ([66.33.216.122]:50708 "EHLO hapkido.dreamhost.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754135Ab2GXUCE (ORCPT ); Tue, 24 Jul 2012 16:02:04 -0400 Received: from homiemail-a86.g.dreamhost.com (caiajhbdccac.dreamhost.com [208.97.132.202]) by hapkido.dreamhost.com (Postfix) with ESMTP id 99B23167F for ; Tue, 24 Jul 2012 13:02:03 -0700 (PDT) Received: from homiemail-a86.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a86.g.dreamhost.com (Postfix) with ESMTP id 7310E36006B for ; Tue, 24 Jul 2012 13:00:58 -0700 (PDT) Received: from mail-gg0-f174.google.com (mail-gg0-f174.google.com [209.85.161.174]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a86.g.dreamhost.com (Postfix) with ESMTPSA id 453EA36006A for ; Tue, 24 Jul 2012 13:00:58 -0700 (PDT) Received: by gglu4 with SMTP id u4so7114012ggl.19 for ; Tue, 24 Jul 2012 13:00:57 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <20120724193348.GA4977@netapp.com> References: <20120724193348.GA4977@netapp.com> Date: Tue, 24 Jul 2012 15:00:57 -0500 Message-ID: Subject: Re: [nfsv4] Constructing a NFSv4 ACL from POSIX mode bits From: Nico Williams To: "Haynes, Tom" Cc: bfields@fieldses.org, linux-nfs@vger.kernel.org, nfsv4@ietf.org Content-Type: text/plain; charset=UTF-8 Sender: linux-nfs-owner@vger.kernel.org List-ID: On Tue, Jul 24, 2012 at 2:33 PM, Haynes, Tom wrote: > Bruce, > > In looking at http://tools.ietf.org/html/draft-ietf-nfsv4-acl-mapping-05, it > states that when mapping the write bit, only for the owner do we set > ACE4_WRITE_ACL. > > Back in version 00, it is open as to whether we can also set it for the > group and other if they have the write bit set. > > I looked back at the NFSv4 WG aliases and I see some discussion from Lisa > on how Solaris only ever sets it for the owner due to POSIX restrictions > via chmod(). So, now I know how another server does it. This has changed. I wrote this up here: http://cryptonector.com/2011/11/zfs-aclchmod-interactions-in-solaris-11/ IIRC all ACEs for anything other than OWNER@ (or a user of the same name/ID) contribute to the group bits of the mode, the EVERYONE@ entry contributes to the world bits of the mode, and the OWNER@ and/or user ACEs for the owner name/ID contribute to the owner bits of the mode. The new scheme is really much simpler and more natural than everything else tried before. Nico --