Re: RFC: ACLs on fusefs

In reply to: Alan Somers : "Re: RFC: ACLs on fusefs"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Tomoaki AOKI <junchoon_at_dec.sakura.ne.jp>
Date: Sat, 03 Aug 2024 22:53:39 UTC
Resent, as this didn't sent from ML system for more than 4 hrs.
To be sure, readded original recipients.

Agreed. So options a) and b) I described should not be applicable
at least for now.

Although I've described (just for completeness) option b), it should
not be accepted. Could cause severe and unrecoverable problems in the
wild. (Not noticing about lost EAs/ACLs.)

For option c), maybe we must decide what error to be returned when
underlying filesystem does not support storing requested EAs/ACLs
to notify that the user should use any kind of archivers which
supports storing wanted EAs/ACLs, or copy/move to different filesystem
that support them.

Maybe any of 13 EACCESS, 22 EINVAL, 45-47 E*NOSUPPORT, 79 EFTYPE,
87 ENOATTR?

87 seems to fit for EAs, but not for ACLs.


On Sat, 3 Aug 2024 08:59:15 -0600
Alan Somers <asomers@freebsd.org> wrote:

> Storing ACLs in hidden files is beyond the scope of what I had in
> mind.  That would be an entirely new challenge.  And it wouldn't be
> possible to do it correctly, because the file system server is still
> responsible for the inheritance of default ACLs.  For the present, all
> that I have in mind is file systems that can store ACLs natively.
> 
> On Fri, Aug 2, 2024 at 10:11$B".(BPM Tomoaki AOKI <junchoon@dec.sakura.ne.jp> wrote:
> >
> > I'm not understanding the implementation of fusefs, but possible
> > problem to be considered is the levels of suuports for EAs and ACLs of
> > each implemented filesystems.
> >
> > What I recall is the implementation of EAs on OS/2.
> > IIRC, HPFS natively supported EAs and WPS/Presentation manager-specific
> > attributes (like registry on recent Windoze).
> > To support both on FAT, OS/2 used 2 hidden system files named
> > EA_DATA.SF and WP_ROOT.SF respectively.
> >
> > What's needed to consider would be:
> >   a) Store EAs and ACLs on hidden system files with fixed name
> >      on the root directory of filesystems which don't support
> >      EAs and/or ACLs.
> >
> >   b) Silently ignore unsupportd attributes/ACLs and store supported
> >      ones only without returning error.
> >
> >   c) Error out if any of unsupported attributes/ACLs are specified.
> >
> > Maybe b) would be fatally problematic, as admins who don't understand /
> > don't want to learn about implementations in deep would missingly
> > believe every attribs/ACLs are completely and flawlessly stored even on
> > filesystems which does not support them.
> >
> > a) would be best, if ALL FUSEFS GUYS ON OTHER OS'es agree with the
> > specific filename and its internals, promissing to implement theirs as
> > such, too. Unfortunately, maybe not realistic, unless ISO/IEC or POSIX
> > mandates the support and standardize the name and formats of special
> > file.
> >
> >
> > On Fri, 2 Aug 2024 22:53:05 -0400
> > Ka Ho Ng <khng300@gmail.com> wrote:
> >
> > > Having said that, I am not sure if the FUSE protocol itself is extensible
> > > to accommodate the needs to directly implement the counterparts of our
> > > existing ACL syscalls. Otherwise XATTR tunneling for both NFSv4 and POSIX
> > > 1.e on FUSE might be the only way to go.
> > >
> > > May I know if there're any users of the XATTR approach besides the
> > > e2fsprogs/fuse2fs implementation of the EXT4 filesystem?
> > >
> > > Ka Ho
> > >
> > > On Fri, Aug 2, 2024, 22:34 Ka Ho Ng <khng300@gmail.com> wrote:
> > >
> > > > I would rather see the support of XATTR and NFSv4 ACL being two orthogonal
> > > > things, just like how it's being worked out on ZFS.
> > > >
> > > > On Fri, Aug 2, 2024, 19:58 Alan Somers <asomers@freebsd.org> wrote:
> > > >
> > > >> TLDR;
> > > >> how useful would it be if fusefs(4) could support ACLs?
> > > >>
> > > >> The current state of fusefs is that while it has full support for
> > > >> extended attributes, it lacks any support for ACLs.  If a file system
> > > >> image contains files with ACL entries, the user can look them up with
> > > >> getextattr, but they'll just look like a binary blob.  getfacl won't
> > > >> work at all.  And the file system won't be able to enforce the ACLs
> > > >> during VOP_ACCESS.
> > > >>
> > > >> Fixing this situation for posix.1e ACLs would require three things:
> > > >> * A good test suite for posix.1e ACLs.  pjdfstest has some tests, but
> > > >> it's incomplete.
> > > >> * An example file system to use for testing the kernel driver.  It
> > > >> isn't sufficient for the example file system merely to support xattrs,
> > > >> because the file system server must also enforce inheritance of
> > > >> default ACLs.
> > > >> * The actual kernel support.  Enforcing ACLs during VOP_ACCESS must be
> > > >> done within the kernel, not the server.  The important parts are
> > > >> already in sub_acl_posix1e.c.  The fusefs test suite would need a few
> > > >> more test cases for VOP_GETACL and VOP_SETACL, but wouldn't need to
> > > >> test  any of the fancy stuff, like inheritance or enforcement during
> > > >> access.
> > > >>
> > > >> Fixing the situation for NFSv4 ACLs would require the above, and also
> > > >> a small extension to the fusefs protocol.
> > > >>
> > > >> All of the above might make a good GSoC project.  But is it worth our
> > > >> time?  How many real-world users would benefit?  Alternatively, doing
> > > >> just the kernel support would be fairly easy.  That would be too small
> > > >> for GSoC.  But we could easily overlook important bugs if we don't do
> > > >> the other steps, too.
> > > >>
> > > >> So my question is: is this worthwhile?  Does anybody know of a
> > > >> real-world workload that would benefit?
> > > >>
> > > >>
> >
> >
> > --
> > Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>


-- 
Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>